What should I do when I receive spam?
Even if you are using the spam filtering correctly, it is possible that you are still receiving some spam. The following describes what steps you can take to determine why you are still receiving spam messages and how best to resolve this.
Check if the message was processed by SpamExperts
It is possible that the message wasn't processed by SpamExperts, sometimes spammers will send messages directly to your mail server. There are two ways to see if the message passed through the filter:
- Message Logs - All messages that pass through the filter will be displayed in the inbound message logs. If you can't find a trace of the message in the log search then it was probably delivered directly to your mail server
- Message Headers - The message headers will show the path that the message took to get to your server. Examine the Received message headers: SpamExperts filtering servers are named mx_nn.antispamcloud.com. If none of the received headers were added by our servers then the message did not pass through SpamExperts
Check whether your MX Records are Correct
To prevent spam effectively, your MX records should ONLY contain those of the filtering servers, no other mail servers. If you leave the old MX records pointing to your own mail server, spammers will attempt to deliver spam directly, thus bypassing the spam filters. You can look up your domain MX records here. If you need to update your MX records, see Update Your MX Records in Your Domain Provider's DNS Settings. If you want to verify that your system is using the correct MX records, use the MX Verification Tool.
Analyze the Spam Email Header
Email headers show detailed information about the origin of a message and the various systems it passed through. View the email headers in your email client, and look for the line starting with "X-Recommended-Action:", if it's present the message was processed by our filters. You'll also see a "X-SpamExperts-Evidence:" header (SpamExperts may be replaced with a private label name), if it says e.g. "Allow listed" it means that we did not check the message as the sender/recipient was accepted in the control panel.
X-Headers missing
If you do not see any SpamExperts X-headers in the email headers, this may mean that your mail server is removing them.
X-Headers |
---|
X-Report-Abuse-To |
X-AuthUser |
X-Originating-IP |
X-SpamExperts-Domain |
X-SpamExperts-Username |
X-SpamExperts-Class |
X-SpamExperts-Evidence |
X-Recommended-Action |
X-Filter-ID |
In these headers,
It may also mean the messages might not have passed through the SpamExperts filter. There are various reasons why the email might not have passed through SpamExperts:
- You might not be using the correct SpamExperts MX records, so please check the MX records for your domain. It's important that you only use the SpamExperts MX records, see Hosted Cloud MX Records for details
- You are using the correct MX records, but they have not had sufficient traffic pass through them because SpamExperts is newly installed. After changing the MX records in your DNS, it may take up to 48 hours before this update reaches all DNS servers world-wide. During this period, email may still be delivered directly to your mail server and therefore may not yet be filtered by the SpamExperts servers. Spammers often use old DNS information, so for a short while you may still receive spam that was never scanned by our servers
- Somehow the spammer has managed to deliver directly to your destination mail server. To avoid this we recommend that you configure your firewall/mail server to only accept messages from our servers
X-SpamExperts-Class: line says "Allow listed"
If the class line says "Allow listed", this means that you must have added the sender or recipient email address, to their respective allow list on your domain. Spammers always fake the sender, and try to use senders that are likely to be put on Allow lists by recipients. Therefore, it's important to never Allow list your own email address as a sender, since spammers will often send you messages that appear to originate from yourself. The acceptance lists should only be used to overrule the filtering technologies, if they are causing a problem for you, by rejecting senders you know are safe but inherently look suspicious. Generally our classifiers will not block your legitimate emails.
X-SpamExperts-Class: line says "ham" or "unsure"
SpamExperts combines many technologies to provide you optimal protection from "false positives", i.e. legitimate email, marked as spam. Since we never want a legitimate email to be blocked, if you've received a spam message classified as "ham" or "unsure", our system was not confident enough to block the message, and marked it as such, giving you the opportunity to release and train the filters. This can occur if the spam message appears to be from a legitimate source.
Policy concerning Forwarding-domains: if you have multiple domains that act as email forwarders for the domain you want protected by our spam filter, we will not block the spam messages since they originate from a forwarding server. You will need to use our MX records for such domains, and you are more than welcome to make use of our free domain aliasing functionality to protect your forwarding domains. To check which email address the message was originally directed to, please inspect the "Received:" headers. These will specify what address the message was delivered to.
Still Receiving Spam?
It is also possible that our system did not detect the spam message correctly. If this occurs, please report the message to our systems as spam, so we can further train and improve our filtering technologies, see Report messages as Spam or Not Spam/Train Messages. All reported messages are automatically processed centrally.
Please note, this will not work if the X-Filter-ID has been removed from the message header.
If you still receive large amounts of spam, even after using our filters, and having checked all the steps mentioned above, please email us a .zip file with all spam messages in .eml or .msg formats for analysis. Please contact us for the correct reporting address.
Finally, please make sure that the messages you report as spam are indeed spam. We do not consider messages from senders that you have subscribed to in the past, as spam, since they offer an unsubscribe option. You should unsubscribe from such mailings instead, if they are no longer desired.
For more information, see Spam Quarantine.
Legitimate Messages Recognized as Spam
If you have a legitimate message being recognized as spam, you should check the content of the message to see if it contains anything that might make SpamExperts consider it as 'spammy'.
In cases where legitimate messages have been caught and quarantined as spam, you can use the Train as Legitimate function in Incoming > Train messages when logged in under the Domain or Email Level Control Panel. For more information see Report messages as Spam or Not Spam/Train Messages.