About submitting messages for customer-specific spam rules

Article:HOWTO77718  |  Created: 2012-08-20  |  Updated: 2012-08-20  |  Article URL http://www.symantec.com/docs/HOWTO77718
Article Type
How To



About submitting messages for customer-specific spam rules

You can obtain custom spam rules specifically for your organization based on the missed spam messages and false positive messages that administrators and end users submit.

This feature provides the following benefits:

  • It improves Symantec Messaging Gateway's ability to detect spam and helps administrators control false positive incidents.

  • It makes it easier to submit missed spam messages or false positive messages to Symantec for analysis and ruleset creation.

  • It provides visibility into the submission status and ruleset creation.

See How rules are created and why messages may not result in custom rules.

When you configure this feature, administrators and end users can submit email messages to Symantec as missed spam or false positives. Within minutes, Symantec creates a custom ruleset. The conduit obtains the ruleset, which is then applied to each configured Scanner.

See Setting up customer-specific spam submissions.

If you want to use the customer-specific spam submission feature, you must obtain a submitter ID. The submitter ID ensures that custom rules are available only to those Scanners that a given Control Center manages.

See Provisioning the submitter ID for customer-specific spam submissions.

Symantec Messaging Gateway lets you specify who can submit messages for custom rules. Alternatively, you can specify who cannot submit messages. Restricted users' messages are submitted, but their messages are not considered for custom rules. Restricted users' submissions appear in reports as Blocked.

See Specifying who can submit messages for customer-specific rules.

You can create the spam policies that take the action that you specify on messages Symantec Messaging Gateway detects based on custom rules. For example, you can create a spam policy in which the condition is If a message is customer-specific spam and the action is Create a quarantine incident. This action lets you monitor the messages that violated the custom rules to monitor the rules' effectiveness and to help you troubleshoot issues.

See Creating the policies that detect spam and unwanted email.

You can view the status of your spam submissions on the Status > Submission > Submission Detail page. The Control Center dashboard contains information about the submission service as well as your customer-specific rules. Spam submission data can also be included in reports.

See Monitoring your spam email submissions.

See About the Dashboard.

See Report types.

There may be an instance in which you want to disable this feature and remove all of the customer spam submission data. Or you might want to delete all of the existing rules and start with new ones. Symantec Messaging Gateway lets you delete all customer spam submission data. This data includes the submitter ID, all related rules, email addresses in the submitters list, reporting information, and so on. Once this data is deleted, however, it cannot be retrieved or restored.

See Deleting customer-specific spam data.

Symantec considers all messages that are submitted as Spam or NOT Spam for global rules regardless of whether the customer-specific spam submission feature is enabled. By default, the customer-spam submissions feature is disabled. When you enable this feature, all of the messages that are submitted are considered for customer-specific rule generation. In addition, false positives can result in the elimination of a rule. If you disable the feature, messages that are submitted are still considered for customer-specific rule generation or rule elimination. Symantec continues to create new rules, but the new rules are not deployed. Customer-specific spam filtering policies are restricted to apply these rules against mail flow. If you enable the feature again, the rules that Symantec delivers change from the previous state when the feature was initially disabled. Customer-specific spam filtering policies are enabled, and these policies apply the latest customer-specific rules. If you delete all submission data, all of the messages that are submitted are considered only for global rule generation or rule elimination.

BodyHash rules are highly accurate because they target the precise fingerprints of an email message. BodyHash rules are particularly effective in combating the short messages and repeated messages that spammers and other attackers use.

BrightSig3 rules adapt to spammer attempts to randomize and obfuscate malicious email. These rules target the messages that have statistical similarity with a sample message. They are particularly effective combating spam attacks where there is significant similarity between messages. These rules employ fuzzy logic algorithms to defeat the spammer who attempts to use obfuscation and variation techniques to evade more traditional signatures.

The combination of BodyHash and BrightSig3 rules provide a highly effective shield against attackers who use short messages or attacks where spammers use various attack obfuscation techniques. These technologies represent two of over 20 different technologies that Symantec uses to secure the global email threat vector. Users of the customer-specific spam rules have the supplemental protection of additional BodyHash and BrightSig3 rules. Together, these rules are targeted specifically to the threats that individual organizations typically see.

To enable, set up, modify, or delete spam submission settings, you must have Full Administration or modify privileges for Manage Spam Submissions.

See Administrator rights.

Legacy ID


Article URL http://www.symantec.com/docs/HOWTO77718

Terms of use for this information are found in Legal Notices