Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Spam: Best Practice Configuration and Prevention using ScanMail for Exchange (SMEX)

    • Updated:
    • 17 Feb 2021
    • Product/Version:
    • ScanMail for Exchange 14.0
    • Platform:
    • N/A

Know the key features you should consider to maximize Spam Prevention in your environment using ScanMail for Exchange (SMEX).


SMEX provides three main features to prevent Spam: Email Reputation, Content Scanning and Web Reputation.

Phishing detection and new spam sources detection are available options you can enable within Content Scanning.

Email reputation blocks IP addresses of known spam senders that Trend Micro maintains in a central database. There are two possible service levels:

  • Standard is a DNS single-query-based service. Your designated email server makes a DNS query to the standard reputation database server whenever an incoming email message is received from an unknown host. If the host is listed in the standard reputation database, Email reputation reports that email message as spam.
  • Advanced is a dynamic, real-time antispam solution. To provide this service, Trend Micro continuously monitors network and traffic patterns and immediately updates the dynamic reputation database as new spam sources emerge, often within minutes of the first sign of spam. As evidence of spam activity ceases, the dynamic reputation database is updated accordingly.

Like Email reputation: Standard, Email reputation: Advanced is a DNS query-based service, but two queries can be made to two different databases - the standard reputation database and the dynamic reputation database (a database updated dynamically in real time). These two databases have distinct entries (no overlapping IP addresses), allowing Trend Micro to maintain a very efficient and effective database that can quickly respond to highly dynamic sources of spam. Email reputation: Advanced has blocked more than 80% of total incoming connections (all were malicious) in customer networks. Results will vary depending on how much of your incoming email stream is spam. The more spam you receive, the higher the percentage of blocked connections you will see.

To enable this:

  1. Go to the Email Reputation screen by navigating to Spam Prevention > Email Reputation.
  2. Select Enable Email Reputation.
  3. Click Save.

Content Scanning uses detection technology based on sophisticated content processing and statistical analysis. Unlike other approaches to identifying spam, content analysis provides high performance, real-time detection that is highly adaptable, even as spammers change their techniques.

To enable and configure this:

  1. Go to the Content Scanning screen by navigating to Spam Prevention > Content Scanning.
  2. Select Enable content scanning.
  3. Click the Target tab.
  4. Select a detection level:
    • High: This is the most rigorous level of spam detection.ScanMail monitors all email messages for suspicious files or text, but there is greater chance of false positives. False positives are those email messages that ScanMailfilters as spam when they are actually legitimate email messages.
    • Medium: ScanMail monitors at a high level of spam detection with a moderate chance of filtering false positives.
    • Low: This is the default setting. This is most lenient level of spam detection. ScanMail will only filter the most obvious and common spam messages, but there is a very low chance that it will filter false positives.
  5. Add addresses to the list of Approved Senders and Blocked Senders.
  6. Click the Action tab and select action for Spam messages.
  7. Click Save.

This feature is proven to be effective especially when preventing spam and malicious emails. Web Reputation Service (WRS) and Email Reputation Service (ERS) information is used to scan email messages with URLs unknown by Trend Micro.

Content Scanning can identify new spam sources in conjunction with Web Reputation Services. After enabling detect new spam sources, ScanMail performs the following actions after receiving an email message containing a URL:

  • Web Reputation Services determines the reputation score of the URL.
  • ScanMail uses the configured internal gateway MX record or IP address lists to determine the sender IP address of the email message.
  • Email Reputation Services determines the reputation score of the sender IP address.

Content Scanning uses the reputation scores of both the URL contained in the email message and the sender IP address to determine the risk level of the email message. Enabling Web Reputation Services allows detection of new spam sources.

To enable and configure:

  1. Go to the Content Scanning screen by navigating to Spam Prevention > Content Scanning.
  2. Select Detect new spam sources to scan email messages containing URLs that may be new spam sources. You must enable Web Reputation Services to detect new spam sources.
  3. Identity your Organizational MX records or your Organizational mail gateway IP addresses:
    1. Identify your company's Organizational MX records and add the MX records to the list.
    2. Identify your company's Organizational mail gateway IP addresses and add the IP addresses to the list.
  4. Click Save.

To learn more about this feature, refer to KB 1108290 (

Phishing email feature is part of Spam Prevention Solution. Phishing is a form of identity theft in which a scammer uses an authentic-looking email from a legitimate business to trick recipients into giving out sensitive personal information, such as a credit card, bank account, Social Security numbers or other sensitive personal information. The spoofed email message urges the recipient to click on a link to update their personal profile or carry out some transaction. The link then takes the victim to a fake website where any personal or financial information entered is routed directly to the scammer.

To enable and configure:

  1. Go to Advanced Spam Prevention > Advanced Spam Prevention Settings.
  2. Select Enable Advanced Spam Prevention.
  3. Under the Target tab, enable Detect phishing in the Phishing Detection section to scan for phishing email messages.

    Detect phishing

  4. Click the Action tab and select action for phishing messages.
  5. Click Save.

Trend Micro web reputation technology helps break the infection chain by assigning websites a “reputation” based on an assessment of the trustworthiness of an URL, derived from an analysis of the domain. Web reputation protects against web-based threats including zero-day attacks, before they reach the network. Trend Micro web reputation technology tracks the lifecycle of hundreds of millions of web domains, extending proven Trend Micro anti-spam protection to the Internet.

To enable and configure:

  1. Click Web Reputation from the main menu.
  2. Click the Target tab.
  3. Select Scan the content of message attachments for suspicious URLs to include web reputation scanning within the attachments of email messages.
  4. Select one of the following security levels:
    • High: Blocks a greater number of web threats but increases the risk of false positives.
    • Medium: Blocks most web threats while keeping the false positive count low.
    • Low: Blocks fewer web threats but reduces the risk of false positives.
  5. Select Enable approved URL list to avoid scanning URLs deemed safe under your security policy.
  6. Add approved URLs to the list.
  7. Add addresses to the list of Approved Senders.
  8. Click Action tab and select action you would like to apply for messages with suspicious URL’s.
  9. Click Notification tab and select the check boxes corresponding to the people ScanMail will notify.
  10. Click Save.
Configure; Remove a Malware / Virus
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.