The Policies

The following policies were approved by the SIMC and will be applied by the new anti spam appliances to email identified as spam email or suspect email:
 
  • Due to the frequency of spear phishing attacks (email pretending to come from UQ addresses and asking for login details), email that are detected as spam will be discarded and not delivered to the client mailboxes;
  • Any email identified as SPAM will not be delivered;
  • Any email with executable file attachments, including ZIP files which contain executable files, will automatically be deleted. Staff members are encouraged to find alternative ways of accessing legitimate executable files required for UQ purposes;

Note

Where an attachment is blocked, it will be replaced with a text message containing the name of the file removed. ZIP files with no executable files inside will be delivered unaltered.
 
There will be some spam that will be discarded by the anti-spam appliances, these will be those originating from low reputation sources and selling the usual items or asking for your assistance to liberate lost millions.
 
Clean email that was delivered to the Junk Mail folder will not be automatically deleted. Clean email will most likely be delivered correctly now. This has been the experience during the extensive trails conducted since April, 2008, using ITS and Business mail domains. ITS monitors the email process to indentify any false positives spear-phishing emails.

 

The Email Process

Mail flow
 
Email is received from the internet via the IronPort Anti Spam appliances where the recipient is validated and the sender's reputation is verified. If accepted, the email is checked for spam and viruses. If clean, the email is passed on the mailhubs for further checking by custom filters to remove phishing email or perform other customised actions before the email is passed on to Exchange servers. The Exchange servers perform more checks for spam and viruses. Finally, the Outlook client will accept the email and perform any actions defined in the user's custom rules. The IronPort will discard email if it is classified as spam. The IronPort will deliver email classified as suspected spam and add [SUSPECTED SPAM] to the subject. The only case where all uppercase [SPAM] Subject prefix would be seen by users are;
 
  1. If it were not added by the IronPort. For example,
a) added before arrival on the IronPort from the internet.
b) added by some other mail system inside UQ.
 
The UQ mailhubs may add various other Subject prefixes.
UQ mailhubs do not add [SPAM] prefix.
Exchange servers do not add [SPAM] prefix.
 
  1. The email was administratively released.
  2. The recipient address is configured to only have tagging and not discarding.
  3. The only addresses in this group at present are abuse@ type addresses for reporting spam.
  4. There was an error in the configuration or fault on the appliance

Looked through our guides and still can't find the right answer?

Search all Help Guides  or  Submit new support job