I got bombarded by SPAM emails after switching to Amazon WorkMail. It looks like the SPAM filter does not work at all! Here is what I have done: 1. I configured all DNS records (I'm using external DNS service not Amazon Route 53) that are required by WorkMail, everything is "verified" and green. 2. DMARC enforcement is enabled under "Organization settings" DMARC tab. 3. In Amazon SES, "Email Receiving", I saw the "INBOUND_MAIL" rule added by WorkMail, the "Spam and virus scanning" is enabled and TLS required box is ticked. I still get a lot of spam emails. Some emails are obvious spam, for example, an email from a non-exist user of my own organization domain, the DMARC should easily detect this but it's not. Any suggestion to make the spam filter work in Amazon WorkMail?

Hi, It sounds like [DMARC enforcement](https://docs.aws.amazon.com/workmail/latest/adminguide/inbound-dmarc.html) is not enabled on your organization. Once enabled it should honor the DMARC rules set by the domain owner. Kind regards, Robin

Amazon WorkMail SPAM filter is not working

I got bombarded by SPAM emails after switching to Amazon WorkMail. It looks like the SPAM filter does not work at all!

Here is what I have done:

I configured all DNS records (I'm using external DNS service not Amazon Route 53) that are required by WorkMail, everything is "verified" and green.
DMARC enforcement is enabled under "Organization settings" DMARC tab.
In Amazon SES, "Email Receiving", I saw the "INBOUND_MAIL" rule added by WorkMail, the "Spam and virus scanning" is enabled and TLS required box is ticked.

I still get a lot of spam emails. Some emails are obvious spam, for example, an email from a non-exist user of my own organization domain, the DMARC should easily detect this but it's not.

Any suggestion to make the spam filter work in Amazon WorkMail?

rePost-User-0330655
a year ago
More information: I opened the spam email in a text editor, and it shows below in the mail header:

X-SES-Spam-Verdict: PASS X-SES-Virus-Verdict: PASS Received-SPF: softfail (spfCheck: transitioning domain of <my domain> does not designate 88.209.254.24 as permitted sender) client-ip=88.209.254.24; envelope-from=Noreply@<my domain>; helo=kxaeyoak.americamidol.com; Authentication-Results: amazonses.com; spf=softfail (spfCheck: transitioning domain of <my domain> does not designate 88.209.254.24 as permitted sender) client-ip=88.209.254.24; envelope-from=Noreply@<my domain>; helo=kxaeyoak.americamidol.com; dmarc=fail header.from=<my domain>; X-SES-RECEIPT: AEFBQUFBQUFBQUFFUEJKYXA4c2wxd214NFBjTVQ3UU8vMlRkUkdnY2t2b2E2UHZVQ2lQNXZ2SGJpbzRqNTF2QVJnc1VtRitCZ2hHMDhHYW5KY0pPNFROdFFndGc2cU5tRnVjbUM1bGdGeDVLRnpDdExxSUs4VWs0LzJuZjVnY2pRVXlXODJ6RWVGS0V5dTN6aVNrSFBqMnpIQUJPVUd6RmJrcW1BYmRIYlVQQ2c3Q0xXTUZVU2tWbWVQSVg2ZWpvSWI1a3p4STRQNHNXOUlOS2JLMmtRTXhjblJaSWJaT3ZpUTRLQTVTQ0xuMnFXT0lhaVRrRGxNdlU0ZG1ucnB1SERrNkFvSHhYM0N3eGEyUExCNVkwMlpDMndkOVZYSDQrdHQ4aEpBZ0RwWHZwaWRKSzRiMUY4c0E9PQ== X-SES-DKIM-SIGNATURE: a=rsa-sha256; q=dns/txt; b=JOl0gyYOa2Clwbc4Z/rI0Zyy9WKM/iXVKQLL1kJS3EjrioyvdzWBqFgybB59NrPRcoRach8APNSpIGCopdmddBG4Tn.....

So it looks like DMARC detects the sender as invalid, but why does it still allow this spam email to come into my inbox, not the junk mail folder? By the way, the spam email was received in a group email (virtual account) and distributed to every member of the group.

Topics

Front-End Web & Mobile Business Applications

Relevant content

AWS WorkMail Spam filter too sensitive
Accepted Answer
lpyfm
asked 2 years ago
All workmail emails go into spam for all prividers
Accepted Answer
12chairs
asked 11 days ago
Are there plans to improve spam filtering in WorkMail?
QuantumHobbyist
asked 2 years ago
So much spam incoming to WorkMail
eakm
asked 2 years ago
Why are the source filter conditions in my AWS DMS task not working?
AWS OFFICIALUpdated 2 years ago
Why are the emails that I send using Amazon SES getting marked as spam?
AWS OFFICIALUpdated 2 years ago
How do I stop receiving email spam?
AWS OFFICIALUpdated a year ago
How do I make sure that the email that I received is actually from Amazon?
AWS OFFICIALUpdated a year ago
Why do I get an error "The snapshot is currently in use by AMI" when I try to delete an EBS snapshot, even though there is no AMI on the account?
EXPERT
dnyanesh-db
published 4 months ago
A First Look at AWS CloudFormation IaC Generator
EXPERT
Patrick Kremer
published 3 months ago