Cisco Cisco Email Security Appliance X1070 Troubleshooting Guide
What are the best practices for using SenderBase?
Document ID: 118381
Contributed by Nasir Shakour and Enrico Werner, Cisco TAC
Engineers.
Oct 13, 2014
Engineers.
Oct 13, 2014
Contents
Introduction
What are the best practices for using SenderBase?
Implementing SenderBase Throttling or Blocking
Related Information
What are the best practices for using SenderBase?
Implementing SenderBase Throttling or Blocking
Related Information
Introduction
This document describes the best practices for using SenderBase.
What are the best practices for using SenderBase?
The SenderBase Reputation Service (SBRS) provides an accurate, flexible way for you to reject or throttle
systems suspected to be transmitting spam based on the connecting IP address of the remote host. The SBRS
returns a score based on the probability that a message from a given source is spam, ranging from −10
(certain to be spam) through 0 to +10 (certain not to be spam). Although SBRS can be used as a stand−alone
anti−spam solution, it is most effective when combined with a content−based anti−spam scanner.
systems suspected to be transmitting spam based on the connecting IP address of the remote host. The SBRS
returns a score based on the probability that a message from a given source is spam, ranging from −10
(certain to be spam) through 0 to +10 (certain not to be spam). Although SBRS can be used as a stand−alone
anti−spam solution, it is most effective when combined with a content−based anti−spam scanner.
SenderBase scores can be used in the Host Access Table (HAT) on an SMTP listener to map incoming SMTP
connections to different Sender Groups. Each Sender Group has associated with it a policy that affects how
incoming email is handled. The most common things to do with SenderBase scores are to either reject mail
entirely, or to throttle the suspected spam sender.
connections to different Sender Groups. Each Sender Group has associated with it a policy that affects how
incoming email is handled. The most common things to do with SenderBase scores are to either reject mail
entirely, or to throttle the suspected spam sender.
You can use SBRS scores in the HAT to reject or throttle email. You can also create message filters to
specify "thresholds" for SBRS scores to further act upon messages processed by the system. The diagram
below provides a rough outline of how SBRS scores can be used to block or throttle suspected senders:
specify "thresholds" for SBRS scores to further act upon messages processed by the system. The diagram
below provides a rough outline of how SBRS scores can be used to block or throttle suspected senders: