en-US
search-icon

Hosted Email Security 9.0 Admin Guide

Anti-Spam

Hosted Email Security uses multiple methods of detecting spam and other unwanted email. These include using specific Allowed and Blocked lists of people, domains, and mailing lists; patterns created by studying what other users mark as junk mail; and the ability to enable third-party blocked lists. This chapter reviews the configuration information for Anti-Spam:

Administrators can define multiple methods of identifying spam for your organization; users can specify their individual preferences to a lesser extent. In addition, SonicWall Hosted Email Security provides updated lists and collaborative thumbprints to aid in identifying spam and junk messages.

Spam Management

When an email comes in, the sender of the email is checked against the various allowed and blocked lists first, starting with the corporate list, then the recipient’s list, and finally the SonicWall Hosted Email Security-provided lists. If a specific sender is on the corporate blocked list but that same sender is on a user’s allowed list, the message is blocked, as the corporate settings are a higher priority than a user’s.

More detailed lists take precedence over the more general lists. For example, if a message is received from aname@domain.com and your organization’s Blocked list includes domain.com but a user’s Allowed list contains the specific email address aname@domain.com, the message is not blocked because the sender’s full address is in an Allowed list.

After all the lists are checked, if the message has not been identified as junk based on the Allowed and Blocked lists, Hosted Email Security analyzes messages’ headers and contents, and use collaborative thumb-printing to block email that contains junk.

Use the Anti-Spam > Spam Management window to select options for dealing with definite spam and likely spam. The default setting for definite spam and likely spam is to quarantine the message in the user’s Junk Box.

To manage messages marked as definite spam or likely spam:
1
Choose one of the following responses for messages marked as Definite Spam and Likely Spam:
 

Response

Effect

No Action

No action is taken for messages.

Permanently Delete

The email message is permanently deleted.

CAUTION: If you select this option, your organization risks losing wanted email. Deleted email cannot be retrieved.

Reject with SMTP error code 550

The message is rejected and responds with a 550 error code, which indicates the user’s mailbox was unavailable (for example, not found or rejected for policy reasons).

Store in Junk Box (recommended for most configurations)

The email message is stored in the Junk Box. It can be unjunked by users and administrators with appropriate permissions. This option is the recommended setting.

Send To

Forward the email message for review to the specified email address. For example, you could “Send To [postmaster].”

Tag With

The email is tagged with a term in the subject line, for example [SPAM]. Selecting this option allows the user to have control of the email and can junk it if it is unwanted.

Add X-Header: X-

This option adds an X-Header to the email with the key and value specified to the email message. The first text field defines the X-Header. The second text field is the value of the X-Header.

For example, a header of type “X-EMSJudgedThisEmail” with value “DefiniteSpam” results in the email header as:
“X-EMSJudgedThisEmail:DefiniteSpam”

2
Select the Accept Automated Allowed List check box to allow automated lists that are created by User Profiles to prevent spam.

With this feature enabled, User Profiles analyze the recipients of emails from members of your organization and automatically added them to Allowed Lists. This helps reduce the false positives, which are good email messages judged as junk. This feature can be configured globally, for particular groups, or for specific users. SonicWall recommends enabling this feature.

 
* 
NOTE: If this check box is unchecked in the Corporate, Group, or User windows, User Profiles have no effect.
3
Select the Skip spam analysis for internal email check box to exclude internal emails from spam analysis, resulting in a reduced amount of false positives.

If you are routing internal mail through the Hosted Email Security product, SonicWall recommends that you enable this feature.

4
Select the Allow users to delete junk email check box to allow users to control the delete button on individual junk boxes.
 
* 
NOTE: Leave this check box unchecked if you have an extended away/out of the office message turned on so that your auto-reply does not automatically place all recipients on your Allowed list.
5
Click Apply Changes to save.

Address Books

The Anti-Spam > Address Books page enables you to allow or block people, companies, mailing lists or IP addresses from sending you email. The page shows a compilation of allowed and blocked senders from your organization’s lists and lists provided by default.

If you attempt to add your own email address or your organization’s domain, SonicWall Hosted Email Security displays a warning. A user’s email address is not automatically added to the allowed list because spammers sometimes use a recipient’s own email address. Leaving the address off the allowed list does not prevent users from emailing themselves, but their emails are evaluated to determine if they are junk.

Using the Search Field

To search for an address, enter all or part of the email address in the Search field. For example, entering sale displays sales@domain.com as well as forsale@domain.com. Narrow your search by selecting the People, Companies, Lists, or IPs check box(es) below the Search field. Click Go to perform the search.

Adding People, Companies, Lists, or IPs

To add People, Companies, Lists, or IPs to the Allowed or Blocked lists:
1
From the Anti-Spam > Address Books page, click the Allowed or Blocked tab.
2
Click the Add button.

3
Select the list type (People, Companies, Lists, IPs) from the drop down menu.
4
Enter one or more addresses to the text field. Separate multiple addresses with a carriage return.
5
Click Add to save the changes.

When adding addresses, consider the following:

You cannot put an address in both the Allowed and Blocked list simultaneously. If you add an address in one list that already exists on the other, it is removed from the first one.
SonicWall Hosted Email Security warns you if you attempt to add your own email address or your own organization.
Email addresses are not case-sensitive; SonicWall Hosted Email Security converts the address to lowercase.
You can allow and block email messages from entire domains. If you do business with certain domains regularly, you can add the domain to the Allowed list; SonicWall Hosted Email Security allows all users from that domain to send email. Similarly, if you have a domain you want to block, enter it here and all users from that domain are blocked.
Hosted Email Security does not support adding top-level domain names such as .gov or .abc to the Allowed and Blocked lists.
Mailing list email messages are handled differently than individuals and domains because SonicWall Hosted Email Security looks at the recipient’s address rather than the sender’s. Because many mailing list messages appear spam-like, entering mailing list addresses prevents mis-classified messages.

