Email Scoring
Scoring range = 0-600
Spam tolerance – aggressive 140 – 200
Under 140, deliver as normal
140-200 – tag subject as [possible spam]
Over 200 goes to message review
Promotions – 90
Advertisements, newsletters, and other types of marketing email that isn’t necessarily spam.
SPF soft fail – 70
Messages that came from an IP not designated by the SPF record for the sender domain. Messages with an SPF soft fail (“~all”) should be treated as spam or suspicious.
SPF hard fail – 70
Messages that came from an IP not designated by the SPF record for the sender domain. Messages with an SPF hard fail (“-all”) should be discarded.
From address SPF soft fail – 70
Messages that came from an IP not designated by the SPF record for the From address domain. Messages with an SPF soft fail (“~all”) should be treated as spam or suspicious.
From address SPF hard fail – 70
Messages that came from an IP not designated by the SPF record for the From address domain. Messages with an SPF hard fail (“-all”) should be discarded.
Reply-To address SPF soft fail – 70
Messages that came from an IP not designated by the SPF record for the Reply-To address domain. Messages with an SPF soft fail (“~all”) should be treated as spam or suspicious.
Reply-To address SPF hard fail – 70
Messages that came from an IP not designated by the SPF record for the Reply-To address domain. Messages with an SPF hard fail (“-all”) should be discarded.
Multiple From/Reply To addresses – 100
Messages that come from a different addresses in the From or Reply-To headers. This is a common attribute for phishing messages but is also common to newsletters and other bulk mailings. Use with caution as it may cause some false positives.
DKIM Signature Failed Verification – 200
Messages that contain a DKIM signature that failed verification. DomainKeys Identified Mail (DKIM) is an email authentication protocol designed to prevent message modification in transit, a method often used in phishing and email scams. This result indicates that the message signature is either spoofed or the message has been modified in transit.
Attachment with a macro – 400
Messages that contain a Microsoft Office file with a macro. Macros are a powerful way to automate common tasks in Microsoft Office and can make people more productive. However, macro malware uses this functionality to infect your device.
Potentially Unwanted Applications – 600
Messages that contain an attachment that is a Potentially Unwanted Application (PUA). Potentially unwanted applications are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might be unexpected or unwanted. Potentially unwanted applications are not considered viruses, malware, or other types of threats, but they might perform actions on endpoints which adversely affect endpoint performance or use.
Encrypted Zip File – 600
Messages that contain an encrypted archive file (zip or rar). Encrypting an archive file can be used to avoid detection of a threatening file contained in the archive.
Encrypted PDF File – 400
Messages that contain an encrypted PDF. Encrypting a PDF file can be used to avoid detection of a threat.
In addition, we added Foreign/Uncommon Top-Level Domain rules.
At PremierePC, your security is our number 1 priority.