Hi,
in the current state, the Symantec Messaging Gateway behaves as follows:
1. You have a policy for "Symantec Global Bad Senders" with an action "Reject SMTP Connection"
2. However, in some cases, the gateway accepts the message and only later finds out that it was sent from a blacklisted source. At this point, it can no longer reject the message, so it just deletes it ("static delete" action in the tracking log).
The behaviour above is understandable (and was confirmed by Symantec support), but really not ideal. When the message is rejected - the sender gets a message "You are not allowed to connect". This is very much different than dropping the email silently without telling anyone, which unfortunately happens in some cases now.
My suggestion would be either to:
1. send a notification to senders of the emails from blacklisted sources, where the message can't be rejected anymore because it was already accepted
or
2. create a report functionality, so that you can schedule reports of emails which were deleted because of the "Symantec Bad Senders" verdict
or
3. make the action for these kinds of emails configurable, so we can change it to something else than "Delete"
Any of these options would improve the current situation, though I'd prefer the option 1 or 2. At the moment - Symantec has blacklisted some of the IP addresses used by the German instance of Microsoft Office 365 for example, so emails from legitimate sources are being deleted and the senders have no information about it.
Best regards,
Václav Měch
