AntiSpam

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.

Share tech news, updates, or what's on your mind.

Sign up to Post

AV software best compatible with O365. Any suggestion? Local outlook emails? Thanks
0
Protect Your Employees from Wi-Fi Threats
LVL 1
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Phishing scam: "Pending message"- how to set my sonic wall for such type of email. We have O365 email system. Thanks
0
I have a client that sends invoices through Netsuite. The clients domain uses SPF, DKIM, and DMARC. Their DMARC policy is: (v=DMARC1;p=reject;aspf=r;rua=mailto:admin@domain.com)

When emailing certain customers they get bouncebacks and after contacting Rackspace who hosts most of the customers they can't reach. Rackspace is saying it's because of domain alignment under the DMARC standard even though SPF and DKIM match fine. (After I finally reached someone who understood what DMARC was and didn't want me to add Rackspace to our SPF...)

The headers on the netsuite include the following bits which some or all are apparently the cause because they specify netsuite instead of my client's domain so they aren't aligned:

smtp.mailfrom=bounces.na3.netsuite.com
helo=nmail001.na3.netsuite.com
Reply-To: User <transactions#_msg_#@transactions.na3.netsuite.com>
Return-Path: b.#.user_domain_pcom.#@bounces.na3.netsuite.com

Spoke with someone at Netsuite who says that Netsuite can't change this behavior at all, but Netsuite also claims they can send DMARC-compliant mail. Is anyone else able to get DMARC working completely with Netsuite?

When the client sends to me on O365 it passes SPF/DKIM/DMARC just fine, but I also see the above bits in the headers. It looks to me like it's doing SPF checks against the netsuite.com domain instead of my client's domain...which seems like Netsuite actually is tagging these wrong...

This is what O365 says in my headers for DKIM/SPF/DMARC …
0
1. Is it recommended to have both Windows Defender and
     Symantec EndPoint Protection running at the same time ?

 2. If not, how can I setup my MDT image
    so it does not deploy Windows Defender ?
-----------------------------------------------
Environment
  ** Windows Server 2012 R2 test domain
  ** Symantec EndPoint Protection deployed
       to Windows 10 Pro client via MDT image
0
Hi everyone,

I have a simple questions that's been bothering me for a while now. I have a 3rd party Spam Filter connected to my Office 365 Tenant. When an external sender sends me a legit email it is being tagged as a SPAM. My question is when the email passes through the 3rd party spam filter, is the email still going to be scanned by Office 365 EOP once it reaches Microsoft server or will it bypass EOP?
0
Our organization is on Exchange 2010 hybrid environment with O365. All incoming mails are directed to an external spam filter organization which delivers to our CAS servers that handles mail. 3 emails were stuck all night into the spam deliver queue unable to deliver these 3 messages to our server, rest of the messages were flowing. On the spam company side, it just shows peer not accepting the message so they kept retrying. In the end we ended up simply rejecting these messages from the external spam filter delivery queue.

I want to investigate the reason to why this email was stuck in the queue for so long and our exchange was not accepting it. It looked legitimate. I am new to exchange learning, what would be the best way to find out the reason and analyze the log once I find them ?

Thanks
0
I'm using MailWasherPro and I'm having some problems designating terms to blacklist.

Today, I got spam email from these addresses:

contact@mp8v83rnlazygenuis.site

contact@zzvxx5bvlazygenuis.site

contact@8bys2vc6lazygenuis.site

contact@9hknyh3lazygenuis.site

contact@wl71cftjlazygenuis.site

I've tried designating *.********lazygenuis.com as a blacklisted address but that doesn't seem to trip the spam "on" for MailWasherPro. And I've had the same situation with other emails that have similar constructions. Some seem to work sometimes but not all the time.

I have a feeling I'm missing something really simple. And maybe it is--for an expert.

Comments? Questions? Solutions?
0
Hi,

Exchange  and anti spam(proofpoint) in DMZ.
If I send e-mail to non-existent e-mail address in my organization
I receive error
#550 5.1.1 RESOLVER.ADR.RecipNotFound; not found ##
But if I send e-mail to non-existing e-mail address outside of my organization e.g. Gmail
I dont receive any error in outlook.
Proofpoint logs has error user unknow
sendmail: KCdM73031878: DSN: User unknown
but sender doesnt receive any information in outlook.
Where should I start  troubleshooting  Exchange or anti spam?
Any advice please
Thank you
0
Looking to get exchange documentation for a 2010 environment

There are 2 CAS , and the same are used as HUB Transport Servers

3 Mailboxes, 1 Unified Messanging Role, Have documented through scripting

Use of Ironport C170 , Barracuda Spam Firewall 300 and Enterprise Vault as well

Is there a handy way to check load balancing, I want to see if its set up through CAS Array, whats best way to check this and interaction with Ironport, Barracuda etc to generate mailflow diagrams?
0
Hi...why all of sudden all my domains are blacklisted in Spamhaus DBL.
0
Improved Protection from Phishing Attacks
LVL 1
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

This is using MS Exchange Server 2016 antispam features. Although I have run the "install antispam.ps1" successfully. However, spam still rampage. How to configure this features so as spam can be detected and caught in no time?

