Before you configure Symantec Premium AntiSpam, ensure that you have done the following:
If you have an ISA server, register Symantec Premium AntiSpam through the ISA server.
Configure your proxy server to permit downloads for Symantec Premium AntiSpam.
Install the Symantec Premium AntiSpam license.
See About licensing
Configure the following settings to detect and handle spam:
Symantec monitors email sources to determine how much of the email messages that are sent from those sources is legitimate. Email from those sources can then be blocked or allowed based on the source's reputation value as determined by Symantec.
Enable Ruleset based sender IP reputation
The Rule Based Reputation Service is the name for a set of downloadable IP address lists that you can use to block SMTP connections from known spam IP addresses or allow SMTP connections from known reputable IP addresses.
The Rule Based Reputation Service currently includes the following classification lists of IP addresses, which are continuously compiled and updated:
Contains the IP addresses from which virtually all of the outgoing email is spam. This list is always enabled.
The Fast Pass feature conserves resources by providing a temporary exemption from spam scanning for senders with a demonstrated history of sending no spam messages. Thus senders with the best local reputation are exempted from spam scanning.
Emails that contain commercial or fund-raising messages, which may have been requested by the user. When the messages are detected by this policy it takes the action configured under Suspected Spam.
Emails that include content on specific topics for a known period, often weekly or monthly. The user may have requested to receive these publications. When the messages are detected by this policy it takes the action configured under Suspected Spam.
Suspicious URLs include free hosting sites, URL shortening services, and URL redirecting services that can potentially be abused to deliver spam or malware payloads. SMSMSE can filter against email messages that contain one or more suspicious URLs. When the messages are detected by this policy it takes the action configured under Suspected Spam.
DNS IP reputation feature will be disabled by default during a fresh install.
DNS IP reputation feature will be disabled by default for all upgrade scenarios.
Enable DNS IP Reputation
DNS-based IP (DNS IP) reputation allows the delivery of the Symantec Global Bad Senders list, which is the largest Symantec IP reputation list. When an inbound email arrives in your organization and the DNS IP reputation feature is enabled, the IP address of this inbound email is sent to the Symantec DNS reputation server. If this IP address in the Symantec DNS reputation server is recorded as bad, the verdict is provided back to the Symantec Mail Security for Microsoft Exchange.
Flag messages as suspected spam
Flags messages as suspected spam when their scores reach the suspected spam threshold.
Lower spam threshold
Indicates the minimum threshold for suspected spam.
You can enter a value between 25 and 89. The default value is 72.
You must have a valid Symantec Premium AntiSpam license to enable Symantec Premium AntiSpam.
See About licensing
To configure Symantec Premium AntiSpam to detect spam
In the console on the primary navigation bar, click Policies.
In the sidebar under Antispam, click Premium AntiSpam Settings.
In the content area, under Symantec Premium AntiSpam Settings, check Enable Symantec Premium AntiSpam.
Under Reputation Services, check Enable Ruleset based sender IP reputation and then select any of the following that you want to use:
Check Suspect list which contains emails sources that primarily send spam. This option is selected by default and cannot be changed.
To bypass AntiSpam filtering of email messages from verified senders check Fast Pass.
Under DNS IP reputation, check the Enable DNS IP Reputation option. This DNS-based IP (DNS IP) reputation allows the delivery of the Symantec Global Bad Senders list, which is the largest Symantec IP reputation list.
It is highly recommended to use either Enable Ruleset based sender IP or DNS IP reputation services to avoid heavy network bandwidth consumption.
Under Spam Scoring, check Flag messages as suspected spam if you want messages flagged as suspected spam if you want messages flagged as suspected spam. In the Lower spam threshold box, type the suspected spam threshold level if you choose to identify suspected spam.
On the toolbar, click Deploy changes to apply your changes.