Investigating Outbound Spam


Although investing time and effort in filtering inbound spam is very important and is usually done by most companies, preventing outbound spam is equally important. Failure to prevent outbound spam could lead your public IP address getting blacklisted, which will eventually prevent your legitimate emails from getting blocked as junk.

Symptoms

  • You see too many emails sitting in the Outbound Queue in Xeams
  • You see messages in Message Respository that are junk but in the Good category and direction is outbound.

Investigating The Problem

The goal is to investigate the source of the junk message using the following procedure:

  • Search the message in Message Repository
  • Click the Subject to bring up the message
  • Click Analyze button, which opens up the message analysis screen
  • Scroll down to see the section for Intermediate Hops, which will show you where did the message originate from

A typical outbound message takes the following path

OutboundEmailTopology.png

The Intermediate Hops section on the message analysis screen will display the IP address where the message came from. There are two possibilities:

  • Message originated from a LAN IP - in this case, search for virus/trojans possibly installed on the machine sending outbound emails
  • Message originated from the Internet - in this case, confirm your corporate email server or Xeams is not open for relay or a user's credentials are not compromised.

You should be able to perform corrective measures once you have definitely narrowed down the source of these emails.