Curious what actions you take on "suspicious" spam.
My suspicion is that the majority of people don't even bother with "suspicious", for exactly that reason.
Historically (going all the way back to the Brightmail days), we found that revealing the scoring details didn't serve any purpose other than to make it easier for spammers to "tune" their emails to try and sneak them by us.
Regarding "
we still get a lot of obvious spam.", we recognize that this is very subjective (what's spam to "me", may not be UCE).
To that end, we have technologies that can help you customize things on your end:
- Suspect spam settings (which you are obviously familiar with)
- Newsletter rules, that you can enable.
- Customer Specific Spam rules.
- Ability to provision probe accounts, to help ensure that spam sent to YOUR organization are included in the pool used to generate global spam rules.
- False Negative (aka missed spam) submission, again the real purpose here is to add to the global pool or detect new outbreaks, not necessarily to take action on specific messages, though it does happen.
- The compliance engine (roll your own, based on your organizations needs/policies).
Original Message:
Sent: Sep 29, 2022 07:49 AM
From: Andreas Brogren
Subject: Threshold for suspected spam
Hi,
It would be interesting to see what values other SMG users have configured to define suspicious spam. As we don't have any insight into the scoring as we did with our old provider, we have to lower the threshold without knowing what effect it will have really.
30 - 89 is defined as suspicious spam in our environment (Lowered by 2-4 at a time during the course of a couple of months), but we still get a lot of obvious spam.