Thanks in advance.
0
email that I'm sending is now going to my customers spam boxes.  kinda happened out of the blue.  its not bulk emails.  its individual emails the i type with info for my clients.  i do copy/paste some info that goes into each email as well.

been working fine for years...its just all of the sudden everyone is saying that email is going to their junk boxes.  

its my own private domain email, i use gmail as the client for checking and sending it.

i havent changed anything on my end.  what do I need to look for to see what is going on?  TIA
0
In the past week I had two clients that a spam email was send out from their email to all their contacts. Thy wanted to notify all their contacts that this was a spam and not open or reply, just delete.

The simple way would be, sending out an email to all their contacts, but when google seas such kind of activity from one email sending out to this many email addresses it will mark it as spam or block it.

What I did, I export all contacts and was looking for a company that will not charge monthly since I don’t need a monthly plan [have no issue to pay on the project], most company’s I googled charge monthly at it’s designed for marketing project. I found a company sendpulse.com which gives up to 2500 emails free. But 1- most email landed in spam 2- it’s difficult to use it for such type of task, it’s designed for marketing with lot of fields to fill out, make the work complicated and slows the process. And in  this case we need quick and simple action.

I am sure there is a quick and efficient way to handle such cases, any advice?
0
We currently have a Sonicwall NSA 2600.  We also have a Small Business Server 2011 running Exchange 2010.  The Sonicwall has NAT and firewall configured to pass the mail to the server.  That is working fine.

I have activated a 30 day trial of Sonicwall's Anti-Spam Service.  During the initial configuration I received the following pop up error: "Mail Server Auto-Detect Failed.  The system detects there are one or more NAT and/or Rule policies that use a service group of a service port range that includes SMTP and non-SMTPservice ports.  The system could not enable the Anti-Spam service using the current configuration.

The user guide for enabling Anti-Spam lists a step where you identify the mail server.  I am assuming I need to delete the current NAT and Firewall rules forwarding mail to the server and let the Anti-Spam setup configure them again.  Am I correct?

Any help is appreciated.
0
How to get the correct detail for DKIM and SPF from vendor domain to add to TXT record for  our domain so vendor can send as us and not be blocked as spam.
Hi. thanks for looking at this problem.
An external vendor does mail outs for us.
When they do mailouts their emails sent as name@ourdomain.com get blocked since it isn't our domain sending the email.
I understand we can add their DKIM information as a TXT record to our DNS to make their domain trusted to send as us.
Do you know what detail it needs?
I have found this article
https://support.symantec.com/en_US/article.TECH132756.html

I have gotten the vendor detail from the message header of an email they have sent as us.
I can do an nslookup like this:
nslookup -type=txt "vendorselector"._domainkey."vendordomain"
and it comes back with a text record like:
v=DKIM1: p=sdfasdfafasdfasdfasdf
but there is no K or H value.
the other TXT records I have seen for DKIM have at least a K value which seems to be mostly RSA

Does anyone know if I do this kind of NSLookup and it returns that TXT record, if that is all I have to put in our DNS?

Normally I would just ask the vendor for this detail, but they don't seem to have the will to gather it.

Thanks,
Shaun
0
Is there a limit to the # of ip4 mechanisms included in an SPF record?  From what I'm reading, the limit is 10 DNS lookups, but excludes the ip4 mechanism.  I need to specify 20 IP4 addresses, so will the following SPF record be valid?

v=spf1 ip4:50.248.119.81 ip4:64.62.153.100 ip4:166.185.141.5 ip4:66.220.18.38 ip4:67.215.195.44 ip4:68.105.30.113 ip4:162.249.61.215 ip4:184.105.58.118 ip4:206.51.40.12 ip4:209.51.186.86 ip4:216.66.84.6 ip4:217.29.66.1 ip4:91.198.176.10 ip4:185.1.55.10 ip4:80.239.193.9 ip4:195.246.227.22 ip4:216.66.80.94 ip4:77.241.206.36 ip4:81.16.231.31 ip4:185.1.113.9 include:spf.protection.outlook.com -all
0
When you get a blank email from someone that only has a subject line of "HI, this is KEN".  What is the purpose of that email?  There is no bad code, nothing to download, no attachments, no links.
0
How to block outgoing SMTP-connections from one IP on a Linux server.

Scenario:
I have a Linux server (Running Plesk) with 2 IP's
IP1 is used for website
IP2 is used for mail

I want to block users from creating script to send mail directly (spam).
All mail are supposed to be send via the mailserver on IP2

In the Plesk Firewall, I can block incoming connections on ex. port 25, but not (as far as I can see) outgoing.

I found this suggestion:
iptables -I OUTPUT -m owner ! --uid-owner postfix -m tcp -p tcp --dport 25 -j REJECT


How can this be done?

