Identify the important items to check when you still receive spams or when spam mails are not detected by HES even after redirecting MX records to HES.
Check the following:
- Make sure that ALL DNS MX records are redirected to the correct HES / HES - Inbound Filtering MX records. Otherwise, MX records that are not redirected to HES / HES - Inbound Filtering may directly receive mails that are not scanned by HES / HES - Inbound Filtering.
- If a corporate firewall is present, configure the firewall to only allow SMTP traffic coming from HES / HES - Inbound Filtering IP ranges.
Increase the "Aggressiveness" of the Dynamic IP Reputation Settings in the HES / HES - Inbound Filtering console under Inbound Protection > IP Reputation > Settings.
HES subscribers can increase the spam sensitivity level of "Spam or Phish" policy. To do this:
- Log on to the HES / HES - Inbound Filtering console.
Go to Inbound Protection > Policy > Spam or Phish rule > And Message Attributes Match.
- Make sure that the mail sender address of the spam is not in the Approved Senders list of the receiving domain. Approving a sender allows mails coming from the address to bypass ERS and content-based spam scanning.
- Make sure that the mail sender address of the spam is not in the Web EUQ Approved Senders list of the recipient.
- Make sure that the mail sender address is not in the Exceptions of the Spam or Phish policy.
- Make sure that the "Spam or Phish" policy has either Delete or Quarantine action.
- Receive emails only for valid recipients by using Directory Management or Active Directory Sync Client.
- Block the sender by using Blocked Senders under Inbound Protection.
A sender can be a specific email address or all senders from a domain.
If the issue persists, submit spam samples to Trend Micro Support:
Spam Submission Guidelines
- The spam sample should be in .msg or .eml format.
- The spam sample should be the original mail, not forwarded mails, since forwarded mails do not contain the original email contents and may contain customer-related information that could lead to False Positives. Original Spam Mail can be obtained by following the steps below:
- Create a folder.
- Drag all undetected spam samples to the created folder.
- Place the undetected spam samples in a zip file and password-protect it using the word "novirus" (without the quotation marks).
- Send the zip file.
Available Channels for Submission
To submit false positive or false negative spam samples, contact Trend Micro Technical Support.
To nominate a known spam source IP to ERS, visit the MAPS Lookup Tool.