This section describes administrator-defined and global sender groups, which are applied at the server level for your organization. To allow end users to maintain individual sender lists, enable personal good and bad sender lists by going to Administration > Users > Groups.
Table: Use cases for good and bad sender groups describes why you might want to maintain lists of good or bad senders for your organization and gives examples of patterns that you might use to match the sender.
When evaluating domain name matches, Symantec Brightmail Gateway automatically expands the specified domain to include subdomains. For example, Symantec Brightmail Gateway expands example.com to include biz.example.com and firstname.lastname@example.org, to ensure that any possible subdomains are allowed or blocked as appropriate.
You cannot have the exact same entry in both a good sender group and a bad sender group. If an entry already exists in one group, you see an error message when you try to add the same entry to the other group. If you prefer that an entry in one group appear as an entry on the other, first delete the entry from the group where it currently resides, then add it to the other group.
Incorporating third-party lists adds additional steps to the filter process. For example, similar to a typical DNS query, the IP address of the sending mail server for each incoming message is checked against a DNS list maintained in the third-party database. If the sending mail server is on the list, the mail is flagged as spam. If your mail volume is sufficiently high, running incoming mail through a third-party database could hamper performance because of the requisite DNS lookups. Symantec recommends that you use the Symantec Global Good Senders and Symantec Global Bad Senders groups instead of enabling third-party lists.
When deployed at the gateway, Symantec Brightmail Gateway obtains the physical or peer IP connection for an incoming message and compares it to entries in the good sender and bad sender groups. If a Scanner is deployed elsewhere in your network, for example, downstream from a gateway MTA that is not identified as an internal mail host, Symantec Brightmail Gateway may identify the IP address of your gateway server as a source of spam. You should accurately identify all internal mail hosts that are upstream relative to inbound mail flow from your Symantec Brightmail Gateway appliance.
In addition to internal mail hosts you can add, Symantec Brightmail Gateway includes a series of IP address ranges in the internal hosts list as follows:
Symantec Brightmail Gateway will exclude the IP addresses of internal mail hosts from the following verdicts: