Messaging Gateway

Hi guys,

In my environment now, we got one spam email outbreak. the worst thing about it is only the top management received it.

its a blank email, no body no attachment just a subject. the sender address is using gmail domain and the username always change. 

SMG doesnt detect this email as apa spam and deliver it normally.

how to stop this issue? or how i want to trace the sender so i cant blacklist or detect who is sending it.

thanks

Have you looked a the header to see what domain or IP address is sending the email.  If you can get that then you can set up a block by domain or IP.

Sorry I see you are getting them from gmail.  disregard previous.  

To be fair, it's probably still worth taking a look at the headers to determine if this mail is coming from an actual gmail server, or some random IP addresses spoofing a gmail address.

In either case, I'd recommend logging a case with Symantec so that they are aware of the spam, so that they may look into ways of filtering these out.

In the meantime as a stop-gap, you could look into just redirecting gmail emails (depending on how many your management woyuld typically expect to receive from gmail addresses) into quarantine, and give them the ability to release the ones they believe to be legitimate.

More info on qurantine notifications below (again, as a potential stop-gap until the Symantec rules are updated):

http://www.symantec.com/docs/HOWTO92957