Re: Cisco Ironport increase is spam getting through?

[Will Froning <will.froning () GMAIL COM>]

Hello Jason,

Jason Murray wrote:
> For those of you that use the Cisco Ironport anti-spam appliances, have
> you noticed an increase in spam making it through unmarked in the past 6
> months?  In the past we would see 1 or 2 messages a week get though, now
> I am getting complaints from my users that a dozen or more a day are
> getting though.

Ironport customer for 3 years now.

We have seen an increase in spam, but it more closely matches what Cisco 
support says (targeted) rather than obvious porn spam. The majority of 
our bulk mail that isn't caught is via googlegroups and in Arabic (we 
are based in UAE).

> We are running the 7.6.x code base.   All the anti-spam rules are
> updating automatically as they should be.
>
>
> I opened a support case with Ironport and they sent back some generic reply:
>
> The nature of spam is always changing, and we are always adjusting our
> rules to do our best to catch it while minimizing false positives. Over
> the past year or so, there has been less bulk, easy to catch spam and
> more targeted, harder to catch spam. This may be why you notice more
> spam getting in. As always, we appreciate it if you can submit missed
> spam samples so we can improve out engine. See instructions later.
>
>
>
> While I would agree with this somewhat, we are now starting to see
> blatantly obvious spam getting though (porn).
>
>
> We have have used Ironport for 6 years now, and we have never had this
> much spam get though.   Before I continue to press Cisco for an answer,
> I am curious if anyone else is seeing similar issues.

I like how relatively simple Ironport is, but I really miss the ability 
to tweak rules like I could with PureMessage (pre-Sophos)...

Thanks,
Will

--
Will Froning
Unix/InfoSec/Network Admin
Will.Froning () Gmail com