IMSVA provides the following methods of blocking spam mails:
Setting the spam catch rate or detection thresholds
Querying the global Email Reputation database
Monitoring the behaviour of IP addresses
To set the spam catch rate or detection thresholds:
Choose Policy > Policy List from the menu.
Click Default spam rule > And scanning conditions match > Spam detection settings.
Configure spam detection settings.
Under Spam/phishing emails on the scanning conditions selection screen, select the check box next to Spam detection settings.
Click Spam detection settings. The Spam detection settings screen appears.
To enable spam scanning, select the check box next to Select a spam catch rate or specify a detection threshold. If you do not select this check box, IMSVA will not label any email messages that violate this rule as spam. You can, however, still take actions on any senders in the Blocked Senders list below.
Select one of the following spam catch rates or specify a detection threshold.
High: Catches more spam. Select a high catch rate if too much spam is getting through to your clients.
Medium: Select to catch an average amount of spam (the default selection).
Low: Catches less spam. Select a low catch rate if IMSVA is tagging too many legitimate email messages as spam.
Specify a detection threshold: You can specify a threshold value (between 3.0 and 10.0) that represents how critically IMSVA analyzes email messages to determine if they are spam.
A higher threshold value
means that a message must be very "spam-like" for IMSVA
to consider it spam. This decreases the spam catch rate, but it also results
in a lower number of false positives. If IMSVA
is tagging too many legitimate email messages as spam (too many false
positives), specify a higher threshold value.
A lower threshold value means that a message only needs to be slightly "spam-like" for IMSVA to consider it spam. This increases the spam catch rate, but it also results in a higher number of false positives. If IMSVA is letting too much spam through to your clients as legitimate email, specify a lower threshold value.
Select the check boxes next to any of the following lists to enable them:
Approved sender list: Prevents IMSVA from identifying email from senders in this list as spam.
Blocked sender list: Forces IMSVA to identify email from senders in this list as spam.
Text exemption list: Prevents IMSVA from identifying email that contains any of the text in this list as spam.
For instructions on configuring the lists, see Configuring Approved and Blocked Sender Lists.
To query Email Reputation:
Enable Email reputation.
Choose IP Filtering > Overview from the menu.
To enable Email reputation, select the Email reputation check box.
Configure Email reputation.
Choose IP Filtering > Email Reputation from the menu.
Select the Enable Email Reputation check box.
Select a service level, Standard or Advanced, and configure the following:
Default intelligent action: Email reputation permanently denies connection (550) for RBL+ matches (Standard and Advanced service levels) and temporarily denies connection (450) for Zombie matches (Advanced service level only).
Take customized action for all matches
SMTP error code: Rejects any connection with a certain SMTP code. Type an SMTP code.
SMTP error string: Rejects any connection with a certain SMTP error string. Type the error string.
To monitor the behavior of IP addresses
Enable IP Profiler.
Choose IP Filtering > Overview from the menu.
To enable IP profiler, select the IP Profiler check box.
Configure IP Profiler settings.
Choose IP Filtering > Rules from the menu. The Spam tab appears by default. If you are on a different tab, click the Spam tab.
To enable blocking for spam, select the Enable check box.
Configure the following:
Duration to monitor: The number of hours that IMSVA monitors email traffic to see if the percentage of spam email messages exceeds the Threshold you set below.
Threshold: The maximum percentage of spam email messages that IMSVA will allow during the value you set for Duration to monitor above. The threshold is a fraction with a numerator and denominator:
Rate (%): Type the maximum number of allowable email messages with spam threats (the numerator).
Total mails: Type the total number of spam email messages out of which the threshold percentage is calculated (the denominator).
Consider the following example.
Duration to monitor: 1 hour at a rate of 20 out of 100
During each one-hour period that spam blocking is active, IMSVA starts blocking IP addresses when more than 20% of the messages it receives contain spam and the total number of messages exceeds 100.
Next to Triggering action, select one of the following:
Block temporarily: Block email messages from the IP address and allow the upstream MTA to try again.
Block permanently: Never allow another email message from the IP address and do not allow the upstream MTA to try again.
Trend Micro suggests keeping the default values, which provide an adequate level of protection. To restore the default values, click Restore Defaults.