Table: Verdicts by verdict category
Verdict Category |
Verdict |
Description |
---|---|---|
Bad Sender Policies
|
Directory harvest attack |
An attempt is underway to capture valid email addresses. A directory harvest attack is accomplished by emailing to the target domain with a specified number of non-existent recipient addresses sent from the same IP address. |
Email virus attack |
A specified quantity of infected email messages has been received from a particular IP address. |
|
Bad Sender Groups |
An email message, domain, or IP address is a member of one of the following groups: See About blocking and allowing messages using sender groups. |
|
Good Sender Policies
|
Good Sender Groups |
An email message, domain, or IP address is a member of one of the following groups:
See About blocking and allowing messages using sender groups. |
Fastpass |
Allows most email messages from verified good senders to bypass spam filtering. It is not possible to specify any actions for the Fastpass verdict. |
|
Sender authentication |
Sender authentication |
An email message has failed either SPF or Sender ID authentication. |
Virus
|
Virus |
An email or IM message contains a virus, based on current Symantec virus filters. |
Mass-mailing worm |
An email or IM message contains a mass-mailing worm, based on current Symantec virus filters. |
|
Unscannable for viruses |
An email or IM message exceeds the container limits configured on the Scanning Settings page or is unscannable for other reasons. For example, a message or an attachment that contains malformed MIME cannot be scanned for viruses. |
|
Encrypted attachment |
An email or IM message contains an attachment that is encrypted or password-protected and therefore cannot be scanned. |
|
Spyware or adware |
An email or IM message contains any of the following types of security risks: spyware, adware, hack tools, dialers, joke programs, or remote access programs. |
|
Suspicious attachment |
An email or IM message either shows virus-like signs or because suspicious new patterns of message flow involving this attachment have been detected. |
|
Spam
|
Spam |
An email message is spam, based on current spam filters from Symantec. |
Suspected spam |
An email message is suspected spam, based on a configurable Suspected Spam Threshold. |
|
Failed bounce attack validation |
An email message is part of a bounce attack, based on bounce attack validation filtering. |
|
Spim |
Spim |
An IM message contains spim, based on current spim filters from Symantec. |
Content Filtering
|
Text in the Subject, Body, or Attachments |
An email message contains keywords in your configurable dictionary, matches/does not match a regular expression or pattern, or matches data in a record. |
Text in this specific part of the message |
Text in any of 13 message parts contains or matches in one of several ways a specific string, or matches/does not match a regular expression or pattern. |
|
Text in this specific part of the message header |
Text in the envelope recipient or envelope sender contains/does not contain an email address, domain, or country code from a specific dictionary. |
|
Message size |
The message size is equal to/greater than/less than a specific number of bytes, KB, or MB. |
|
File metadata |
An attachment is in an attachment list, has a specific filename or MIME type, or contains/does not contain a filename or file extension from specific dictionary. |
|
For all messages |
All email is flagged. It is possible to create a content filtering rule that applies to all messages, for example to universally attach an annotation to all inbound or outbound email messages. |