Google Message Security for Google Apps Administration Guide User Manual

Spam Filters

183

Go to Spam Filtering on the user’s Overview page and verify that the Bulk
Email and other category filters are set high enough (see “Fine-Tune Spam
Filters” on page 179). If they aren’t, adjust them accordingly. If they look OK,
go to the next step.

2.

Was the message sent directly to and accepted by your mail server,
bypassing the protection service?

a.

Sometimes users’ email is delivered to them from more than one email
server. Messages from another server that isn’t mapped to an email
config in the message security service don’t go through the data center
and therefore aren’t filtered. Many email clients put these messages in the
same inbox as filtered messages, so users might believe they received
spam from a your protected server. Review the message headers to
make sure they include an email server registered with the service. If they
don’t, inform the user.

b.

Some spammers don’t follow DNS standards for selecting MX records.
They send email to the highest numbered server, or randomly pick one
from port scans. To determine if the message actually passed through the
data center, review the message headers for the strings listed below (the
# sign will be replaced by various numbers). If any of these strings exist in
the header, the message did pass through the data center.

exprod#mx#.postini.com

chipmx#.postini.com

chip#mx#.postini.com

c.

If these strings don’t exist in the message header, the message was
delivered directly to your email server, bypassing data center filters. To
remedy this, set up your email server or firewall to accept email only from
the data center’s IP ranges. See “Setting Up Secure Mail Delivery” on
page 495.

3.

Did a local user (within your organization) send the message?

Unless your email server is reconfigured to send all email outside the server,
rather than delivering locally to local users, messages exchanged among
users on the same server aren’t processed by the data center, and therefore
aren’t filtered for spam. Review the headers to see if the email was sent from
someone on the recipient’s same server. If it was, reconfigure this server to
send all email outside, so it’s processed by the data center.

4.

Was the sender's address in the user- or org-level Approved Senders list?

If the sender or sender’s domain is on an Approved Senders list—either the
user’s personal list, or a list defined for the user’s org—messages from those
senders are delivered, regardless of spam-like content. This is also the case if
the spammer has spoofed the sender address so it matches an Approved
sender. Review the user- and org-level lists and delete any known spammers.

Remember that users don’t have visibility of their org’s Approved Senders list,
so they might be confused as to why spam from a sender on this list would not
be filtered.

5.

Has the user added his or her own address or domain as an Approved
mailing list, at the Message Center?