Symantec Messaging Gateway (SMG) utilizes industry-leading antispam technology to provide accurate and effective email security. Understanding the variables that affect spam detection and management ensures optimal performance and reduced false positives. This guide outlines configuration settings, product features, and environmental factors essential for maintaining high antispam effectiveness.

• Product: Symantec Messaging Gateway (SMG)
• Version: 10.x and higher
• Deployment: Virtual or Hardware Appliance

Several variables affect how spam messages can be detected and managed.

Administrative Knowledge

Learn about email and spam

Product documentation provides comprehensive details on protocols and technologies utilized by SMG:

• Messaging Gateway Documentation

Product Configuration

• Spam Retention: Set antispam policies to delete spam automatically rather than quarantining it. With an accuracy rate of less than 1 in a million false positives, automatic deletion reduces resource consumption and improves productivity.
• Software Updates: Maintain the SMG appliance on the latest software version to leverage current antispam engines and security signatures.
• Recipient Validation: Enable Recipient Validation for all domains. This permits only messages for valid recipients and rejects those addressed to invalid users, mitigating brute-force attacks.
• Directory Harvest Attack (DHA): Configure DHA with a Reject action. This prevents spammers from identifying valid email addresses by checking which addresses are rejected by the server. 
  • Review the SMG Administration Guide for configuration steps.
• Sender Authentication: Implement SPF, DKIM, and DMARC to identify and block spoofed messages.
  • Setting up sender authentication
• Filtering Actions: Use the Reject action instead of Drop or Defer where possible. Rejection at the SMTP level saves processing power by not accepting the message body for analysis.
• Connection Classification: Deploy SMG at the gateway to ensure it identifies the original source IP. This restricts the quality of service for known spam sources.
• Symantec Global Bad Senders: Enable this feature to stop known spam sources at the connection level using global reputation data.
• Good Sender Lists: Minimize the use of IP and Domain whitelists. Whitelisted senders bypass filters, allowing potential spam to enter the network. If legitimate email is blocked, submit false positives for analysis.
• Bounce Attack Prevention (BATV): Enable BATV to identify fake Non-Delivery Reports (NDRs) and prevent backscatter attacks.
  • About defending against bounce attacks
• Probe Participation: Convert invalid recipient addresses into probe accounts to help Symantec track new spam trends and improve filtering rules.
• Newsletter and Marketing Dispositions: Use built-in dispositions to control unwanted marketing content and newsletters.
• URI and Malicious URL Filtering:
  • Enable URI Reporting to help develop new filters based on links found in spam messages.
  • Configure rules for "Spam URL content" and "Malicious URL content" (available in SMG 10.7.5 and later).

The Network and the Environment

• Ensure the inbound MTA receives the original source IP address.
• Set network interfaces to the highest possible speed, full duplex, and non-autonegotiate to avoid performance bottlenecks.
• Reject connections from "bogons" at the network edge or firewall before they reach the SMG appliance.
•