Guide to Spam Scanning and Troubleshooting

Introduction to Spam Scanning

Spam scanning is a critical component of email security and business continuity. It helps prevent large volumes of unwanted emails from reaching user inboxes, protecting against potential security threats and maintaining productivity. Effective spam scanning involves multiple layers of protection and ongoing management.

Common Issues with Spam Scanning

The following list outlines several issues that are commonly encountered related to Spam Scanning:

• Legitimate emails marked as spam (false positives).
• Spam emails reach the inbox (false negatives).

• Unsubscribe option problems.

• Authentication and configuration issues (SPF, DKIM, DMARC).
• Sender reputation problems.
• List hygiene and engagement issues.
• Impact of technical and policy changes on spam filtering.

Spam Detection System Criteria

Spam detection systems use multiple criteria to assess email risk, including:

1. Sender reputation.
2. Content analysis.
3. Patterns matching known spam or phishing techniques.

Resolving Email Delivery Issues

To resolve email delivery issues, consider these steps:

1. Check the email's authentication status (DKIM, SPF, DMARC)
2. Configure spam scanning policies to exclude specific senders or domains
3. Verify that your Permitted Senders profile groups are correctly tied to spam scanning policies

Handling Sudden Influx of Spam

If you're experiencing a sudden influx of spam emails, take the following steps:

1. Report the spam emails through your email system's message tracking or spam reporting feature.
2. Check your spam/graymail scanning settings to ensure they are appropriately configured to block unwanted emails.

Troubleshooting Spam Filter Issues

When experiencing spam filter issues, take these steps:

1. Check recent policy changes that might have been implemented via Audit Logs.
2. Review permitted sender policies to ensure they have specific IP address restrictions.
3. Contact Mimecast Support to investigate and resolve the configuration issue.

Mimecast's Layered Spam Scanning Approach

Mimecast uses a layered spam scanning approach that combines proprietary technology and third-party partners. The spam scanning engine evaluates multiple email characteristics, including:

• Body content
• Formatting
• Source
• Headers
• URLs

Each email is assigned a spam score based on various patterns and characteristics. Emails are categorized as follows:

• Relaxed: Scores of 7 or higher are held.
• Moderate: Scores of 5 or higher are held.
• Strict: Scores of 3 or higher are held.
• All Settings: Scores of 28 or above are rejected.

Emails Bypassing Spam Scanning

Emails can bypass Spam Scanning if they receive a spam score of 0, which means they do not meet the threshold for automatic filtering. The specific reasons for a low Spam Score can vary, and may require investigation by the Messaging Security (MSOC) team.

Low-Scoring Spam and Phishing Emails

Spam and phishing emails can sometimes initially score low in Spam Scanning, due to evolving email tactics. Mimecast continuously updates its detection mechanisms, re-scanning samples to improve future email filtering. If an email initially passes through filters, the system can update its detection criteria to catch similar emails in subsequent scans.

Dealing with Persistent Spam

If spam emails are consistently reaching your inbox despite existing filters, consider:

1. Reviewing and adjusting your current spam filter sensitivity and lowering the threshold for spam detection.
2. Creating a more restrictive VIP policy for critical users.
3. Consulting with Mimecast Support to fine-tune filtering rules.

Managing Important Emails Marked as Spam

If an important email is marked as spam or held by the system, you can take the following steps:

1. Contact IT support to review the email.
2. Provide details such as sender email, subject, and any unique identifiers, or the full message headers.
3. Ask for the email to be released if it is deemed legitimate.
4. Report the message as a false positive to the Mimecast Messaging Security (MSOC) team, ensuring you provide the message headers.