Phone Lines icon GFI Support Home

Articles in this section

See more

Suggested Filter adjustment in GFI MailEssentials for dealing with ATO Spam emails

Author: Luis Fernandes

Answer

PROBLEM

Receiving  large quantity of SPAM emails appear to come around from the ATO. Example emails are similar to the description provided by the recent ATO online article, http://www.ato.gov.au/onlineservices/distributor.aspx?menuid=0&doc=/content/62347.htm&page=7#P224_10964, but can differ in content. 

ENVIRONMENT

  • GFI MailEssentials
  • All supported environments

SOLUTION

Note: The details below are suggestions which we have found effective. It is possible there are other adjustments which could be equally efficient. 
  1. Open MailEssentials Dashboard and find anything that is from ATO matches the description here: http://www.ato.gov.au/onlineservices/distributor.aspx?menuid=0&doc=/content/62347.htm&page=7#P224_10964
  2. There should be a few spoofed email accounts from ATO the Spammers are using:
    • admin@ato.gov.au
    • info@ato.gov.au
    • subscribe@ato.gov.au
    • noreply@ato.gov.au
    • donotreply@ato.gov.au
    • (There are the ones we are aware of, there might be more)
  3. Confirm the email senders you found in step 1 and see if any of them come from the ones listed in step 2.
  4. If so, are these senders being whitelisted? You can determine if they are by looking at the description of the email in MailEssentials Dashboard.
  5. If they are whitelisted in Dashboard, please navigate to GFI MailEssentials Configuration > Whitelist > Properties > Whitelist Tab > In the Search field type in the send email addresses you found from ATO
  6. Remove the whitelist entry, if it exists
  7. Navigate to GFI MailEssentials Configuration > Filter Priority > Properties > adjust the filters by using the UP and DOWN arrow. The most important ones you can utilize are:
    • Sender Policy Framework
    • SpamRazer
    • Phishing
    • IP DNS Blocklist
    • Note that MailEssentials 2012 does not have a separate Sender Policy Framework filter; it has been rolled into the Spamrazer filter.
  8.  Here is an example list for your consideration:
    • Essentially, what we suggest is that you have the filters mentioned in step 7 to be on higher position in the priority list:
      • Directory Harvesting
      • Greylist
      • SpamRazer
      • Sender Policy Framework
      • IP DNS Blocklist
      • Phishing
      • IP Whitelist
      • Keyword Whitelist
      • Email Blocklist
      • Email\Domain\Auto Whitelist
      • URI DNS Blocklist
      • Bayesian Analysis
      • Header Checking
      • Keyword Checking
  9. Navigate to GFI MailEssentials Configuration > Anti-Spam Filters > SpamRazer > Properties > Updates Tab > click Download updates now and a message will pop up confirming it is running successfully in the background
  10. Navigate to GFI MailEssentials Configuration > Anti-Spam Filters > Phishing > Properties > Updates Tab > click Download updates now and a message will pop up confirming its progress and acknowledge its completion

CAUSE

ATO entries in the whitelist and inaffective filter priorities.

Related articles