cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 5

how to exclude legitimate inbound email replies

What is an effective way to set up exclusions from spam filtering so inbound messages that are replies to our company employees, from outside senders, are not quarantined? In other words, an employee of our company sends an email to an outside recipient. That recipient sends back the email using the "reply" function in their email client program. Email Gateway should recognize, somehow, that the email originated with our company and not subject it to various spam checks. Is there an effective way to configure this?

I notice in these types of messages that get quarantined there are some indicators such as:

"On*<*@company.com> wrote:" and "*- Original message -*From:*<*@company.com>". Perhaps if I set up exclusions based on these wildcard rules it won't apply spam calculations against these inbound messages, for a given Default Policy, yet not open up avenues for real spam to exploit and get past the filter.


Any ideas?

4 Replies
Highlighted
Level 7
Report Inappropriate Content
Message 2 of 5

Re: how to exclude legitimate inbound email replies

I noticed replies tend to have the following Header information:

In-Reply-To:*<*@servername.fqdnname>

So this might be a rule I can trigger on.

Suggestions?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 5

Re: how to exclude legitimate inbound email replies

You can create a dictionary to look for the desired terms and have it add a negative number to the spam score.  However, that does add a potential vector for spammers to try and slip more mail past the filter.  There isn't a built in way for MEG to know this is a real reply as opposed to someone faking it.

Was my reply helpful?

If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Highlighted
Level 7
Report Inappropriate Content
Message 4 of 5

Re: how to exclude legitimate inbound email replies

I tried to create a dictionary with a negative value and the field provided for inserting a value doesn't appear to allow me to insert a - sign. I tried single digit, I tried copy and paste from notepad. It won't take it. It doesn't matter, I'll play around with it. I think rather than a value, I'll just put it in as an allowance rule. I do understand it creates a potential hole for spam that illegitimately shape the header, but I've done a fair analysis and have yet to see one hit our filter with this type of string in the header that isn't legitimate.

Highlighted

Re: how to exclude legitimate inbound email replies

HI,

If you are on MEG 7.6 you can use spam rules for system-defined header analysis. Have a look at KB83588 for more information, it should help you in this scenario.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community