Getting Too Much Spam?
After completing the basic configuration, you can fine-tune your SpamTitan settings to help ensure you are getting as little spam as possible for your environment. Go through the steps below to make sure you have the three essential tests enabled, and then look further into the type of spam you are getting and the settings that can help reduce it.
Before looking at the types of spam you are receiving, please ensure that the following tests are enabled or operational:
RBLs: Make sure you have added these three recommended RBL servers:
zen.spamhaus.org
psbl.surriel.com
truncate.gbudb.net
Ensure Botnet Analysis is enabled. See Botnet Analysis.
Ensure Network Testing is enabled. See Network Testing.
Accurate DNS responses.
Accurate DNS responses are essential for SpamTitan to maintain a good spam catch rate. Because of the high volume of DNS requests that originate from free/open DNS, test providers will not respond to DNS requests from these servers.
Therefore, do not configure SpamTitan to use free/open DNS servers such as 8.8.8.8. Use your own DNS server, if possible, to ensure you are getting accurate responses. If you do not have your own DNS server, consider using your ISP’s DNS server if applicable.
Run the test outlined here to see if you are being blocked.
Once you have verified the tests above are enabled or operational, take a look at the different types of spam listed below and the options you have to reduce them.
Spoofing
Spoofed email arrives in many forms. Which one of these best describes the spoofed emails you are receiving:
"My email domain is being spoofed". To prevent this, enable SPF and DMARC.
See Enabling & Configuring DMARC and also SPF Settings.
"The names of users in my organization are being spoofed". Enable the ANTISPOOF_NAME test.
See AntiSpoofing.
Malicious links
If you ran the test in Step 4 (Accurate DNS) above and got a positive result, but you are still receiving malicious links, submit a ticket to Support. Attach examples of the full emails you are receiving, not just the links.
Malicious attachments
Go to Reporting > System Information > Services and check that both Clam AV and Bitdefender AV are running. See Available Services.
Enable Sandboxing. See Sandboxing.
Enable Google Safebrowing Database in your Clam AV settings. See Configuring Clam AV Settings.
Enable Third-Party Databases in your Clam AV settings. See Configuring Clam AV Settings.
Use banned attachments if uncommon files. See Configuring Attachment Filters.
If you are still receiving malicious attachments after changing these settings, submit a ticket to Support and attach the original emails you are receiving.
Unsolicited Marketing Emails
Submit a ticket to Support and request that additional Unsolicited Marketing Email rules be added to your SpamTitan.
None of the above
If you have checked the three tests at the top of this page and are still receiving a high level of spam that does not match the types listed here, consider the following actions:
If the spam you are receiving is scoring high, but not high enough to block, consider tuning your spam score. See Editing a Domain Policy and Editing a User Policy.
Open a ticket on our support portal and our Support Engineers will help investigate your email further.
