I have a user that has two AOL accounts on their Ipad and they are complaining how much spam is out of control.  To my knowledge, there is not much that can be done other than starting to unsubscribe to junk email or getting a new email account.  Am I right or is there something that can be done with a third party tool or something that can be configured within aol?  I know its a pretty junky system but I figure to ask as this is a VIP and they are tied to their choice of aol.

Working for a financial services company, our users typically send out templated marketing emails to the business contacts they interact with.

Their emails typically have the same subject and text and lately tend to end up in the recipients' Outlook junk folders. They are not bulk emails though. A single sales guy typically sends out about ten to twenty of them per day.

Our third party outbound spam filter is set to let these through but the controls that Microsoft provides at Exchange Online (Office365) appear to be pretty much non existent.

Any ideas how to circumvent this?

Can someone who understands DMARC explain to me exactly what is happening in this DMARC?

spf=neutral (google.com: 209.222.82.54 is neither permitted nor denied by best guess record for domain of 15200-bounces@bounces.ess.barracudanetworks.com) smtp.mailfrom=15200-bounces@bounces.ess.barracudanetworks.com;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mysupercompany.com
Return-Path: <15200-bounces@bounces.ess.barracudanetworks.com>
Received: from 22pmail.ess.barracuda.com (22pmail.ess.barracuda.com. [209.222.82.54])

is 209.222.82.54 not authorized/allowed to 15200-bounces@bounces.ess.barracudanetworks.com or is 15200-bounces@bounces.ess.barracudanetworks.com not authorized/allowed to 209.222.82.54.

Hi,

I've got a client who has approached me regarding implementing DKIM and DMARC. They are already running SPF.

I have implemented simple DKIM and DMARC projects previously however this has some complications which I would like a second opinion on.

They are implementing this using a Fortinet using Fortimail to apply the DKIM signing on outgoing mail.

I have the following complications which I would like a second opinion on.

Firstly, they have three Domains which I believe gives us two options we can either create a DKIM signing key pair for all three or we can use CNAME records to use one key pair. What is the recommended best practice, I'm inclined to think using three separate key pairs would be best?

Secondly, they have two external companies which send emails on their behalf using their Domain name (allowed spoofing to a degree). This is allowed using SPF as their IP is listed in the allowed senders however to my knowledge this will not work once DKIM and DMARC are implemented. Therefore, my thoughts are these companies need to relay the Emails via the on-prem Exchange Server at the clients site, this way the Emails leave via the Fortimail and have the signing applied. I believe this is fairly easy to do using receive connectors locked down to a specific IP address. Is this the best way around this issue?

Thanks

We are getting bogus emails:  (emails that were never sent by anyone inside our organization) - to people that are inside our organization.  Subjects are different, nothing is ever the same.  Its like we have a Gremilin inside sending emails that are making no sence.  What could be doing this, and how do I stop it.  One emails in particular is one of our employees that is responsible for purchasing received an email from the Bosses email address telling her to purchase speffic gift cards and us them to get dome supplies from like Home Depot.  The Boss never sent that email.  What could be happening here, and how can I stop it ?  Using Trend Micro Advance Security for email scanning and PC Security agent.

Thanks in advance for any help I can get.  

Mark H.

Hey guys,

What is a good spam filter software (not service)?  I have a client who would like to install spam filter software on few computers.  Thanks in advance.

Microsoft states the following description about the Sender Filter Config:
Stamp status: The Sender Filter agent accepts the message and updates the message to indicate that it came from a blocked sender. The Content Filter agent uses this information when it calculates the spam confidence level (SCL) of the message. For more information about content filtering and the Content Filter agent, see Content filtering.

https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antispam-protection/sender-filtering?view=exchserver-2019

But I can not find any reference about how Sender Filter Config "Stamp" affects the SCL. I do not find any header added by Sender Filter Config. In more details, how many SCL added if the email is "stamp", and whether we can control how many SCL given for this "stamp"?

When adding SenderDomains to the Spam Filter in Exchange Online to block any emails from reaching the end users...  

Does anyone know what the maximum number of domains that can be listed/added to the

1. BlockedSenderDomains and
2. BlockedSenders

The Transport Rules method seems to max out at just over 200 entries...

Hi

Can some one tell me the procedure of cutting over from Message Labs to Mimecast please

SPF question

Given the SPF entry below for ficticious domain ABC.com

v=spf1 ip4:50.50.50.0/24 ip4:50.102.50.0/24 ip4:50.62.161.12 include:spf.protection.outlook.com include:amazonses.com -all


An attacker spoofs an email from john@abc.com and sends it to bob@abc.com.  Inspected the headers show  this:

1      *      192.3.21.34      smtp-relay.gmail.com      ESMTPS      3/19/2019 6:21:22 PM      Not blacklisted
2      1 Second            mail-io1-f102.google.com      SMTP      3/19/2019 6:21:23 PM      
3      0 seconds      mail-io1-f102.google.com 209.85.166.102      CO1NAM03FT012.mail.protection.outlook.com 10.152.80.99      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)      3/19/2019 6:21:23 PM      Is on a blacklist
4      1 Second      CO1NAM03FT012.eop-NAM03.prod.protection.outlook.com      SN6PR0102CA0028.outlook.office365.com      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)      3/19/2019 6:21:24 PM      
5      1 Second      SN6PR0102CA0028.prod.exchangelabs.com      BYAPR01MB4919.prod.exchangelabs.com      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)      3/19/2019 6:21:25 PM      
6      *      192.3.21.34      smtp-relay.gmail.com      ESMTPS      3/19/2019 6:21:22 PM      Not blacklisted
7      1 Second            mail-io1-f102.google.com      SMTP      3/19/2019 6:21:23 PM      
8      0 seconds      mail-io1-f102.google.com 209.85.166.102      CO1NAM03FT012.mail.protection.outlook.com 10.152.80.99      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)      3/19/2019 6:21:23 PM      Is on a blacklist
9      1 Second      …

I have noticed anonymous callers ask me by my name which surprised me.  When I asked them, some didn't say but 2 said that my number was in google along with my name:

• How is this possible?

• How can I check if true?

• Is my address there also?

• How can I get rid of my phone number from those databases?

Hallo Experts
     
For our Security Operations Center (SOC), we are searching for a tool that can collect “Threat Artifacts”. When I worked with McAfee in the past, they used GetSusp to collect information about undetected malware on their computer.
     
We are searching for a similar tool that we can use in the network to collect information remotely. What would you recommend us? It would be nice, if the tool would work on Windows & Linux, albeit this is not a must.
   
Thanks a lot

Hi

We had on site exchange server and we had a third-party spam filtering hosted outside our network and all email were filtered before it could hit our network and occasionally we had any phishing and spoofing emails.

Now after moving to 0365, we are getting many phishing and spoofing emails and sometimes the email looks so genuine. When the link on the email is clicked and it shows a 0365 login page but directs to a phishing website ( Only IT guys can identify) and the end user don’t have any knowledge of whether it is a fake website or not and they end up putting the username and password and the hacker gets access to the user mail box and few staff mailbox were compromised.

We keep blocking the domains and making changes on the 0365-protection centre etc… , but things are not settling…..

I am wondering is there any way to deal with this issue. Is the Microsoft exchange online protection itself  enough to deal with the problem that we are experiencing?
Or is it better to go with some third-party spam filtering system.

Any help and suggestions would be great .
Thanks