Jump to content

Policy not whitelisting spam


Recommended Posts

Hi - I have raised a ticket but no response yet for this.

 

I have configured a domain (example.com) within an approved sender list which is applied via a policy to a tenant.  I know the policy is applied as it is applying the text to the subject line as part of the policy.

 

Despite the domain being applied in the approved sender list as "@example.com" 12 hours ago, emails from the domain are continuing to be marked as spam and moved to Junk.  

 

Any ideas of how to stop this happening?  It is causing huge impact due to some automated systems booking overnight freight.  

 

I can see in ECOS "Detections" ECOS is still recognising as SPAM and moving to Junk.  See filtered logs in screenshot.  

 

Any thoughts?

Chris

Capture.JPG

Link to comment
Share on other sites

72 hours later the policy kicked in, I guess ECOS is very slow to update.

 

Concerning absolutely nothing from support!

Link to comment
Share on other sites

Problem is back again!  Seems to be emails with attachments going to Spam despite the policy!

 

Anybody able to help?  On the verge of getting rid of the entire solution as there seems to be no support whatsoever :(

Link to comment
Share on other sites

  • ESET Moderators

Hello @Chris_AIS,

In urgent cases I would recommend to call the support after opening a ticket.

What is your ticket ID and when you opened it?

Tech support is usually being provided during the business hours and it may take some time to be processed, especially if they need to check it with ESET HQ support or even dev level support...

Regards, Peter

Link to comment
Share on other sites

Hi Peter,

 

Thanks for your reply, ticket is 00184548 and it was opened on Friday.  I have not seen any phone number for ESET support?

 

Cyber security is required at weekends as well as working hours, and i would expect any cyber security provider to cover these hours.  I have had to disable ECOS until I can get some kind of ESET support (still not answer).  I sugggest ESET need to review these hours since the launch of ECOS, as it may be possible to disable AV on endpoints for a few days but central solutions such as ECOS should not be disabled every time an issue develops due to lack of support :(

 

I did some digging at the weekend and the SPF records for the sender are wrong, however this is via a long chain of suppliers so i have no ability to contact their IT.  Surely my whitelisting on ESET should be able to resolve this?  ESET ECOS says the sender is on a cloud blacklist however i suspect this is ECOS wording for "failed SPF".

 

Thanks

 

Chris

Link to comment
Share on other sites

  • ESET Moderators

Hello Chris,

 

we have a Premium support service for customers who need such high level of support availability and quality.

The phone contact on your local ESET support is available on local support site.

As it seems you have a bank holiday today, I would recommend to call them tomorrow during the business hours...

 

Regards, Peter

Link to comment
Share on other sites

  • ESET Moderators

Hello @Chris_AIS,

thank you for the update.

In that case, they should escalate it to HQ support, which may contact the developer level support, if needed.

So it may take some time...

 

Please keep us posted,

Peter

Link to comment
Share on other sites

Several weeks into this I finally got a response asking for the email domain, which was provided in the original ticket.

 

Starting to think this ECOS product and its support levels are not fit for purpose....

I have had to leave it turned off for weeks, which leaves my clients without their contractual levels of Cyber security.  Terrible.

Edited by Chris_AIS
Link to comment
Share on other sites

  • ESET Staff

Hi,

the problematic domain you reported has been already removed from the cloud blacklist. The quickest way to solve such cases is to send the email sample to nospam_ecos@eset.com (https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab#spam) as those are handled almost immediately.
Also based on the sample we have identified a problem in the algorithm that selects the sender's address from email headers in some cases (Return-path: header), and it will be also addressed by an automatic update.

Regards, Matej

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...