AntiSpam

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.

Share tech news, updates, or what's on your mind.

Sign up to Post

So I received a cute little spam email saying that someone has taken over my account and wants me to buy bitcoin, yada, yada, yada.  The one thing they mention is how if I take a look at the sender information above its actually my email address.  Sure enough, its my email address.  How did they manage to get my email address to show up in the sender field?  Typically I usually see a bogus email address but this one is actually my email address.  I can see from the header its from a different email address but how did they get my email address to show up in that field?  Is it like a display name or something?

Is there a way to train average users how to spot these fraudulent emails.
0
CompTIA Cloud+
LVL 13
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

SPF question

Given the SPF entry below for ficticious domain ABC.com

v=spf1 ip4:50.50.50.0/24 ip4:50.102.50.0/24 ip4:50.62.161.12 include:spf.protection.outlook.com include:amazonses.com -all


An attacker spoofs an email from john@abc.com and sends it to bob@abc.com.  Inspected the headers show  this:

1      *      192.3.21.34      smtp-relay.gmail.com      ESMTPS      3/19/2019 6:21:22 PM      Not blacklisted
2      1 Second            mail-io1-f102.google.com      SMTP      3/19/2019 6:21:23 PM      
3      0 seconds      mail-io1-f102.google.com 209.85.166.102      CO1NAM03FT012.mail.protection.outlook.com 10.152.80.99      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)      3/19/2019 6:21:23 PM      Is on a blacklist
4      1 Second      CO1NAM03FT012.eop-NAM03.prod.protection.outlook.com      SN6PR0102CA0028.outlook.office365.com      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)      3/19/2019 6:21:24 PM      
5      1 Second      SN6PR0102CA0028.prod.exchangelabs.com      BYAPR01MB4919.prod.exchangelabs.com      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)      3/19/2019 6:21:25 PM      
6      *      192.3.21.34      smtp-relay.gmail.com      ESMTPS      3/19/2019 6:21:22 PM      Not blacklisted
7      1 Second            mail-io1-f102.google.com      SMTP      3/19/2019 6:21:23 PM      
8      0 seconds      mail-io1-f102.google.com 209.85.166.102      CO1NAM03FT012.mail.protection.outlook.com 10.152.80.99      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)      3/19/2019 6:21:23 PM      Is on a blacklist
9      1 Second      …
0
I have noticed anonymous callers ask me by my name which surprised me.  When I asked them, some didn't say but 2 said that my number was in google along with my name:
  • How is this possible?
  • How can I check if true?
  • Is my address there also?
  • How can I get rid of my phone number from those databases?
0
Hallo Experts
       
I would like to collect the following Threat Artifacts from a compromised Windows System:
     
  • CPU
  • Routing-, ARP- & Process tables
  • Memory
  • Temporary files
  • Relevant data from storage media
   
What would you collect? Is there any best practice from NIST or anyware?
 
Thanks a lot
1
Hallo Experts
     
For our Security Operations Center (SOC), we are searching for a tool that can collect “Threat Artifacts”. When I worked with McAfee in the past, they used GetSusp to collect information about undetected malware on their computer.
     
We are searching for a similar tool that we can use in the network to collect information remotely. What would you recommend us? It would be nice, if the tool would work on Windows & Linux, albeit this is not a must.
   
Thanks a lot
1
Hi

We have move to 0365 and the exchange online protection is not very effective. We are planning to go with 3rd party spam filtering system. .

We are a education establishment .Please post e any good products that you are aware of.

Thanks
0
Hi

We had on site exchange server and we had a third-party spam filtering hosted outside our network and all email were filtered before it could hit our network and occasionally we had any phishing and spoofing emails.

Now after moving to 0365, we are getting many phishing and spoofing emails and sometimes the email looks so genuine. When the link on the email is clicked and it shows a 0365 login page but directs to a phishing website ( Only IT guys can identify) and the end user don’t have any knowledge of whether it is a fake website or not and they end up putting the username and password and the hacker gets access to the user mail box and few staff mailbox were compromised.

We keep blocking the domains and making changes on the 0365-protection centre etc… , but things are not settling…..

I am wondering is there any way to deal with this issue. Is the Microsoft exchange online protection itself  enough to deal with the problem that we are experiencing?
Or is it better to go with some third-party spam filtering system.

Any help and suggestions would be great .
Thanks
0
System/Setup:
Exchange 2010 Hybrid with Office 365 Tenant.
Multiple Domains. Some Go Directly to Office 365 Tenant, some go to the On-Premise First, then either Stay on the On-Prem, or get Transferred to the Office 365 Tenant.
I'm trying to Block some SPAM that the user is forging our Email Addresses.   I Have SPF Records setup and have tested them and they seem to be functioning fine.   Though we are still getting emails from us to us though they are not coming from us.

