New disposition verdicts feature available with Symantec Messaging Gateway (SMG) 9.5

Article:TECH154444  |  Created: 2011-02-28  |  Updated: 2013-10-14  |  Article URL http://www.symantec.com/docs/TECH154444
Article Type
Technical Solution


Issue



This document explains the new dispositions verdicts feature and how customers can utilize this in their environment to control antispam aggressiveness when filtering messages. Topics covered in this document are: definition of each new verdicts, explanation of options available to customers when configuring the new dispositions verdicts feature, and frequently asked questions.


Solution



What is New Dispositions Verdicts Feature?


New Dispositions Verdicts feature allows customers to aggressively filter select mailings that are often considered unwanted. In addition, these rules can be applied on a group level, giving more control to mail administrators.

Definitions of each verdict are below:
  • Newsletter: This rule set contains rules that target known newsletters that may be considered legitimate by many parties. Newsletters are defined as a publication which sends content on a specific category or topic that a user has signed up for, on a known periodic basis, e.g. weekly or monthly. The newsletters targeted by these filters may contain valid opt out processes and follow best practices, however for a certain subset of customers there is a desire to have these messages blocked by content filtering rather than working through unsubscribe processes. Examples of this could be technical, travel or job search newsletters or forums that a user has signed up for and no longer wants to receive. An example of this type of email would be ‘Weekly Events Summary - January 13th, 2010’
     
  • Marketing Mail: These filters aggressively target mailings from senders that may be legitimate to some users but practice mailing techniques that may be opaque to the end user and may not provide responsible opt out policies. Normally these mailings are not blocked as they often adhere to the letter of the can spam act, and are not considered spam. Examples would be mailings that a user is signed up for because they signed up for something else, or their email address appeared on the internet in relation to a particular domain that the sender thinks the user would be interested in receiving additional information for. Examples of this type of mail would be ‘Your email address is associated with the IT domain so we are sending you a mailing about our new software’.
     
  • Suspicious URL: These filters would target problem URLs like freeweb or URL Shorteners that are being abused by spammers.  Some examples would be groups.google.com or tinyurl.com

 

Why enable the New Dispositions Verdicts Feature?
New Dispositions Verdicts feature is designed to give more control to customers in blocking unwanted content. There is a risk/reward situation when it comes to utilizing the new rules.  The table below displays the pros/cons in leveraging this feature and should be taken into account.

Pro
Con
Opted in by the customer and can be always turned on/ off.
Unwanted messages, such as bulk and newsletter emails, may reach users’ inboxes.
Can include/exclude certain users from group affected by new disposition verdicts rules.
There may be other users in the organization that may want to receive unwanted messages that are now being blocked.
Zero-day spam messages with new URL shortners can be filtered effectively.
Some legitimate messages with URL shortners (often found in signatures) can be blocked.



Frequently Asked Questions

Q: What can be done if a “ false positive” occurs?
A: Symantec does not consider this as a true false positive. All three rulesets are optional features that customers opt into at their own discretion. If you encounter such a “false positive”, you can do any of the following:
  • Opt out the recipient from a group of users opted into the ruleset
  • Disable the feature
Q: How can I test the new dispositions?

Q: How can I submit newsletter/marketing/suspicious URL messages to Symantec?
A: Send the spam message as an email attachment to the appropriate address for your region:

Americas: gsubmit@submit-1.brightmail.com
EMEA: eurosubmit@submit-23.brightmail.com
APAC: apacsubmit@submit-22.brightmail.com
Japan: jpnsubmit@submit-47.brightmail.com

Also see Manually submitting spam and false positives to Symantec Security Response Center: http://www.symantec.com/docs/TECH83081

 
While Symantec makes best effort to incorporate the valuable feedback into filter creation process, Symantec does not guarantee a filter creation for each submission made into respective addresses. Please note that submissions should go to respective addresses, depending on type as defined above.




Article URL http://www.symantec.com/docs/TECH154444


Terms of use for this information are found in Legal Notices