Configuring the Anti-Spam Blade Control

In the Threat Prevention > Anti-Spam Blade Control page you can activate the Anti-Spam engine to block or flag emails that are contain known or suspected spam content.

On this page you can activate the blade to identify, block or flag such emails or set it to detect mode only and use the logs to understand if your system is experiencing spam attacks.

Check Point can identify spam emails by their source address (most spam emails) and also the email content itself. You can configure the system to simply flag emails with spam content instead of blocking them and then configure your internal email server to use this flag to decide how to handle them. A common use case for this flag is if you do not want to lose emails that are suspected of spam. The content of emails is inspected in the cloud and the appliance is notified how to handle the emails.

You can handle suspected spam the same way as known spam, or select the checkbox to handle suspected spam separately (see below).

To enable or disable Anti-Spam:

  1. Select On or Off.

  2. Click Apply.

Note - When the blade is managed by Cloud Services, a lock icon is shown. You cannot toggle between the on and off states. If you change other policy settings, the change is temporary. Any changes made locally will be overridden in the next synchronization between the gateway and Cloud Services.

To configure the Anti-Spam engine to work in detect only mode:

  1. Select the Detect-only mode checkbox.

  2. Click Apply.

In Detect-only mode, only logs appear and the blade does not block any emails.

To configure the Anti-Spam Policy:

The spam filter is always based on inspecting the senders' source address. This is a quick way to handle the majority of spam emails. In addition, you can configure to filter the rest of the spam emails by inspecting the email content. Make sure the Email content checkbox is selected. Select the action to perform on emails whose content was found to contain spam:

  • Block spam emails

  • Flag spam email subject with X - Replace X with manually defined text to add to the subject line for spam emails.

  • Flag spam email header - This option identifies email as spam in the email message header.

Select the relevant tracking option - Log or Alert (shown as a highly important log).

To handle suspected spam separately from known spam:

  1. Click Handle suspected spam separately.

  2. Select an option: block, flag email subject, or flag email header.

    When selecting a flag option, it is possible to modify the text string used to flag the suspected spam emails.

    The default is "[SUSPECTED SPAM]". You can choose the flag option for Spam and for Suspected Spam.

    Use this option to have a different string for the flag action.

  3. Select a tracking option.

  4. Click Apply.