Blocking Non-Delivery Report (NDR) spam with HTML Attachments

We have posted a few helpful hints for users that are experiencing problems with Password Reset requests, UPS, Western Union, Youtube and other forms of spam. However, it looks like the spammers are altering the message to adapt to the changes that Postini and other vendors are making, so more updates to the filters are expected.
We are recommending that a temporary custom attachment filter to block all messages with a .html attachment is enabled within Postini. NOTE: If this filter is applied, it will block any legitimate message with that type of attachment. See below for the steps to enable the filter and the recommended settings:

Attachment Manager Filter Steps
  1. Access the customer’s Postini User Org and enable the Inbound Attachment Manager.
  2. To build a custom filter for blocking .html attachments, select Filter and follow the image below:

  3. We highly recommend enabling ‘Scan inside compressed file types’ and ‘Enable binary scanning’ as this may also help with any future evolutions.
  4. Be sure to add ‘html’ under 2. Custom Filter Types to either User Quarantine (in case of false positives) or under Quarantine Redirect.
  5. Click Save and the filter is applied.

MxToolbox has partnered with WebRoot to offer Web Filtering to protect your network from attacks through the web browser. For more details on the protection that this program can offer, go here.

One thought on “Blocking Non-Delivery Report (NDR) spam with HTML Attachments

  1. Pingback: Tweets that mention Blocking Non-Delivery Report (NDR) spam with HTML Attachments « MxToolBox Blog -- Topsy.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s