The From: Header has my email address in it, so it looks like it came from me, though the sender used the Following Headers, which I think caused the SoftFail on the SPF and managed to get the email through.
X-Sender: jarch@chol.com
X-Complaints-To: <abuse@mailer.chol.com>
Errors-To: noreply@chol.com
Return-Path: jarch@chol.com


I've just started to look into DKIM/DMARC though still learning what it is all about. I'm not sure if this would prevent the email from reaching us.   Would it? Is there something else I can do?

Here is a copy of one of the emails with Most all of the Headers. My IPs/Names/Emails have been edited. I've removed all of the X-Microsoft-Exchange-Diagnostics: Headers.

Received: from BYAPR15MB2310.namprd15.prod.outlook.com (2603:10b6:a02:bc::33)
 by BYAPR15MB2312.namprd15.prod.outlook.com with HTTPS via
 BYAPR07CA0020.NAMPRD07.PROD.OUTLOOK.COM; Tue, 5 Feb 2019 20:33:15 +0000
Received: from
0
My employer was hit with malware two months ago and we've contained and treated it. However, it looks like our address book got hijacked. Users are being bombarded every day by spoofed emails using names of our employees, but coming from various domains around the world. Outside customers and vendors we often communicate with are also reporting that they are getting the same type emails, multiple times daily.

I know this is a long shot, but is there anything at all we can do about this? I suppose anybody can type any name in the "From" box on a message and since they have our names and contacts, they are exploiting it. We mark all external emails as [EXTERNAL] so at least people will see that the emails come from outside our domain despite the user's name, but that doesn't help for our vendors, customers, and other contacts.

We currently have Sophos installed on our servers and desktops, and run Barracuda's spam filter. Most of this stuff is getting caught and blocked, but there are so many that a few still slip through.

Any suggestions here?
0
Hello,

someone is spoofing my mail domain.
I have SPF record and it is not enough to stop spoofing.

I didnt know how spoofing is easy :-)

"Find a website like deadfake, which describes itself as “a site that lets you send free fake emails to anyone you like.
Or anonymailer.net. Or spoofbox.com. There are dozens. Many of them are free, some cost a little money to send mail.

    Enter your recipient’s email address in the To: field.
    Put whatever email address you want in the From: field.
    Craft your message and press the Send Now! Button.

"

So,what are my options?I have ptr and spf record.
To configure dkim and dmarc?
Any advice?
Please,can anyone explain how to implement.I have 4 email domains on mail server.
Is there any dkim&dmarc tutorial for dummies :-)
Thank you
1
Fundamentals of JavaScript
LVL 13
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

I need to add a spf record to avoid spoofing and I use register.com as dns provider. They told me to add the following into the txt record.

@     "v=spf1 include:spf.registeredsite.com ~all"

I did that. When I sent a test mail to my gmail account, the mail went through but the header showed me it is has a softfail and the error message is as following:

pf=softfail (google.com: domain of transitioning me@mysite.com does not designate 192.168.0.1 as permitted sender) smtp.mailfrom= me@mysite.com;

For your information, my A record is the following:

*.mysite.com        10.10.0.1     <- webserver
mail.mysite.com      192.168.0.1   <- emailserver

Note: Please pardon the email address and ip addresses in this post are not real for security reason.
0
Can't email to Verizon, AOL or Yahoo from Godaddy account. Logged in to Godaddy webmail so its not the client. Logged in from several locations. Made new Godaddy emails on the same domain. Domain is not listed in RBL blocking anywhere. Godaddy says their mail servers are fine. CAN send to all three other ISPs from several other email addresses which are not on Godaddy.
0
We had to upgrade to reCAPTCHA v3 from v2.  I am seeing a lot more spam coming through the sites... wondering if anyone knows how I can adjust settings or something to help.

thanks
0
We've got a Linux server which has been running as a mail server (Sendmail) for years

DNS listings for SPF, DKIM, DMARC and ADSP has been in use for the past 3 months with no issues.

For DKIM we're using OpenDKIM and two days ago we've installed OpenDMARC and are still in the testing phase (We're not sending reports at this time)

BUT

For the life of me I can't figure out what I'm missing

I'm trying to figure out how to get Sendmail via OpenDMARC to follow an established policy of a received email by Rejecting or quarantining a email (as specified) if the message alignment fails .
0
What is the best spam filter for AOL Desktop Gold under Win 10 ?
0
Hello Experts,

Does anyone have any suggestions on spam filtering through MX records?  Currently we are using office 365 trough Microsoft and hosted exchange by go daddy.  GoDaddy's spam filtering would make us upgrade to the next business package. A cost we do not want yet.  

Thank you,

-GTS
0
I've recently enabled SPF/DKIM/DMARC for our email system.  My understanding is that this will help fight email spoofing?

But what about other malicious email events?  How do I thwart email virus and attacks coming from sites that are not spoofing?
0
Hi,

I'm in process to migrate my users mailboxes from Exchange 2007 to O365.

I set a Send Connector rule to send all emails for migrated recipients to O365 MX server. Now  I got a msg from O365 like:

mail.protection.outlook.com #550 5.7.1 Service unavailable, Client host [x.x.x.x] blocked using Spamhaus. To request removal from this list see http://www.spamhaus.org/lookup.lasso

Why my Hub Transport is considered as spam? How can I whitelist my server in O365?

