@Amanda:
I have the following configuration under the reputation section of the appliance:
Local Good Sender Domains - none configured
Local Good Sender IPs - One entry configured - 207.102.122.196 - this does not match the source of the spam
Third Party Good Senders - none configured
Symantec Global Good Senders - enabled, default configuration
Fastpass - enabled, default configuration
I myself personally have no whitelist configured on the appliance for my email address. I have one entry in my personal blacklist.
Message Audit Log Entry:
Message Data |
|
ID: |
c0a8cc06-b7c27ae000002466-43-4b704e517172 |
|
Message-ID: |
<2010185854.098545a09b@host108-25-static.231-95-b.business.telecomitalia.it> |
|
Tracker: |
AAAABAEWYfYSuTijErk4tBK9jmw= |
|
Accepted From: |
95.231.25.108 |
|
Scanners: |
Symantec Brightmail Gateway |
|
Time accepted: |
Monday, Feb 08, 2010 09:48:01 AM PST |
|
Direction: |
Inbound |
|
Sender: |
noreply@message.myspace.com |
|
Original recipients: |
firstname.lastname@domain.com |
|
Original Subject: |
__percocet-adderall-vicodin.es-brand ritalin__ |
|
Full attachment list: |
None |
|
Suspect attachments: |
None |
Recipient Data |
|
Intended recipient: |
firstname.lastname@domain.com |
|
|
|
Verdict: |
|
|
|
|
Actions taken: |
Deliver message normally |
|
|
|
Delivery: |
Delivered To |
Delivery Time |
10.x.x.x |
Monday, Feb 08, 2010 09:48:03 AM PST |
|
|
|
|
Untested verdicts: |
Suspected spam, Message was sent from a suspect spammer, Locally identified suspected virus, Suspected virus, Content Compliance violation: Delete Executable Files Violations, Content Compliance violation: Delete Email Policy Violations, Content Compliance violation: Legal Disclaimer, Content Compliance violation: Delete True Type Executable Files Violations, Unknown recipient, Connection Class, Default Connection Class, Connection Class 1, Connection Class 2, Connection Class 3, Connection Class 4, Connection Class 5, Connection Class 6, Connection Class 7, Connection Class 8, Connection Class 9, Bounce attack signature present, Known language |
|
|
|
Other recipients: |
|
|
|
|
Upon reviewing these results, I realized that I myself am set up with a different set of spam policies than the rest of the organization. Under the administration tab > groups, I personally have the following spam actions configured:
Email |
|
|
|
|
|
Inbound email antispam policy: |
|
|
|
|
Inbound email suspected spam policy: |
|
|
|
|
The rest of the organization has the inbound email antispam policy configured as "delete message"
What I find interesting, is why the message was delivered normally to my mailbox, instead of quarantined.