Does Oracle Service Cloud filter Spam for our hosted mailboxes?
Incoming Email, Spam Filtering, Barracuda
Barracuda spam filtering is now available for Service mailboxes hosted by Oracle Service Cloud (OSvC). Mailboxes hosted for Oracle RightNow Outreach Cloud Service are not eligible.
All incoming email for Service mailboxes pass through the Barracuda Firewall which evaluates each message for viruses as well as Spam urls (intent filtering) as well as sender IP address checking against RBLs (Realtime Blocklists) provided by Barracuda and Spamhaus.org. Emails pass through these services first regardless of spam settings and are subsequently sent through the spam detection engine where per mailbox settings have some effect.
To configure the Barracuda settings for an individual mailbox be sure you are logged into cx.rightnow.com. Then go to Site Tools > Hosting Services > Spam Filtering and select the mailbox you want to configure. Any of the specific filter locations can be used. Note: A contact must be designated as a Technical Support Contact to have access to this portal.
The Spam Filtering PDF provides images of the Barracuda Email Security Gateway portal.
After logging in, select a site, mailbox and filter from the drop down menus available and click Submit.
If your mailbox has a domain such as firstname.lastname@example.org where the 'va' within the domain is the server or pod for which your mailbox is hosted, you will have access to this specific barracuda and may not have access to other barracudas. All mailboxes with a reply-to address with the general @custhelp.com domain (such as email@example.com) attempt to login to the Amsterdam barracudas.
You can tell where the mailbox is hosted by checking the POP Server field as configured in your OSvC site. The POP Server will indicate something like "mailgbXX" or "mailvaXX" to indicate whether the mailbox is in Great Britain or Virginia respectively.
If your Spam filter has been updated the old filter is available as <mailbox>@mailXX-legacy.custhelp.com. You can log into this filter to retrieve past filter settings as changes may not be carried forward with spam filter updates.
Email Scoring: Each email sent to the mailbox is given a Barracuda Spam Score. The spam score determines how the email will be handled. Depending on how you configure the filtering for your mailbox, incoming emails can be tagged, quarantined, or blocked entirely. The score for the email is compared to the Tag Score, Quarantine Score, and Block Score that are set on the Preferences: Spam Settings page.
The Barracuda Spam Score is included in the email header. To enable email headers in your Oracle Service Cloud application, you must enable the EGW_SAVE_EMAIL_HEADERS configuration setting which is accessed from the Configuration Editor. For more information on this setting, refer to Using email headers for troubleshooting in OSvC.
By default, Spam filtering is enabled for each mailbox. This is due to the Block Score being set to 9 on the Preferences: Spam Settings page. The default settings for each mailbox is set to have the quarantine feature disabled (set to 10). The quarantine feature is set on the Preferences > Quarantine Settings tab.
The score defaults for the mailbox are set to tag an email with a spam score of 3.5. As a result, incidents created from emails with a score higher than 3.5 will include #TAG# in the Summary of the incident.
Description of Spam Filtering Pages
For each mailbox, you can access and configure the following pages and funtionality. For more information, refer to Barracuda Email Security Service User Guide.
When you first click Login for a mailbox, there are two tabs available -- Quarantine Inbox and Preferences. By default, when you first login to a mailbox, you are on the Quarantine Inbox page. This page lists quarantined messages as defined from the Preferences > Quarantine Settings page which is listed below.
If the Quarantine feature is enabled, quarantined messages will be listed in this area. To view a quarantined message, click anywhere in the row that lists the message. This will pop up a new window containing the message. From this window, you can click View Source to see the message headers.
If you determine that the message is spam, it is suggested that you click the check box on the left end of the row and then click the Spam button to classify it as such. This helps build a database of messages that look like spam to help future classifications. Similarly, you can check the box on the left and click Not Spam as an indication of message types that are not spam. When you click Not Spam, the message is also delivered to the mailbox.
Spam emails are in the quarantine queue for two weeks. During that time, it is your responsibility to empty the queue by either deleting the email or delivering the message into the hosted mailbox (which will create the incident in your Oracle Service Cloud application). Email left in the queue for two weeks are automatically deleted.
The timeline towards the top of the page is an indicator as to when the quarantined messages were received. If no quarantined messages have been received, the timeline dates to 1969 based on a UNIX timestamp.
PREFERENCES: Whitelist / Blocklist
To modify your whitelist or blocklists, click the PREFERENCES tab at the top of the page. The first option available is the Whitelist/Blocklist page. This option allows you to manage both white lists and block lists for the mailbox. The blocklist feature is the same as the Discard Addresses field that is configured for mailboxes within your Oracle Service Cloud application through the Mailboxes table.
The whitelist option is used to explicitly state addresses from which email will be accepted. This is typically used for addresses that have had items quarantined in the past, and those items were determined to not be spam. That is, if certain email addresses typically have quarantined messages that you determine to not be spam, you can add that email address to the whitelist so that future messages from that address are not quarantined and are allowed in to the box.
