Premium AntiSpam (PAS) has recently been enabled in Symantec Mail Security for Microsoft Exchange (SMSMSE) and it is necessary to know how it works and how to configure it.
How Premium AntiSpam works
PAS assigns a spam score from 1 to 100 to every message it scans. A score of 1 means the message is highly unlikely to be spam. A score of 100 means the message is almost certainly spam. A spam message has a score of 90 to 100. By default, a suspected spam message has a score of 72 to 89. The suspected spam category is configurable. The lower threshold of the scale can be set as low as 25.
PAS has 3 action categories, Spam Messages, Suspected Spam and SCL, and Suspected Spam. It is possible to configure a different action for each category.
Spam confidence level (SCL) is a value assigned to a message that indicates the likelihood that the message is spam. This value is separate from the spam score assigned to a message by PAS. The SCL values are 1 to 9. An SCL value of 1 means there is an extremely low likelihood that the message is spam. An SCL value of 9 means there is an extremely high likelihood that the message is spam.
Messages defined as spam have a score of 90 to 100. Based on Symantec testing, there is a 1 in 1,000,000 chance of getting a false positive detection at this level.
Suspected Spam and SCL
Messages defined as Suspected Spam and SCL have both of the following characteristics:
Messages defined as Suspected Spam have a score between the values that have been defined for suspected spam. The default range for suspected spam is 72 to 89.
How to configure Premium AntiSpam
This section explains how to configure PAS to do the following:
These settings reduce the amount of server resources required to process spam. In addition, they free the administrator from interacting with false positive spam identifications.
These settings are guidelines only. Symantec does not guarantee that these settings are the best for every environment. Please understand and test these settings thoroughly before implementing them in a production environment.
Premium AntiSpam Settings
To access PAS Settings, open SMSMSE. Click Policies > Premium AntiSpam Settings.
Note: Marketing and Newletter messages are not considered spam but are sometimes viewed as spam by end-users. More than 50% of all messages submitted to Symantec as missed spam are considered Marketing and Newsletter, which means that perceived effectiveness of the Antispam service is increased significantly with these options enabled. These detections will take the Suspected Spam action.
Premium AntiSpam Actions
To access PAS Actions, open SMSMSE. Click Policies > Premium AntiSpam Actions.
Check ‘Reject the message.’
There are two reasons for rejecting spam messages:
Messages detected as spam receive a spam score of 90 to 100. This setting rejects messages detected as spam. The original sender receives a Non-Delivery Report (NDR). The NDR includes this text, “5188.8.131.52 Requested action not taken; message refused.”
Suspected Spam and SCL
Ignore this section unless there is a front-end server. If there is a front-end server, use the same settings as ‘Suspected spam.’
Do not check any other options in this section.
Messages with a score exceeding the spam score (72 by default) are detected as suspected spam and take the defined action. The recommended Suspected Spam settings accept the message and assign the message an SCL value of of one greater than the SCLJunkThreshold. The Exchange System Manager settings configure Intelligent Message Filtering to deliver the message to the user’s Junk E-mail folder.
Lower Spam Threshold
Depending on the environment and business needs, It may be necessary to adjust the ‘Lower spam threshold’ under Premium AntiSpam Settings. The default is 72. If too much spam is going to the users' inboxes, lower the threshold. If too many legitimate email messages are going to the users Junk E-mail folder, raise the threshold. Make small incremental changes, 5 for example, until the desired filtering level is reached.
For example, if set to a ‘Lower spam threshold’ of 72 and users complain that they are getting too much spam lower the threshold to 67. Let Premium AntiSpam run at that level for a while. If users continue to complain, lower the value to 62. Continue in this manner to determine the optimum ‘Lower spam threshold’ for the users.