Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
13-9
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 13 Anti-Spam
Defining Anti-Spam Policies
Step 6
Submit and commit your changes.
What To Do Next
If you enabled anti-spam scanning for outgoing mail, check the anti-spam settings of the relevant host
access table, especially for a private listener. See
access table, especially for a private listener. See
Related Topics
•
Understanding Positive and Suspect Spam Thresholds
When evaluating messages for spam, both anti-spam scanning solutions apply thousands of rules in order
to arrive at an overall spam score for the message. The score is then compared to the thresholds specified
in the applicable mail policy to determine whether the message is considered spam.
to arrive at an overall spam score for the message. The score is then compared to the thresholds specified
in the applicable mail policy to determine whether the message is considered spam.
For highest accuracy, the threshold for positive identification as spam is quite high by default: Messages
scoring between 90 and 100 are considered to be positively identified as spam. The default threshold for
suspected spam is 50.
scoring between 90 and 100 are considered to be positively identified as spam. The default threshold for
suspected spam is 50.
•
Messages with scores below the suspected spam threshold will be considered legitimate.
•
Messages above the suspected threshold but below the positive-identification threshold will be
considered to be suspected spam.
considered to be suspected spam.
You can configure your anti-spam solution to reflect the spam tolerance levels of your organization by
customizing the Positive and Suspected spam thresholds in each mail policy.
customizing the Positive and Suspected spam thresholds in each mail policy.
You can change the positively identified spam threshold to a value between 50 and 99. You can change
the threshold for suspected spam to any value between 25 and the value you specified for
positively-identifed spam.
the threshold for suspected spam to any value between 25 and the value you specified for
positively-identifed spam.
When you change the thresholds:
•
Specifying a lower number (a more aggressive configuration) identifies more messages as spam and
may produce more false positives. This provides a lower risk that users will see spam but a higher
risk of having legitimate mail marked as spam.
may produce more false positives. This provides a lower risk that users will see spam but a higher
risk of having legitimate mail marked as spam.
•
Specifying a higher number (a more conservative configuration) identifies fewer messages as spam
and may deliver more spam. This provides a higher risk of users seeing spam but less risk less risk
that legitimate mail will be withheld as spam. Ideally, if set up correctly, the message subject will
identify the message as likely spam and message will be delivered.
and may deliver more spam. This provides a higher risk of users seeing spam but less risk less risk
that legitimate mail will be withheld as spam. Ideally, if set up correctly, the message subject will
identify the message as likely spam and message will be delivered.
You can define separate actions to take on positively-identified and suspected spam. For example, you
may want to drop “positively identified” spam but quarantine “suspected” spam.
may want to drop “positively identified” spam but quarantine “suspected” spam.
Archive Message
Y
ou can archive identified messages into the “Anti-Spam Archive”
log. The format is an mbox-format log file.
Spam Thresholds
Use the default thresholds or enter a threshold value for positively
identified spam and a value for suspected spam.
identified spam and a value for suspected spam.
Option
Description