Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

How to filtering out HTML spams?

Updated: 21 May 2010 | 4 comments
infotipp's picture
infotipp
0 0 Votes
Login to vote

We have unwanted messages - approx. 1000 by day - we cannot catch them. These spams have tipically the following characteristics:

  • RDNS fails
  • the body contains only HTML tags (img src, href)
  • tipically Chinese pharma spams
  • no plain text content
  • IP of the sender is changing - probably DNS pool
  • sender address: xyz@hotmail.com, xyz@yahoo.com - where xyz is random generated string
  • contains only remote image with link

Step by step description needed... General theoretical solutions do not help me.

Thanks,
Ferenc

discussion Filed Under:
, , , , , ,

Comments

Ian McShane's picture
16
Nov
2009
1 Vote +1
Login to vote
Ian McShane
Symantec Employee
Accredited

More detail

Hi,

Firstly, you'll need to let us know what version of Brightmail Gateway you have running here.
Secondly, this sounds pretty serious (1000s of messages) so, rather than wait for a response here you might be better served with a support case where they'll be able to look at some samples of the messages you see.

thanks,

//ian

Amanda Grady's picture
16
Nov
2009
1 Vote +1
Login to vote
Amanda Grady
Symantec Employee

Which version of the Symantec Brightmail Gateway?

Hi,

Are you looking to write a custom rule to block these messages? As these types of messages are sent from spam bot IPs all over the world with highly randomised content from message to message, this is not a practical solution.

Which version of the Symantec Brightmail Gateway are you running? If you're not already on version 8, I would recommend upgrading so that you can take advantage of the Adaptive Reputation Management and expanded Global Bad Senders list to block as many of these messages as possible at connection time. For more details see https://www-secure.symantec.com/connect/articles/i...

Amanda

infotipp's picture
16
Nov
2009
0 Votes 0
Login to vote
infotipp

Hi, we are using the latest

Hi,

we are using the latest 8.0.3 version.

Add. info:
the filtered domain is quite old - approx 10 years old - and they have 200 mail addresses. The daily traffic 25.000 inbound mails - 95% spam.
The system is working perfectly - only HTML spams are going through.
We have an IP block list with 150 addresses, 3 dictionnaries with more thousand expressions - and everything is ok.

Only the HTML spams...

Thanks,

ferenc

Frankenstein's picture
17
Nov
2009
0 Votes 0
Login to vote
Frankenstein

Manually submitting spam to the Security Response Center

Hi,

i would suggest sending some samples to Symantec:
http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2005012415180263
See "Missed Spam Submissions"

Frank

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
259,052