Messaging Gateway

I have been running Symantec Messaging Gateway 9.5 for going on almost 2 months now and my Bad Reputation message count has always been a very low number if none at all the entire time.  But I noticed the end of last week that for the first time my Bad Reputation Connection Classification count has drastically shot through the roof averaging around 12,000-13,000 message counts within a 24 hour time frame.  In all honesty I don't fully understand exactly how the Connection Classification works or if this is normal behavior.  I have noticed no additional spam emails coming in nor any other odd behavior, but to me 13,000 bad reputation connection classification counts seems extremely high and I would like to find out what this is exactly entailing and if I should raise concern or not.  I know that the Connection Classification has a "learning period," but it seems odd that I went from a count of zero to all of a sudden 13,000 within a day and it has been consistent ever since last week on a daily basis.  Any help and/or information on this topic greatly be appreciated and I have attached a snapshot of my report.

It does take some time for the connection classification to get a good feel for your environment. This is expected behaviour.

It could also be that someone has suddenly taken interest in your mail server or one of your users' email addresses got put into some list somewhere.

Is there any way to determine if I am getting drastically spammed or if it is indeed the Connection Classification doing it's job and getting a feel for everything?

hi,

Has the total percentage of threat messages or the number of clean messages being delivered changed? If these numbers are consistent (especially the second one), it would seem that there is simply a shift from blocking these messages later at content scanning time, to connection time based on these IPs historically sending spam to your environment.

I noticed that you do not have any Symantec Global Bad Senders reputation verdicts. I would recommend turning this feature on to block even more spam at connection time - this will lead to increased spam detection, better performance and eliminate spam before it enters your messaging environment.

Hope that helps,

Amanda

The total percentage for both has increased a lot since I started noticing this increase about a week ago.  Before, the Bad Reputation count was zero, now it and the total clean messages has rose drastically but it seems that every day/hour seems to be consistent and roughly the same from one to the next and has been that way ever since it started, which all this literally started happening within one day and never stopped.  I was also wondering about my Symantec Global Bad Senders verdicts always being zero because I have had this enabled since I first implemented the gateway shown below:

Since it has been enabled this entire time why have I always shown zero verdicts when it should be working?  

hi,

If the number of clean messages has not decreased, then there is no reason to suspect that legitimate email is erroneously being blocked.

You may want to check the admin guide to ensure Global Bad Senders is set up correctly.

Amanda