How to deal with SPAM email?

Spamming is the use of any electronic communications medium to send unsolicited message in bulk. HKBU started to provide anti-spamming service to staff and student community in November 2004 and March 2005 respectively. All messages addressed to domain will pass through the ITO e-mail spam filtering server before delivered to the users.

HKBU has subscripted the Cisco IronPort Email Security Appliance to guard against spamming. At present, the service has two mode, tag-and-pass or quarantine, depends on the level of score which analysis by the anti-spam engine. When suspicious spam messages are detected, instead of delivering them to the recipients’ mailboxes, they will be quarantined in another restrict area. ITO will send a notification mail to each individual user about their quarantined messages.

For details, please refer to the Email Anti-Spamming System User Guide.

Questions Answers
In the quarantine mode, when will the notification mail of the quarantined messages be issued? The notification mail will be sent out at around 6:00 a.m. daily. It shows the details of sender, subject title.
When I find messages that are wrongly quarantined of treating as spam mail, how can I obtain these messages back? If you find any messages that are wrongly eliminated, you can get them back through the notification mail by clicking their corresponding “Release” link. After receiving such request, the spam filtering server will release the messages back to your mailbox.
If I do not take any action for claiming those quarantined messages, when will they be removed? As proposed by the IT Users’ Subcommittee, all unclaimed quarantined e-mail will be automatically removed permanently after 10 days. No further claim on the removed messages can be entertained.
What is the “Tag and Pass” mode of anti-spamming service for students? In this mode, the spam filtering server will only stamp with a [SUSPECTED SPAM] tag on the subject title for the suspected spam messages. It will continue to deliver the messages to the recipients’ mailboxes.
What is the purpose of having a [Spammail] tag on the subject title? When retrieving the mail, users will be alerted with those mails that are classified as spam mail and then decide the respective deletion process if they wish.
Is there any people to read my email content during the anti-spamming process? The whole filtering process is automatically handled by machines without any human intervention. The contents could therefore not be viewed by anybody.
What should you do if your good email has been marked as spam or your spam email has not been marked at all? Cisco IronPort has two email addresses that can be used to report false- positives and false-negatives.
  1. Report undetected spam to:
  2. Report false-positives to:

IMPORTANT: You must include the full email header. The full header looks like this:

Received: from ( by  ( with Microsoft SMTP Server id; Fri, 19 Dec 2014  09:39:13 +0800 Received-SPF: SoftFail ( domain of transitioning discourages use of as permitted sender)Received-SPF: None ( no sender authenticity  information available from domain of  identity=pra; client-ip=;;  envelope-from=””;  x-sender=””;  x-conformance=sidf_compatible Received-SPF: Pass ( domain of designates as permitted sender) identity=mailfrom; client-ip=;; envelope-from=””; x-sender=””; x-conformance=sidf_compatible; x-record-type=”v=spf1″Received-SPF: None ( no sender authenticity information available from domain of identity=helo; client-ip=;;   envelope-from=””; x-sender=””; x-conformance=sidf_compatible Authentication-Results:; dkim=pass (signature verified) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result:  X-IPAS-Result: X-IronPort-AV: E=Sophos;i=”5.07,604,1413216000″;  d=”scan’208″;a=”57560233″ Received: from ([])  by with ESMTP; 19 Dec 2014 09:39:06 +0800 Received: by with SMTP id hy4so27872vcb.30  for <>; Thu, 18 Dec 2014 17:39:04 -0800 (PST)DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; mime-version:date:message-id:subject:from:to:content-type  bh=sHQs/KRVHrYg== MIME-Version: 1.0 X-Received: by with SMTP id xq10mr1754235vcb.24.1418953144763;  Thu, 18 Dec 2014 17:39:04 -0800 (PST)  Received: by with HTTP; Thu, 18 Dec 2014 17:39:04 -0800 (PST) Date: Fri, 19 Dec 2014 09:39:04 +0800  Message-ID:> Subject: test  From: Google  To: HKBU ITO  Content-Type: multipart/alternative; boundary=”001a11364ca4258c03050a87c6ba”  Return-Path: X-MS-Exchange-Organization-AuthSource:  X-MS-Exchange-Organization-AuthAs: Anonymous  X-MS-Exchange-Organization-PRD:  X-MS-Exchange-Organization-SenderIdResult: SoftFail  X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;1;0;0 0 0 X-EsetId: C6EABA3DB895353192ADE2

Full headers must be included if you are reporting improperly marked email to Cisco Ironport. Failure to include the full header will result in your submission being ignored.