I got bombarded by SPAM emails after switching to Amazon WorkMail. It looks like the SPAM filter does not work at all! Here is what I have done: 1. I configured all DNS records (I'm using external DNS service not Amazon Route 53) that are required by WorkMail, everything is "verified" and green. 2. DMARC enforcement is enabled under "Organization settings" DMARC tab. 3. In Amazon SES, "Email Receiving", I saw the "INBOUND_MAIL" rule added by WorkMail, the "Spam and virus scanning" is enabled and TLS required box is ticked. I still get a lot of spam emails. Some emails are obvious spam, for example, an email from a non-exist user of my own organization domain, the DMARC should easily detect this but it's not. Any suggestion to make the spam filter work in Amazon WorkMail?

Hi, It sounds like [DMARC enforcement](https://docs.aws.amazon.com/workmail/latest/adminguide/inbound-dmarc.html) is not enabled on your organization. Once enabled it should honor the DMARC rules set by the domain owner. Kind regards, Robin

Amazon WorkMail SPAM filter is not working

I got bombarded by SPAM emails after switching to Amazon WorkMail. It looks like the SPAM filter does not work at all!

Here is what I have done:

I configured all DNS records (I'm using external DNS service not Amazon Route 53) that are required by WorkMail, everything is "verified" and green.
DMARC enforcement is enabled under "Organization settings" DMARC tab.
In Amazon SES, "Email Receiving", I saw the "INBOUND_MAIL" rule added by WorkMail, the "Spam and virus scanning" is enabled and TLS required box is ticked.

I still get a lot of spam emails. Some emails are obvious spam, for example, an email from a non-exist user of my own organization domain, the DMARC should easily detect this but it's not.

Any suggestion to make the spam filter work in Amazon WorkMail?

rePost-User-0330655
1 年前
More information: I opened the spam email in a text editor, and it shows below in the mail header:

X-SES-Spam-Verdict: PASS X-SES-Virus-Verdict: PASS Received-SPF: softfail (spfCheck: transitioning domain of <my domain> does not designate 88.209.254.24 as permitted sender) client-ip=88.209.254.24; envelope-from=Noreply@<my domain>; helo=kxaeyoak.americamidol.com; Authentication-Results: amazonses.com; spf=softfail (spfCheck: transitioning domain of <my domain> does not designate 88.209.254.24 as permitted sender) client-ip=88.209.254.24; envelope-from=Noreply@<my domain>; helo=kxaeyoak.americamidol.com; dmarc=fail header.from=<my domain>; X-SES-RECEIPT: AEFBQUFBQUFBQUFFUEJKYXA4c2wxd214NFBjTVQ3UU8vMlRkUkdnY2t2b2E2UHZVQ2lQNXZ2SGJpbzRqNTF2QVJnc1VtRitCZ2hHMDhHYW5KY0pPNFROdFFndGc2cU5tRnVjbUM1bGdGeDVLRnpDdExxSUs4VWs0LzJuZjVnY2pRVXlXODJ6RWVGS0V5dTN6aVNrSFBqMnpIQUJPVUd6RmJrcW1BYmRIYlVQQ2c3Q0xXTUZVU2tWbWVQSVg2ZWpvSWI1a3p4STRQNHNXOUlOS2JLMmtRTXhjblJaSWJaT3ZpUTRLQTVTQ0xuMnFXT0lhaVRrRGxNdlU0ZG1ucnB1SERrNkFvSHhYM0N3eGEyUExCNVkwMlpDMndkOVZYSDQrdHQ4aEpBZ0RwWHZwaWRKSzRiMUY4c0E9PQ== X-SES-DKIM-SIGNATURE: a=rsa-sha256; q=dns/txt; b=JOl0gyYOa2Clwbc4Z/rI0Zyy9WKM/iXVKQLL1kJS3EjrioyvdzWBqFgybB59NrPRcoRach8APNSpIGCopdmddBG4Tn.....

So it looks like DMARC detects the sender as invalid, but why does it still allow this spam email to come into my inbox, not the junk mail folder? By the way, the spam email was received in a group email (virtual account) and distributed to every member of the group.