beautypg.com

How to use content manager in a spam outbreak – Google Message Security for Google Apps Administration Guide User Manual

Page 233

background image

Content Manager

233

How to Use Content Manager in a Spam Outbreak

On rare occasions, malicious senders create new junk messages that don’t have
any text or patterns in common with previous junk messages. During a large-scale
spam outbreak, a few of these messages may initially pass through the spam
filters. During such outbreaks, your message security service immediately begins
collecting data to update spam filters. Once updated, the filters begin blocking the
spam messages. Therefore, you do not need to take any action or change your
message security service configuration.

However, if your users are repeatedly receiving a specific type of junk message,
you can block those messages by creating a content filter in Content Manager.
For this filter, you can specify unique text that the junk messages contain. Or you
can use a regular expression to specify a unique text pattern in the messages,
rather than specific text. For more information about regular expressions, see
“About Using Regular Expressions” on page 218.

Important:

When using content filters to block spam, it is recommended that you

do the following:

Analyze headers first: To verify that a content filter can help block spam
messages, analyze the headers to determine why the messages passed
through the spam filters. Headers, for example, can tell you whether the
recipient address is for an account on your message security service, or
whether the sender is on your Approved Senders list. To analyze headers,
use the Header Analyzer, which is available at

http://www.google.com/

postini/headeranalyzer

.

Use content filters for spam carefully. The use of content filters to block
spam may increase the number of legitimate messages that are quarantined,
so use these types of filters with caution.

Use content filters for spam temporarily. The message security service
continuously updates the spam filters, so it usually starts blocking new types
of spam quickly. Also, the longer a content filter remains active, the more
likely it will capture legitimate messages.

Watch for evolving spam: New types of spam can change rapidly, so any
content filter you create for spam may be effective for only a short period. For
example, malicious senders might create similar messages that your content
filters won’t block.

To create a temporary content filter for new spam:

1.

Review the junk messages to find unique text. This text must be specific to
these messages and not likely to occur in legitimate messages.

See also other documents in the category Google Software: