A security administrator notices that a significant volume of spam is bypassing the Cisco ESA's anti-spam filters. Upon investigation, they find that the messages have a mid-range SBRS score of 5.0. Which action should the administrator take to improve spam detection?
Trap 1: Change the SBRS score interpretation to positive
The SBRS score interpretation is fixed; negative indicates spam, positive indicates legitimate.
Trap 2: Increase the SBRS threshold to 7.0
Increasing the threshold would allow more spam through, as only messages with very high scores would be considered legitimate.
Trap 3: Disable SenderBase reputation checks
Disabling reputation checks would remove a key anti-spam mechanism, likely increasing spam.
- A
Change the SBRS score interpretation to positive
Why wrong: The SBRS score interpretation is fixed; negative indicates spam, positive indicates legitimate.
- B
Lower the SBRS threshold to 3.0
Lowering the threshold causes the ESA to treat messages with lower SBRS scores as spam, improving catch rates.
- C
Increase the SBRS threshold to 7.0
Why wrong: Increasing the threshold would allow more spam through, as only messages with very high scores would be considered legitimate.
- D
Disable SenderBase reputation checks
Why wrong: Disabling reputation checks would remove a key anti-spam mechanism, likely increasing spam.