Viewing The Sender Reputation Statuses

Viewing the sender reputation statuses

The FortiMail unit tracks SMTP client behavior to limit deliveries of those clients sending excessive spam messages, infected email, or messages to invalid recipients. Should clients continue delivering these types of messages, their connection attempts are temporarily or permanently rejected. Sender reputation is managed by the FortiMail unit and requires no administration.

Monitor > Sender Reputation > Display displays the sender reputation score for each SMTP client.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read-Write permission to the Policy category

For details, see “About administrator account permissions and domains” on page 290.

For more information on enabling sender reputation and configuring the score thresholds, see “Configuring sender reputation options” on page 485.

To view the sender reputation scores, go to Monitor > Sender Reputation > Display.

Figure 75:Display tab

Table 17:Viewing the sender reputation statuses

GUI item Description
Search

(button)

Click to filter the displayed entries. For more information, see “Filtering sender reputation score entries” on page 199.
IP The IP address of the SMTP client.
Score The SMTP client’s current sender reputation score.
State Lists the action that the sender reputation feature is currently performing for delivery attempts from the SMTP client.

•    Score controlled: The action is determined by comparing the current Score value to the thresholds in the session profile.

Last Modified Lists the time and date the sender reputation score was most recently modified.

Sender reputation is a predominantly automatic antispam feature, requiring little or no maintenance. For each connecting SMTP client (sometimes called a sender), the sender reputation feature records the sender IP address and the number of good email and bad email from the sender.

In this case, bad email is defined as:

  • Spam
  • Virus-infected
  • Unknown recipients
  • Invalid DKIM
  • Failed SPF check

The sender reputation feature calculates the sender’s current reputation score using the ratio of good email to bad email. and performs an action based on that score.

The FortiMail unit calculates the sender reputation score using statistics up to 12 hours old, with more recent statistics influencing the score more than older statistics. The sender reputation score decreases (improves) as time passes where the sender has not sent spam. The score itself ranges from 0 to 100, with 0 representing a completely acceptable sender, and 100 being a totally unacceptable sender.

To determine which action the FortiMail unit will perform after it calculates the sender reputation score, the FortiMail unit compares the score to three score thresholds which you can configure in the session profile:

  1. Throttle client at: For scores less than this threshold, senders are allowed to deliver email without restrictions. For scores greater than this threshold but less than the temporary fail threshold, senders are rate-limited in the number of email messages that they can deliver per hour, expressed as either an absolute number or as a percentage of the number sent during the previous hour. If a sender exceeds the limit and keeps sending email, the FortiMail unit will send temporary failure codes to the sender. See descriptions for Temporary fail in “Configuring sender reputation options” on page 485.
  2. Temporarily fail: For scores greater than this threshold but less than the reject threshold, the FortiMail unit replies to senders with a temporary failure code, delaying delivery and requiring senders to retry later when their score is reduced.
  3. Reject: For scores greater than this threshold, the FortiMail unit replies to senders with a rejection code.

If the SMTP client does not attempt any email deliveries for more than 12 hours, the SMTP client’s sender reputation entry is deleted, and a subsequent delivery attempt is regarded as a new SMTP client by the sender reputation feature.

Filtering sender reputation score entries

You can filter sender reputation score entries that appear on the Display tab based on the IP address of the SMTP client, the score, state, and date/time of the last score modification.

To filter the sender reputation score entries 1. Go to Monitor > Sender Reputation > Display.

  1. Click Search.

A dialog appears.

Figure 76:Search dialog

  1. Configure one or more of the following:
GUI item Description
Field Select one of the following in the entries that you want to use to filter the display.

•      IP

•      Score

•      State

•      Last Modified

Operation Select how to match the field’s contents, such as whether the row must contain the contents of Value.
Case Sensitive Enable for case-sensitive filtering.
Value Enter a pattern or exact value, based on your selection in Field and Operation.

•      IP: Enter the IP address of the SMTP client, such as 172.16.1.10, for the entry that you want to display.

•      Score: Enter the minimum and maximum of the range of scores of entries that you want to display.

•      State: Select the State of entries that you want to display.

•      Last modified: Select the year, month, day, and/or hour before or after the Last Modified value of entries that you want to display.

Blank fields match any value. Regular expressions and wild cards are not supported.

  1. Click Search.

The Display tab appears again, but its contents are restricted to entries that match your filter criteria. To remove the filter criteria and display all entries, click the Display tab to refresh its view.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiMail on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.