Deleting People, Companies, Lists, or IPs

To delete people, companies, lists, or IPs from your Address Books:
1
From the Anti-Spam > Address Books page, click the Allowed or Blocked tab.
2
Select the check box next to the address(es) you want to delete.
3
Click the Delete button.

Import Address Book

You can also import an address book that already has multiple addresses. Note that users and secondary domains should be added prior to importing their respective address books.

The Address Book file for import must follow specific formatting to ensure successful importing:

<TAB> delimiter between data
<CR> to separate entries

Each address book entry must include each of the following:

Identifier—Specified as <email address / primary domain>
Domain / List / Email—Specified as D / L / E
Allowed / Blocked—Specified as A / B
Address List—Specified as abc@domain.com, example.com

See the following examples:

EmailID<TAB>E<TAB>A<TAB>email1@company.com,email2@company.com<CR>

Domain<TAB>L<TAB>B<TAB>list1@company.com,list2@company.com<CR>

To import Address Books:
1
From the Anti-Spam > Address Books page, click the Import button on either the Allowed or Blocked tabs.
2
Click the Choose File button. Select the correct file from your system.
3
Click the Import button.

Anti-Spam Aggressiveness

The Anti-Spam > Anti-Spam Aggressiveness page allows you to tailor the SonicWall SonicWall Hosted Email Security product to your organization’s preferences. Configuring this window is optional.

SonicWall SonicWall Hosted Email Security recommends using the default setting of Medium unless you require specific types of spam blocking. This section includes the following subsections:

Configuring GRID Network Aggressiveness

The GRID Network Aggressiveness technique determines the degree to which you want to use SonicWall’s collaborative database. SonicWall Hosted Email Security maintains a database of junk mail identified by the entire user community. You can customize the level of community input on your corporate spam blocking. Selecting a stronger setting makes SonicWall Hosted Email Security more likely more responsive to other users who mark a message as spam.

Use the following settings to specify how stringently SonicWall Hosted Email Security evaluates messages:

If you choose Mildest, you receive a large amount of questionable email in your mailbox. This is the lightest level of Anti-Spam Aggressiveness.
If you choose Mild, you are likely to receive more questionable email in your mailbox and receive less email in the Junk Box. This can cause you to spend more time weeding through unwanted email from your personal mailbox.
If you choose Medium, you accept SonicWall Hosted Email Security’s spam-blocking evaluation.
If you choose Strong, SonicWall Hosted Email Security rules out greater amounts of spam for you. This can create a slightly higher probability of good email messages in your Junk Box.
If you choose Strongest, SonicWall Hosted Email Security heavily filters out spam. This creates an even higher probability of good email messages in your Junk Box.

Configuring Adversarial Bayesian Aggressiveness Settings

The Adversarial Bayesian technique refers to SonicWall SonicWall Hosted Email Security’s statistical engine that analyzes messages for many of the spam characteristics. This is the high-level setting for the Rules portion of spam blocking and lets you choose where you want to be in the continuum of choice and volume of email. This setting determines the threshold for how likely an email message is to be identified as junk email.

Use the following settings to specify how stringently SonicWall SonicWall Hosted Email Security evaluates messages:

If you choose Mildest, you receive a large amount of questionable email in your mailbox. This is the lightest level of Anti-Spam Aggressiveness.
If you choose Mild, you are likely to receive more questionable email in your mailbox and receive less email in the Junk Box. This can cause you to spend more time weeding through unwanted email from your personal mailbox.
If you choose Medium, you accept SonicWall Hosted Email Security’s spam-blocking evaluation.
If you choose Strong, SonicWall Hosted Email Security rules out greater amounts of spam for you. This can create a slightly higher probability of good email messages in your Junk Box.
If you choose Strongest, SonicWall Hosted Email Security heavily filters out spam. This creates an even higher probability of good email messages in your Junk Box.

Unjunking Spam

Select the Allow users to unjunk spam check box if you want to enable users to unjunk spam messages. If left unchecked, users cannot unjunk spam messages.

Category Settings

You can determine how aggressively to block particular types of spam, including sexual content, offensive language, get rich quick, gambling, bulk emails, and images.

For each type of spam:

Check the Allow Unjunk box if you want allow users to unjunk certain types of email.
Choose Mildest to be able to view most of the emails that contain terms that relate to these topics.
Choose Mild to be able to view email that contains terms that relate to these topics.
Choose Medium to cause SonicWall Hosted Email Security to tag this email as likely junk.
Choose Strong to make it more likely that email with this content is junked.
Choose Strongest to make it certain that email with this content is junked.

For example, the administrator may decide that they want to receive no email with sexual content by selecting Strong. They might be less concerned about receiving bulk emails and select Mild.

Be sure to select Apply Changes to save the settings or select Reset to Defaults to go back to the prior settings.

Languages

From the Anti-Spam > Languages page, you can allow, block, or enter no opinion on email messages in various languages. If you select No opinion, Hosted Email Security judges the content of the email message based on the modules that are installed. After configuring Language settings, click the Apply Changes button.

 
* 
NOTE: Some spam email messages are seen in English with a background encoded in different character sets such as Cyrillic, Baltic, or Turkish. This is done by spammers to bypass the anti-spam mechanism that only scans for words in English. In general, unless used, it is recommended to exclude these character sets. Common languages such as Spanish and German are normally not blocked.