Viewing the sender reputation statuses
The FortiMail unit tracks SMTP client behavior to limit deliveries of those clients sending excessive spam messages, infected email, or messages to invalid recipients. Should clients continue delivering these types of messages, their connection attempts are temporarily or permanently rejected. Sender reputation is managed by the FortiMail unit and requires no administration.
Monitor > Sender Reputation > Display displays the sender reputation score for each SMTP client.
To access this part of the web UI, your administrator account’s:
- Domain must be System
- access profile must have Read-Write permission to the Policy category
For details, see “About administrator account permissions and domains” on page 290.
For more information on enabling sender reputation and configuring the score thresholds, see “Configuring sender reputation options” on page 485.
To view the sender reputation scores, go to Monitor > Sender Reputation > Display.
Figure 75:Display tab
Table 17:Viewing the sender reputation statuses
|Click to filter the displayed entries. For more information, see “Filtering sender reputation score entries” on page 199.|
|IP||The IP address of the SMTP client.|
|Score||The SMTP client’s current sender reputation score.|
|State||Lists the action that the sender reputation feature is currently performing for delivery attempts from the SMTP client.
• Score controlled: The action is determined by comparing the current Score value to the thresholds in the session profile.
|Last Modified||Lists the time and date the sender reputation score was most recently modified.|
Sender reputation is a predominantly automatic antispam feature, requiring little or no maintenance. For each connecting SMTP client (sometimes called a sender), the sender reputation feature records the sender IP address and the number of good email and bad email from the sender.
In this case, bad email is defined as:
- Unknown recipients
- Invalid DKIM
- Failed SPF check
The sender reputation feature calculates the sender’s current reputation score using the ratio of good email to bad email. and performs an action based on that score.
The FortiMail unit calculates the sender reputation score using statistics up to 12 hours old, with more recent statistics influencing the score more than older statistics. The sender reputation score decreases (improves) as time passes where the sender has not sent spam. The score itself ranges from 0 to 100, with 0 representing a completely acceptable sender, and 100 being a totally unacceptable sender.
To determine which action the FortiMail unit will perform after it calculates the sender reputation score, the FortiMail unit compares the score to three score thresholds which you can configure in the session profile:
- Throttle client at: For scores less than this threshold, senders are allowed to deliver email without restrictions. For scores greater than this threshold but less than the temporary fail threshold, senders are rate-limited in the number of email messages that they can deliver per hour, expressed as either an absolute number or as a percentage of the number sent during the previous hour. If a sender exceeds the limit and keeps sending email, the FortiMail unit will send temporary failure codes to the sender. See descriptions for Temporary fail in “Configuring sender reputation options” on page 485.
- Temporarily fail: For scores greater than this threshold but less than the reject threshold, the FortiMail unit replies to senders with a temporary failure code, delaying delivery and requiring senders to retry later when their score is reduced.
- Reject: For scores greater than this threshold, the FortiMail unit replies to senders with a rejection code.
If the SMTP client does not attempt any email deliveries for more than 12 hours, the SMTP client’s sender reputation entry is deleted, and a subsequent delivery attempt is regarded as a new SMTP client by the sender reputation feature.
Filtering sender reputation score entries
You can filter sender reputation score entries that appear on the Display tab based on the IP address of the SMTP client, the score, state, and date/time of the last score modification.
To filter the sender reputation score entries 1. Go to Monitor > Sender Reputation > Display.
- Click Search.
A dialog appears.
Figure 76:Search dialog
- Configure one or more of the following:
|Field||Select one of the following in the entries that you want to use to filter the display.
• Last Modified
|Operation||Select how to match the field’s contents, such as whether the row must contain the contents of Value.|
|Case Sensitive||Enable for case-sensitive filtering.|
|Value||Enter a pattern or exact value, based on your selection in Field and Operation.
• IP: Enter the IP address of the SMTP client, such as 172.16.1.10, for the entry that you want to display.
• Score: Enter the minimum and maximum of the range of scores of entries that you want to display.
• State: Select the State of entries that you want to display.
• Last modified: Select the year, month, day, and/or hour before or after the Last Modified value of entries that you want to display.
Blank fields match any value. Regular expressions and wild cards are not supported.
- Click Search.
The Display tab appears again, but its contents are restricted to entries that match your filter criteria. To remove the filter criteria and display all entries, click the Display tab to refresh its view.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos