1

I'm puzzled by this email message that gets quarantined by McAfee Secure Messaging Service (it's based on Postini) for no reason that I can think of.

Here are the Postini headers:

X-pstn-2strike: clear
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S: 0.02932/98.63596 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 3 (1.0000:1.0000) s cv gt3 gt2 gt1 r p m c
X-pstn-addresses: from [db-null]
X-pstn-disposition: quarantine

I read the docs (http://www.mcafee-sms.com/webdocs/admin_ee_mcafee/wwhelp/wwhimpl/common/html/wwhelp.htm?context=MACAFFHelp&file=header_overview.html#951634) and in short, the x-pstn-settings header tells me that NONE of the filters was triggered, but the x-pstn-levels header tells me that the final score (0.02932) is low enough to classify the email as bulk/spam.

Can anyone explain to me why the final score is so low when none of the filters were triggered?

Does anyone have any suggestions on how to prevent this from happening?

Regards, Martin

Martin Schapendonk
  • 131
  • 4

1 Answers1

1

I have used Google's Postini only, so I don't know how it may differ from McAfee Secure Messaging Service. I don't know how exactly the scores are computed, but it is undoubtedly based on a very large number of factors. The scores could be different based on users marking messages as junk or not junk.

The users unjunking these mails should be teaching Postini so the false positives should not keep happening. If that is not the case your options are:

  1. Lower the strength of the filter, or better yet the category filter that applies to the message that was caught. The problem with this approach is you can edit each account individually, or you can edit the template that will change the filters for all new accounts you create, but you can't make a global change.

  2. The better alternative is to whitelist specific email addresses or domains. You can do this per individual account, or you can do it by group (including the group all) in Postini so you can make the change for everyone at once. You could whitelist invitations@linkedin.com and connections@linkedin.com or just *@linkedin.com to allow anyone from linkedin.com to bypass Postini's filtering.

ridogi
  • 214
  • 2
  • 7
  • Adjusting spam filter settings is not the solution I'm looking for. I was hoping I could improve the message body that it doesn't qualify as spam anymore. – Martin Schapendonk Oct 26 '09 at 14:40
  • Maybe I don't understand. Do you have outbound filtering turned on and legitimate mail your employees are sending is getting marked as spam or is this all inbound mail? – ridogi Oct 26 '09 at 17:42