The Spam Quarantine is where messages classified as spam are held for delivery until they are released by you. We frequently get questions about quarantine reports, how they work, set up, management etc. Here is a list of the most frequently asked questions with full answers provided.
Q: How can I enable the “Quarantine Report E-Mail” for all users? I can only find it under the domain end user policies.
A: Users are created automatically and will inherit their settings via the Domain Policy. You can enable email reports for the Domain via the API if you have a lot of them.
Q: Is it possible to schedule a quarantine report for more than once a day ?
A: No once a day is max… users can request an on demand quarantine report from the bottom of their quarantine report
Q: Is it necessary for the users to get the quarantine report or can I decide that I don’t want the user to receive it
A: You can disable the quarantine report for a user on antispam engine -> user policies
Q: If I click deliver on a spam email by accident in the quarantine report, what will happen.
A: The message will be delivered to your inbox.
Q: What elements of the quarantine report can be branded and what’s the best way to do it.
A: You can attached a company logo to the quarantine report at – quarantine -> settings. More whitelabelling is scheduled in later releases.
Q: I would like to keep as many true spam positives out of the quarantine report as much as possible, I have set my “Discard Spam scoring above:” set to 20, and I am wondering if this is correct and what I can do to keep quarantined email low, and false positives low at the same time.
A: That is correct, you can also specify that the report should only contain mail below an additional threshold, say 14 which will help keep the report small.
Q: Is it possible to modify the PDF reports to include our own company logo as can be done for the UI and user quarantine emails?
A: No, this is not possible, a pdf is not an editable document.
Q: I wonder is it possible to block messages based on country of origin.? If our organization doesn’t do any business at all with certain countries and we only receive spam and viruses from them, can we quarantine all messages from those countries somehow.
A: It’s probably not 100% reliable, but it is possible to determine the geo-location of an IP address; but rejecting mail based solely on country of origin would not be recommended. Quarantining would be less drastic and we may look at adding the functionality to add rules to check for country of origin.
Q: How do I turn off sender notification for viruses, banned attachments, etc?
A: SpamTitan employs the following principles when dealing with send notifications (DSN): No DSN is sent if a virus is detected. DSN is sent for banned attachments. If the message is marked as spam *and* the score is less than 10 then a DNS is sent. This is to allow legitimate senders know that their message was blocked as a false positive. In a quarantine environment it could be argued that no false positives will ever be lost (since users can release FPs) so there isn’t really a need for any DSN.
Q: Is the Quarantine report unlimited in the amount it can contain?
A: The size of the report is limited (hard-coded) to 500 messages. You should delete old quarantined messages and/or configure your profile to deliver only new quarantine items since last report
Q: Is it possible to increase the 500 spam mail limit for the quarantine report ?
A: Not from the user interface. Sending reports with more than 500 items doesn’t make sense from a users point of view. Also, if the message is that big, there is a high probability of it being rejected by your email server. What you could do to ensure smaller reports, is not bother to quarantine if a spam message scores above a certain threshold (for instance, its extremely unlikely to have a false positive scoring above say 20). You can control this setting on a per-user/domain basis from the policies page. This will ensure that the reports are smaller.