/Jan
0
I sent an email from my domain to google and i found the error when i go to original message

spf=permerror (google.com: permanent error in processing during lookup of btv1==6117437fd2d==rsharma@iss.school.fj: mail.international.school.fj not found) smtp.mailfrom=btv1==6117437fd2d==rsharma@iss.school.fj

spf record = v=spf1 a mx include:_spf.google.com include:mail.international.school.fj include:mailrelay.unwired.com.fj ~all

spf=permerror (google.com: permanent error in processing during lookup of btv1==611a1cd8c90==rsharma@international.school.fj: mail.iss.school.fj not found) smtp.mailfrom=btv1==611a1cd8c90==rsharma@international.school.fj

spf record =v=spf1 a mx include:mail.iss.school.fj include:mailrelay.unwired.com.fj ~all



requesting assistance and how i can solve this
0
Worried about phishing attacks?
LVL 1
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Hi,

We have this script to delete phising emails from our organisation, however we also these requirements:

1)      We need to add into the search-mailbox after -searchquery an additional requirement for date or time, as we only want to search for emails since a certain date. We use this script to delete phishing attack emails, so we know when they started, so need to be able to search for all emails since a date and delete them if the subject matches. So the most recent example, would be all emails containing subject “RE: NOTICE: MC Support UPGRADE.” however only emails received after 01/03/2018. I assume we can just do -searchquery “Subject:’Content of Subject’ AND ReceivedDate:>01/03/2018” or something like that?
2)      We need to be able to search for subjects with special characters in. –searchquery “Subject:’RE: NOTICE: MC Support UPGRADE.’ Will currently give an error as it won’t like the : in the subject.
3)      We need to be able to search for the above criteria, but also potentially include only emails from certain email addresses. One of the phishing emails was “RE: Attention (Staff Migration)” which could be very close to something we actually send to users. The phishing email only came from a certain email though, so if we add an extra criteria for sender, that would help us focus the search.


Please can someone show me how to achieve this?

also I would appreciate if you any other suggestions for improvement.


$mbs = Get-Mailbox 

Open in new window

0
Is there a way in EOP Spam filter policy to prevent messages hitting Junk email box and deliver them to the user's inbox with a text prepend to the subject line of the messages?
0
Our client often gets complaint's from their customers not being able to send attachments through to them because they continuously get rejected for being too large.

They're using an on-prem 2010 Exchange server.  
The initial message size limit send/receive was set to 30MB.
Their hosted anti-spam solution, Trend micro, has a limit set for 50MB.
I changed the on-prem 2010 Exchange server send/receive to a limit of 50MB for troubleshooting purposes.

We still get bounce backs when sending anything typically over the size limit of 15MB. The message comes back indicating it exceeds the limit of 20MB.  After checking all the settings (that I know of), I don't know where the size limit of 20MB is being set.  I know that messages grow in size beyond the initial attachment limit, but not to this degree.

Is there anything specifically I've missed in checking?

Thank you!
0
Hi Everyone

What is the best practice for gateways. For example we got blacklisted a while ago and public ip is still blacklisted on spam rats. It says about reverse lookup not being setup

the exact message "Does IP Address comply with reverse hostname naming convention". While letting my isp know we were told to liase directly with spamrats which i did but the ip has not been given ok by spamrats. I think that they want us to set reverse DNS on gateway.

1) What is the best practice for gateways?
2) What happens if i give it a name with my domain? nnn.kkk.school.fj.
3) Does it interrupt my traffic?
4) Do i have to change my firewall rules based on the name change?
5) What all do i have to do to get this done?
6) What is the whole purpose of reverse dns on gateway as i was told by my ISP that they only setup if told by a customer to do so?
0
When I go to the https://dmarcguide.globalcyberalliance.org/#/ website and type in the email domain name of my organization the SPF & DKIM results pass but for the DMARC test I receive a message that says "Thank you for getting started with DMARC. You are currently at the lowest level and receiving reports, which is a great starting point. Please make sure to review the reports, make the appropriate adjustments, and move to either quarantine or reject soon. Additional information about reporting tools can be found here" (see the second screenshot below).

When I click on here I am taken to this website https://dmarc.globalcyberalliance.org/dmarc-reporting-key-benefits-takeaways/.

What values do I need to change or what settings do I need to change within my external DNS server records so that I will pass the DMARC test for this globalcyberalliance.org website?

I currently have this TXT record setup within my public DNS records for DMARC:

_dmarc.domain.com.      3600      IN      TXT      "v=DMARC1; p=none; rua=mailto:postmaster@domain.com; ruf=mailto:postmaster@domain.com"

DMARC-TXT-Record
PLEASE NOTE: The actual domain name has been replaced with the word domain above and has been whited out in the screenshot for privacy purposes.

Domain results
0
Hello guys,
I was asked to recommend an anti spam solution for a large organization with over 18,000 on-premise exchange users. I would have loved to recommend Exchange Online Protection, but that is going to cost a fortune given the number of users.

I would like a reliable reasonably priced solution for that number of users. Please help.
0

AntiSpam

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.