Thanks
0
WordPress site getting SPAMMED, not sure how to stop it.

My website, FortressHarvard.com

has a Download button, and when you fill your Name and Email, then click the button, you get an email with the URL to my book's Preface and Chapter 1. Also, I get an email to my "info@" email's inbox with the name and email of the person requesting the downloading.

I am getting spammed there, by some sort of robot, and do not know how to stop it.

This started yesterday morning, and continued every few minutes, non-stop. I even added a CAPTA requirements this morning, but that had no impact.

How do I stop this SPAM?

Thanks
0
Rowby Goren Makes an Impact on Screen and Online
LVL 13
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Hi,
What's the best anti-spam-virus cloud filtering service that one can use before email arrive to my internal Exchange Service?
I use to use MXLogic which was bought by McAfee which discontinued the service and I moved to ZeroSpam which is not that good.
I have been told ProofPoint is really good but couldn't find any reviews or gatner,
tx!
0
We have 3 apps that a user runs on his computer every other day: 'SUPERAntiSpyware', 'Spy-Bot Search and Destroy' and 'Comodo Antivirus'.  The user runs the 3 apps at that same time whenever cleaning up is desired.  The user would leave theses tools running overnight.

The app 'Comodo Antivirus' never finds a virus.  The apps 'SUPERAntiSpyware' and 'Spy-Bot Search and Destroy' always finds spyware.  In  the morning the user would first click 'SUPERAntiSpyware' to delete or isolate the threats reported and then do the same to 'Spy-Bot Search and Destroy'.  Finally restart the computer.   Note, prior running the apps, the user would run cCleaner to cleanup any junk in his drive.

To-Date, there is no problem we have identified and all seems to be ok.  Our question is more directed to know EE opinion on:

  • Why 'SUPERAntiSpyware' and 'Spy-Bot Search and Destroy' display different results?
(Spy-bot would show registry entries and superantispyware would show files)
  • Any negative effect by running these 3 apps simultaneously?
  • Finally, is it necessary to run cCleaner prior running the apps?
0
Using Exchange 2013, is there a mail to block internal user usurpated email?

More and more users are getting unwanted email like « From: "legitusername@contoso.com" realspamsender@windowslice.com »
I'm looking for rule that block mails displaying @contoso.com that aren't sent from consoto.com email adresses.

Any help woud be appreciated,
Thanks!
0
Hi , our public UP is being blacklisted by CBL.

Reason given: This IP is infected (or NATting for a computer that is infected) with an botnet that is emitting email spam. The infection is probably sendsafe.

I'm assuming that one o the 25 or so computers in my network is infected.

Question: Is there a way usnijg the Sonicwall to determine in a machine is acting as an SMTP server and sending out spam email?

My SonicWall is a new model NSA 2600 with updated SonicOC
0
Here's the good news about the user - they are 89 years old, and receive and send email and texts on their iPad and iPhone.

They are having problems with AOL/Yahoo email

The issue is that they cannot receive email from their son, because for some reason, their son's company domain is on some sort of blacklist.  The company uses Outlook 365 and some sort of mail authenticator  mime cast.com

AOL doesn't have a whitelist option yet.
They have identified the messages as being not spam in the Junk box, but that doesn't stop the mail from going into the junk folder.

It is too much to ask an 89 year old person who has mastered email on devices to change their email address.
I have instructed them to check their junk box as regularly as they check their inbox.

It would be nice if there was a way to get the AOL/Yahoo filtering system to allow mail from the company domain.

I have attached a header from a message that was sent to junk, if that is of any help.

MXtoolbox has analyzed and found messages to be on a blacklist
MX Toolbox report


Thanks.

-------------------------

X-Apparently-To: jwb@aol.com; Wed, 24 Oct 2018 19:01:52 +0000
Return-Path: <john@pxxxxxxp.com>
X-YahooFilteredBulk: 63.128.21.182
Received-SPF: pass (domain of pxxxxxxp.com designates 63.128.21.182 as permitted sender)
X-YMailISG: RD0lkWgWLDt9Eokj4OV7S0B0GjdN9EXqXiK_FGw9i6AP6Su3
 SoPLLyRX6Gstjx7xgDzW.hDYmw7WDObZs1yGDcCgTZPU.0RpAY8d5LC1ve8K
 …
0
Key VP of Sales is receiving large amounts of Junk Email. Company owners want his email filtered out. What can an IT guy do? We have a standard hosted email like everyone else. Do I have to get EXchange Server? I don't even know if there is any advantage to that, Exchange Server does not have any advanced features for filtering??

Once of the owners asked me "Do we need to hire someone to go through the VP's email every day to manually go through every email?"

Is he right? CDW told me about Trend Micro, but i dont know if this is the solution. Actually it does not appear a solution exists except to hire someone, is this really the case??
0

AntiSpam

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.

Top Experts In
AntiSpam
<
Monthly
>