LevelBlue Named Official Cybersecurity Advisor of the PGA of America. Learn more

Government
Contact Us
Login

USM Anywhere Login

Fusion Platform Login

Support Downloads/Forums Login

MailMarshal Cloud Login
Incident Response
Experiencing a security breach?

Access immediate incident response support, available 24/7

24 HOUR HOTLINES
AMERICAS +1 855 438 4305

EMEA +44 8081687370

AUSTRALIA +61 1300901211

SINGAPORE +65 68175019

Recommended Actions

Government
Contact Us
Login

login

USM Anywhere Login

Fusion Platform Login

Support Download/Forum Login

MailMarshal Cloud Login
Incident Response
Incident Response
Experiencing a security breach?

Access immediate incident response support, available 24/7

24 HOUR HOTLINES
AMERICAS +1 855 438 4305

EMEA +44 8081687370

AUSTRALIA +61 1300901211

SINGAPORE +65 68175019

Recommended Actions

LevelBlue Named Official Cybersecurity Advisor of the PGA of America. Learn more

Cyber Advisory

Managed Cloud Security

Data Security

Managed Detection & Response

Email Security

Managed Network Infrastructure Security

Exposure Management

Security Operations Platforms

Incident Readiness & Response

SpiderLabs Threat Intelligence

View All Services

BY INDUSTRY

BY REGULATION

BY TOPIC

Offensive Security

Solutions to maximize your security ROI

Operational Technology

End-to-end OT security

Microsoft

Unlock the full power of Microsoft Security

Securing the IoT Landscape

Test, monitor and secure network objects

About Us

We reduce cyber risk and build resilience

Awards and Accolades

The most recognized cybersecurity leader

LevelBlue SpiderLabs

Elite global threat experts and intelligence

PGA of America Partnership

Cybersecurity at the championship level

Secure What's Next

Future-proof your organization

LevelBlue Security Operations Platforms

Unprecedented security visibility and control

Security Colony

Cybersecurity threat protection resources

Microsoft

Unlock the full power of Microsoft Security

Technology Alliance Partners

Key alliances who align and support our ecosystem of security offerings

BLOGS

UPCOMING

MEDIA & ASSETS

NOTICES

HELP

LevelBlue Knowledge Base

KB Home Search Latest Additions Most Popular

Knowledgebase

Home » Knowledgebase » MailMarshal (SEG) » HOWTO: How do I set up a Challenge-Response Spam filter?

HOWTO: How do I set up a Challenge-Response Spam filter?

Show/Hide Article Tools

This article applies to:

MailMarshal (SEG)

Question:

How do I set up a Challenge-Response Spam filter?

Procedure:

A Challenge-Response Spam filter will only let email through from known 'good senders'. For unknown users, it will quarantine their email and then challenge them to authorize themselves somehow - typically by answering a simple question in a challenge email sent from MailMarshal to the unknown user. Once the external user has been authorized, MailMarshal can automatically release the originally quarantined email and the same user should not be challenged for authentication again.

Current releases of MailMarshal SEG include default rules to achieve this purpose. These rules make use of the Message Release function.

Customize and enable the rule Challenge-Response by Group or Challenge-Response Block Unknown. These rules hold mail from unknown senders and request a confirmation from the sender.
Enable the Challenge-Response Successful rule. This rule monitors for a confirmation message and releases the original message when the confirmation arrives. It also adds the sender to a list of accepted senders.

For details, see the Default Rules documents for current product versions.

Notes:

There are some pitfalls associated with the Challenge/Response system.

It may block legitimate newsletters or other messages where the sender address is unattended. For this reason it might be a good idea to couple this rule with an end-user Safe Sender list managed via the Web-based Spam console, as well as initial entries in the global accepted list.
Remember that a challenge issued in English will be understood only by users able to read the language. Keep this in mind if you think there is a chance you will have non-English speaking people legitimately sending mail to your organization.
It is a good idea to send as few notifications as possible in response to Spam messages. Frequently the return address is spoofed - it may be an invalid address, or an innocent third party's address. For that reason the default rules are found after all filtering of suspect messages.