Spam - The continuing battle!

Problem reported by YS Tech - Today at 2:41 AM

Submitted

As AI takes over the world, spam is becoming more of an issue. In the recent months i've seen a massive upturn in spam. Quite a lot of it being caught by my filters but also a lot getting through.

One big issue is that SM doesn't give me a multi-level approach to filtering, if it marks it as spam then that's it, it doesn't do any of your other filters.

It would be really handy if it would go through all of the processes as that would allow me to properly manage the ones caught in spam.

e.g. If an "Omaha Steaks" email comes in and its picked up as spam, it gets put into the spam folder, along with the other 100's of the same email, If I then have a content filter that says delete anything with "Omaha Steaks" or all the other spellings of it, then i would have all those spam emails filling up the spam folders.

It's getting harder to sift out the small amount of false positives in this massive forest of spam.

How is everyone dealing with this, are you all sitting there for an hour in the morning going through your spam folder?

Also what are the latest recommended spam settings, I know we have this one: https://portal.smartertools.com/kb/a2734/recommended-spam-settings.aspx but that was created in 2013 and only updated in 2023. A lot has changed since then.

2 Replies

Reply to Thread

terry fairbrother Replied

Today at 4:18 AM

My recent approach which appears to be working well is to rely on routing rules first then custom spam filters 2nd.

My rules are

so rules top to bottom...

ignore first two, they are for inhouse auditing

OKOKOK... these are domain and emails that are known safe senders. Rule bypasses the rest of the filters

BOPBOPBOP... uses common phrases that the end users will send. rule bypasses the rest of the filters

CNN - currently experimental

delete - this is the known bad phrases and keywords, such as walmat steak CVS lowes Sams etc. instant delete

delete1 - testing out phrases until they are known to work without false positives then are moved to 'delete'

bounce - our use

last three, general phrases / domain names / emails etc to go to quarantine

Reason I have some rules in CAPs is that they stand out better in the routing rules logs.

so now I have a quarantine folder filling up...

I have requested a feature to add a subject line column to make search easier, but for the time being, I use Thunderbird and the "ImportExportToolsNG" addin to export the quarantine folder to the spam mailbox. I can import either by day or all folders. I tend to just go by day

which imports the emails

from here, I can see any false positives. If any are found, they are added the OKOKOK rule and then are resent from the quarantine. if the OKOKOK rule is set correctly, the email will continue to the end user.

Anything that still gets through then hit the spam checks..

again, trusted senders are given a very high weight to counter any RspamD weights and to also add weight where needed.

Next, the content filters look at the emails weight and if it's high, it's redirected to the spam@ mailbox. If it's medium, it goes to the end user with the subject prepended with [Junk E-Mail]

we are a low volume of emails, maybe 5000 or so a day across 103 mailboxes. The number of spam emails that get all the way to the end users are maybe 10 per week and they fwd those to me so that I update the filters.

However, my approach is still hands on. I need to check the quarantine daily, but it's a 5 minute job to review and update.

YS Tech Replied

Today at 5:28 AM

Thanks for that Terry, very helpful. I think we are of a similar size albeit mine is probably double yours but still not large scale by any means. I'd not even considered using routing rules!

I'll look imto this area.

Back to Community Threads

Please leave this box unchecked

Reply to Thread

Enter the verification text