5 Replies Latest reply on Dec 18, 2013 9:40 AM by Regis

    How handle "snowshoe spam"




      We are using IronMail 6.x in our environment.

      We are facing a lot of SPAM emails, we raise the case in support, and they say that we are against a snowshoe spam camping,


      Any ideas about how we can fight against this?


        • 1. Re: How handle "snowshoe spam"
          Peter M

          I moved this to the Ironmail sub-forum for better support.

          • 2. Re: How handle "snowshoe spam"



            Any ideas?

            • 3. Re: How handle "snowshoe spam"
              Peter M

              Not I, sorry.  I have little knowledge of this product.  Someone will be along soon hopefully.

              • 4. Re: How handle "snowshoe spam"

                Are you seeing any kinds of patterns with the spam?  Snowshoe spam by definition does not have a particular campaing it is trying to sell, but the way that it is distributed.  If there are any comonalities amongst the messages that will be a good starting point for blocking them.


                I would also make sure that TrustedSource is properly scoring the messages

                • 5. Re: How handle "snowshoe spam"

                  If you haven't already, get the mcafee customer submission tool deployed around your Outlook environment and encourage users to submit all samples of missed spam.    http://www.mcafee.com/us/downloads/free-tools/customer-submission-tool.aspx       


                  We've gotten to know the folks on the anti-spam team  after we got killed by snowshoe for a long time until some new classifiers in MEG came on line, etc.   I'm not sure if 6.7 works the same at 7.x for anti-spam or not, but  snowshoe style spam is indeed proving challenging.  We had one user who ran cloudmark's locally on a machine as  a test and it managed to catch an astounding number of things that MEG missed at the time.     Cloudmark stopped updating for him and he's now got an open source spambayes thingee on that workstation and it seems to catch a lot of stuff MEG misses.


                  Depending on how you're licensed, McAfee does have a cloud email solution http://www.mcafee.com/us/products/saas-email-protection-and-continuity.aspx that you may have already baked into your license. I think if you have the content protection suite, perhaps it's in there?    You can use mcafee's servers as your MX, they run cloudmark up there and filter out a lot of things before your local ironmail boxes would get it.  With orthogonal anti spam engines, you would have better capture rates.    But then you have to decide if there's another hop in the email chain you want to deal with.


                  At any rate, we're getting way fewer user complaints on spam than we did a year ago, but I'm not sure if that's because a year ago we were just tranisitioning from another solution to MEG, or if snowshoe campaigns were going great guns at the time, or...  it's hard to say.