How do I notify Trustwave of new Spam so MailMarshal files can be updated?


This article applies to:

  • Trustwave MailMarshal (SEG)/SEG
  • MailMarshal Exchange 5.1 through 5.3

Question:

  • How do I notify Trustwave of new spam so MailMarshal files can be updated?
  • How do I upload spam messages for identification?
  • How do I report spam?
  • How do I report false positive spam identifications?
  • Is there an email address where people can send samples of spam emails that are getting past SpamCensor scripts?

Before you start:

Please verify that your spam blocking configuration meets best practices.

  • In particular see the notes on excessive use of exceptions (Allow Lists) and other recommendations in article Q10810.
  • Check that SpamCensor and SpamProfiler are enabled and updating correctly. See article Q12992.

Procedures

Spam that was not identified:

Spam Reporter

  • You can install an Outlook plug-in for end users to report spam, if you are using Office 365. For more information, see Knowledgebase article Q21066.

Console Buttons/Forward

  • You can send samples of spam for analysis by providing the email message in its entirety to Spam@Marshal.com 
    • The preferred method is to forward the message file from the MailMarshal Console. This option is only available for messages that have been archived or quarantined in MailMarshal.
    • In MailMarshal SMTP 6.7 and above, you can forward messages using buttons on the Console.
    • If you are running an earlier version, Trustwave strongly recommends you to upgrade, as you are lacking significant enhancements to anti-spam functionality.
    • If you do not have access to the MailMarshal Console (or the message was not archived), you can forward messages from an email client. However, when forwarding from a client some additional steps are required to provide useful information.

Note:  Advanced information can be found in the header of the original email.  However, this header information is overwritten with your header information once you click "forward".  If you are able, copy the original header information into your forwarded email Spam when sending to Trustwave.

Manual Forward

Follow these steps for Microsoft Outlook to collect (then copy / paste) the original header information to forward with the emailed Spam to the email address above:

  1. Open the spam email.
  2. Within the email message, go to View | Options.
  3. Look for the box labeled "Internet Headers".
  4. Select all of the text within this box.
  5. Go to Edit | Copy (or use Ctrl+C).
  6. Click Forward to send the email to Spam@Marshal.com.
  7. Paste the header information within the email body (Ctrl+P or Edit | Paste).

NOTE: The Spam@Marshal.com email address is ONLY a collection point for Spam. It is monitored by the labs team;  however, this team does not respond to queries at that address. If you need help with a Spam related issue please contact your Technical Support representative.

False positives:

Before submitting a false positive ("not spam" that was classified as spam), check which rule or function blocked the message.

Be sure you are submitting the report to the correct location.

  • For SpamCensor, Marshal IP Reputation Service, and SpamProfiler:
  • You can submit false positives by providing the email message in its entirety to NotSpam@Marshal.com
    • The preferred method is to forward the message file from the MailMarshal Console. This is possible only for messages that are currently in quarantine or archive folders.
    • In MailMarshal SMTP 6.7 and above, you can forward messages using buttons on the Console.
    • If you are running an earlier version, Trustwave strongly recommends you to upgrade, as you are lacking significant enhancements to anti-spam functionality.
  • For third party reputation services such as Spamhaus and SURBL (used in URL Censor), contact the reputation service provider directly.
    • Trustwave does not maintain the listings of these services, and Trustwave does not have access to change the listings.

 

This article was previously published as:
NETIQKB39848

Last Modified 5/1/2020.
https://support.trustwave.com/kb/KnowledgebaseArticle10414.aspx