Created on 02-25-2013 09:01 AM Edited on 06-02-2022 09:24 AM By Anonymous
It is possible to send samples of unsolicited bulk email messages (spam) to Fortinet FortiGuard service for analysis, using an email address alias firstname.lastname@example.org .
However, some FortiMail customers (typically with a larger user base) have an internal email alias, responsible for receiving spam samples from internal users. In such cases, this alias is also directly responsible to aggregate and submit spam to FortiGuard for further analysis.
However, as a direct result of this particular operational flow, it is often impossible to properly complete an automated spam analysis of the forwarded spam sample, because the original spam message is encapsulated as an attachment into another email message, and this message is again included as an attachment of the final message, sent to FortiGuard.
To highlight the example scenario:
1. Enterprise customer: Company with a domain name example.com has an internal spam-report email alias Spam@example.com, which is used company-wide by internal users to report spam. The original spam message is sent as an Outlook attachment/item to this alias.
2. Spam@example.com will then take that message (including the attachment) from its Inbox, attach the whole message again as an Outlook attachment/item to a new message, and send it to FortiGuard at email@example.com .
Submitting spam samples directly to FortiGuard team is a process defined at the following link: http://www.fortiguard.com/static/antispam.html
Set Outlook to forward email as original attachment by
From now on, you can simply click "Forward" button in Outlook and put firstname.lastname@example.org to "To:" address to submit a spam.
However, in the scenario above (step 1, followed by step 2), FortiGuard systems do have issues parsing the nested submissions properly, since the original spam message is nested within two email messages at the time of receipt by FortiGuard.
As a standard, the FortiGuard Spam Collection Engine assumes that RFC822 MIMEs in the first level contain the original spam email message, so nested / double-attached spam samples (as would be the case in the above example) cannot be parsed properly. If the scenario above reflects your Spam management process, please contact your Fortinet TAC/TAM representative. Fortinet will need to make accommodations to properly parse your Spam submission.
In other words: If your Spam submission process looks like this:
Spam admin @ example.com - - > Submits spam sample to Fortinet
with email from - - > Internal end Users
with Spam sample (s) - - > Attached
In these cases, Fortinet will need to make special accommodations to properly parse the spam submissions. In other words, if there is a Central Spam collection alias for your company, responsible for aggregating and submitting spam samples from your internal customers and/or end-users, please let your TAC and/or TAM representative know about your Operational Model so that we can properly parse your spam submission.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.