Note: Email addresses are added individually to the white list or block list feature. It is not possible to upload a group of email addresses into either list.
PREFERENCES: Quarantine Settings
Also on the Preferences tab, the Quarantine Settings option allows you to specify whether the quarantine is enabled and to set up your quarantine inbox and whether notifications will be sent.
By default, the Quarantine feature is disabled due to a default setting of 10. If you wish to enable the quarantine feature, click Yes for the Enable Quarantine field and then click Save Change in the heading for that section (the top Save Changes button). You must then adjust the Quarantine spam score, listed under Spam Settings, to anything lower than 10.
Note: If you change a setting on this page, you must also click Save Changes on the right side of the section heading in order to register those changes.
If the quarantine feature is disabled, messages will be processed by techmail and will create incidents at the Support Console, but the Subject line of the incident will be tagged with [QUAR] for the emails that have a score that is greater than the Quarantine Score as configured in the Spam Settings.
You can also specify where and how often to send notifications regarding new quarantined messages. By default, notifications about the quarantine will be sent to the default mailbox to generate an incident in your site. If you would like these notifications to go to someone else or to a mailing list, you can enter that address in the Notification Address field and then click Save Changes.
PREFERENCES: Spam Settings
The Spam Settings option on the Preferences tab allows you to disable filtering for a specific mailbox if you do not want to filter your mail. You can edit the Enable Spam Filtering field and then click Save Changes.
Note: If you change a setting or score on this page, you must also click Save Changes on the right side of the section heading in order to register those changes.
To quarantine spam messages, you must set the Use System Defaults field to No in the Spam Scoring section and then click Save Changes. Then, you can modify the three scoring options in the lower part of the Spam Scoring section.
Each email submitted is assigned a score from 0 to 10 as an indicator related to spam, with higher scores indicating that the email is likely spam. Based on the score for the email and how it compares to the three thresholds below, you can tag, quarantine, or block email.
The Tag Score specifies the value at which incidents are submitted into the hosted mailbox, but the Subject line is flagged with a prefix of #TAG#. This indicates the threshold at which you would like incoming email incidents to be flagged for further evaluation, but you do not necessarily want them quarantined or blocked.
The Quarantine Score is the value at which incoming emails are quarantined in the Quarantine Inbox if Quarantine is enabled. If Quarantine is not enabled, incoming email that exceeds this score is flagged with a prefix of #QUAR# so that these incidents can easily be seen from the Support Console.
The Block Score indicates the value at which emails are blocked completely and discarded.
Note: To disable any of these three options, set the Score value to 10 and click Save Changes.
With regard to blocking mail, the Barracuda application lists a recommended Block Score of 7, which would block emails that have a score higher than 7. However, for your hosted mailboxes, Oracle Service Cloud recommends a different approach, in that, the block score is initially set higher.
Oracle Service Cloud recommends that initially, only those with a block score higher than 9 be removed. Note, such messages will be permanently removed and not delivered. To further fine tune filtering, slowly drop the Quarantine Score until you find an appropriate balance where spam is not being delivered to your inbox and few if any messages are being kept in the quarantine. At that point, if you wish, you can lower the Block Score value so that the emails that are being quarantined are instead blocked completely.
Virus Filtering: Note that virus filtering is handled separately from the Barracuda application. Virus filtering is enabled by Oracle. These messages are blocked outright and will not be visible in the quarantine for delivery. For more information on virus filtering with hosted mailboxes, refer to Answer ID 92: Virus Scanning on Oracle Service Cloud Hosted Mailboxes.
Known Spam Signatures: In addition to the filtering options, some spam filtering is automatically enabled for all customers. Barracuda Networks has a list of spam definitions that are updated hourly containing a list of URLs that show up in email that are known signatures of spam. Any message containing these URLs is automatically classified as spam and is blocked -- even if the Enable Spam Filtering option is turned off. Barracuda calls this "Intent Analysis".
Filtering of Invalid Domains: All email coming into mailboxes hosted on our servers comes through a spam filtering server. This server requires all email to come from valid domains. This server cannot be configured to accept email coming from invalid domains. As a result, if you have previously forward email into your OSvC hosted mailbox from an address with an invalid domain, those emails are now automatically rejected.
Quarantine Notification: To modify the email address where quarantine notifications are sent, click the Preferences tab and click the Quarantine Settings option. Enter the email address (or mailing list address) in the Notification Address field and click Save Changes.
Features Within the Oracle Service Cloud Application: In addition to this Barracuda Spam filtering, there are several configuration settings and features within your OSvC application that can be enabled which prevents email from creating new incidents. For more information on these features, refer to Answer ID 2100: Why aren't emails creating incidents?.
Limited Connection Threshold: The OSvC FIlter Service has an established connection threshold present to protect the overall stability of the filter service.