Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Troubleshooting guide for spam mails not filtered by Hosted Email Security (HES)

    • Updated:
    • 4 Aug 2016
    • Product/Version:
    • Hosted Email Security 2.0
    • Hosted Email Security 2.0
    • Platform:
    • Not Applicable N/A
Summary

Identify the important items to check when you still receive spams or when spam mails are not detected by HES even after redirecting MX records to HES.

Details
Public

Check the following:

  • Make sure that ALL DNS MX records are redirected to the correct HES / HES - Inbound Filtering MX records. Otherwise, MX records that are not redirected to HES / HES - Inbound Filtering may directly receive mails that are not scanned by HES / HES - Inbound Filtering.
  • If a corporate firewall is present, configure the firewall to only allow SMTP traffic coming from HES / HES - Inbound Filtering IP ranges.
  • Increase the "Aggressiveness" of the Dynamic IP Reputation Settings in the HES / HES - Inbound Filtering console under Inbound Protection > IP Reputation > Settings.

    For example:

    HES Inbound Filtering console

    Click the image to enlarge.

    Increase Aggressiveness of Dynamic IP Reputation Settings

    Click the image to enlarge.

  • HES subscribers can increase the spam sensitivity level of "Spam or Phish" policy. To do this:

    1. Log on to the HES / HES - Inbound Filtering console.
    2. Go to Inbound Protection > Policy > Spam or Phish rule > And Message Attributes Match.

      • Make sure that the mail sender address of the spam is not in the Approved Senders list of the receiving domain. Approving a sender allows mails coming from the address to bypass ERS and content-based spam scanning.
      • Make sure that the mail sender address of the spam is not in the Web EUQ Approved Senders list of the recipient.
      • Make sure that the mail sender address is not in the Exceptions of the Spam or Phish policy.
      • Make sure that the "Spam or Phish" policy has either Delete or Quarantine action.
      • Receive emails only for valid recipients by using Directory Management or Active Directory Sync Client.
    3. Block the sender by using Blocked Senders under Inbound Protection.

      Blocked Sender

      A sender can be a specific email address or all senders from a domain.

      Valid formats:

      *@example.com
      *@server.example.com
      *@*.example.com

      Invalid formats:

      *@*
      *@*.com
      name@*.example.com


    If the issue persists, submit spam samples to Trend Micro Support:

    Spam Submission Guidelines

    • The spam sample should be in .msg or .eml format.
    • The spam sample should be the original mail, not forwarded mails, since forwarded mails do not contain the original email contents and may contain customer-related information that could lead to False Positives. Original Spam Mail can be obtained by following the steps below:
      1. Create a folder.
      2. Drag all undetected spam samples to the created folder.
      3. Place the undetected spam samples in a zip file and password-protect it using the word "novirus" (without the quotation marks).
      4. Send the zip file.

    Available Channels for Submission

    To nominate a known spam source IP to ERS, visit the MAPS Lookup Tool.

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1052815
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.