What do you do with messages that are almost certainly spam, but don’t come from a known spam source or contain prohibited words? You know, those troublesome messages that users always call about to see if they were “blocked by the firewall”. While it would be great to simply delete all messages that smell even just a little bit like spam, if they aren’t from a known source or otherwise fail completely all tests for spaminess, you probably have to hold them somewhere for at least a short period of time just in case they are legitimate. False positives are a problem for everyone, and that’s why there’s a quarantine in practically every email system in production. But that comes with its own set of issues.
For starters, who is going to deal with all that stuff? Users have to call someone, who then has to open a ticket and either route it to email admins or work it themselves. Releasing a spam message, once all the paperwork is out of the way, is a pretty quick process. If it takes more time for the user to call the helpdesk, or for the helpdesk to fill out the ticket, than it does to accomplish the task, then it doesn’t make sense to make this a process that requires a ticket, especially since it probably happens multiple times per day.
Anti-spam solutions with user self-service area great thing if you have them. Users can get a daily summary, or can just log onto the web portal, search for messages that they are missing, and release them. If you have a solution that uses this, I encourage you to take advantage of it, but that does require another product and user training on what to do and those things lead to more service desk calls.
Exchange uses the Outlook Junk Email folder to provide users self-service without delivering spam or phishing messages to their inbox. The Junk Email folder offers several advantages to admins and end users. Let’s first see why this is good for users.
Since it is readily accessible to all users, they can check for false positives themselves at any point in time. A visible counter indicates if there is anything in the Junk Email folder, so they can see at a glance without extra effort whether or not there is anything in there. While in the Junk Email folder, users can also mark messages to block or never block, quickly and easily building up their own whitelist and blacklist without any additional effort or involvement from the support desk. And of course, anything that remains untouched in the Junk Email folder for more than 30 days is automatically deleted so users don’t have to deal with it.
Of course, some of the above is also of benefit to admins. Since all of the relevant actions for possible spam are handled by the user, there’s less load on admins who can now focus on more important things, like backups and database maintenance. Admins also don’t have to monitor the quarantine folder or go fishing for users’ missing mail. While in the Junk Email folder, all links are disabled, external content is not downloaded, and images are not displayed, so there’s no more risk of a user seeing or clicking on something than there would be if the user went into a quarantine directory and released a message to themselves.
Exchange will route any mail that is determines is probably spam (it earns a Spam Confidence Level of 6) to users’ Junk Email folders. You can raise or lower that if you find it to be either too generous or too paranoid. Exchange will not deliver messages with a higher SCL to users, nor will it deliver messages containing malware. These ensure that this user self-service approach doesn’t lead to any oopses, so if you are concerned about this approach, consider the real likelihood of something bad happening compared to an external quarantine that users can access via self-service.
When you look at the benefits to end users, and the time admins and the support desk can save by delivering content to each user in their Junk Email folder, I think you will agree that this is a good approach for all concerned.
The post Use the JunkMail Folder for Self-Service Spam Quarantine appeared first on Email management, storage and security for business email admins.