Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.

Share tech news, updates, or what's on your mind.

Sign up to Post

I'm trying to configure a rule in Cisco CES cloud platform the stops people masquerading as the CEO
for attempted Phishing. So on our previous FW we had if the mail has the sender as 'our ceo' but does not come from
our Domain, then drop. I can see where to configure this in the CES.
JavaScript Best Practices
LVL 13
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

I have a user that has two AOL accounts on their Ipad and they are complaining how much spam is out of control.  To my knowledge, there is not much that can be done other than starting to unsubscribe to junk email or getting a new email account.  Am I right or is there something that can be done with a third party tool or something that can be configured within aol?  I know its a pretty junky system but I figure to ask as this is a VIP and they are tied to their choice of aol.
Yesterday I got an interesting SPAM that looked very much like the scam you see here.

I right clicked on the shortcut and copied it to the clipboard then pasted it into chrome on my test machine.  It takes me to what appears to be a legit bankofamerica website.  I have attached a screenshot.  I did not enter my passwords, but it sure looks 100% legit to me.

Here is the url:  https:/ / imm/ PaymentCenter/ Index/ 8404?csbi=644077671&b0=20190916192841396056
I have added a space after each / to make it safe.

I've been told that some legitimate looking URL's will automatically redirect me to a bogus website, but how does that work? If the domain controller does the redirecting wouldn't avoid a bogus address? Or does the redirecting occur on the routers that the packets hop through?

In other words how can this particular link get me in trouble?
Working for a financial services company, our users typically send out templated marketing emails to the business contacts they interact with.

Their emails typically have the same subject and text and lately tend to end up in the recipients' Outlook junk folders. They are not bulk emails though. A single sales guy typically sends out about ten to twenty of them per day.

Our third party outbound spam filter is set to let these through but the controls that Microsoft provides at Exchange Online (Office365) appear to be pretty much non existent.

Any ideas how to circumvent this?
we have a single windows sbs2011 running exchange and windows 10 pro clients running outlook2007.

everything was running ok, but today, for some reason, for certain email contacts (not all), we receive a bounce back stating :-

No SMTP server defined. Use real server address instead of in your account

I did research this and noticed an article relating to avast cloudcare, so we disabled the core shields on both the client and mail server, along with our vamsoft ORF antispam, but we still get the same error.

Can anyone advise how we go about resolving this?

Any advice much appreciated.

Can someone who understands DMARC explain to me exactly what is happening in this DMARC?

spf=neutral ( is neither permitted nor denied by best guess record for domain of;
dmarc=fail (p=NONE sp=NONE dis=NONE)
Return-Path: <>
Received: from ( [])

is not authorized/allowed to or is not authorized/allowed to
We are setting up SPF, DKIM, and DMARC for our domains but just wanted to get some clarification on the best options to set for each scan result:
none, neutral, softfail, hardfail, permerror, temperror

So basically wanting to know which is the best option?
From reading it seems that HardFail would be the way to go but just wanted some insight for these settings and what is the best practice for them to set them up?

I've got a client who has approached me regarding implementing DKIM and DMARC. They are already running SPF.

I have implemented simple DKIM and DMARC projects previously however this has some complications which I would like a second opinion on.

They are implementing this using a Fortinet using Fortimail to apply the DKIM signing on outgoing mail.

I have the following complications which I would like a second opinion on.

Firstly, they have three Domains which I believe gives us two options we can either create a DKIM signing key pair for all three or we can use CNAME records to use one key pair. What is the recommended best practice, I'm inclined to think using three separate key pairs would be best?

Secondly, they have two external companies which send emails on their behalf using their Domain name (allowed spoofing to a degree). This is allowed using SPF as their IP is listed in the allowed senders however to my knowledge this will not work once DKIM and DMARC are implemented. Therefore, my thoughts are these companies need to relay the Emails via the on-prem Exchange Server at the clients site, this way the Emails leave via the Fortimail and have the signing applied. I believe this is fairly easy to do using receive connectors locked down to a specific IP address. Is this the best way around this issue?

How can I block countries from spamming my hotmail account?
I'm getting crap from the .CO domain and just want to shut that down completely.

ALSO, I keep getting crap from but their emails are  prefaced with and
Is there a wildcard I can use in hotmail's junk settings?
I placed their domain on the block list but they're still getting through.
We are getting bogus emails:  (emails that were never sent by anyone inside our organization) - to people that are inside our organization.  Subjects are different, nothing is ever the same.  Its like we have a Gremilin inside sending emails that are making no sence.  What could be doing this, and how do I stop it.  One emails in particular is one of our employees that is responsible for purchasing received an email from the Bosses email address telling her to purchase speffic gift cards and us them to get dome supplies from like Home Depot.  The Boss never sent that email.  What could be happening here, and how can I stop it ?  Using Trend Micro Advance Security for email scanning and PC Security agent.

Thanks in advance for any help I can get.  

Mark H.
OWASP Proactive Controls
LVL 13
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Hey guys,

What is a good spam filter software (not service)?  I have a client who would like to install spam filter software on few computers.  Thanks in advance.
The user has a brand-new email account, and wants to control what senders they receive email from.
They have an Exchange account with Intermedia, a large hosting company.

I recall there being a company that had a system which receives and holds the email, notifies the user, and waits for the user to approve senders.

Can anyone tell me what companies offer this service?
Microsoft states the following description about the Sender Filter Config:
Stamp status: The Sender Filter agent accepts the message and updates the message to indicate that it came from a blocked sender. The Content Filter agent uses this information when it calculates the spam confidence level (SCL) of the message. For more information about content filtering and the Content Filter agent, see Content filtering.

But I can not find any reference about how Sender Filter Config "Stamp" affects the SCL. I do not find any header added by Sender Filter Config. In more details, how many SCL added if the email is "stamp", and whether we can control how many SCL given for this "stamp"?

I was wondering if EEs could give me some suggestions for managed  AV software. I have tried norton, avg, bitdefender (current), webroot, kaspersky, virus kept on slipping through.

Any ideas?  thanks
When adding SenderDomains to the Spam Filter in Exchange Online to block any emails from reaching the end users...  

Does anyone know what the maximum number of domains that can be listed/added to the

1. BlockedSenderDomains and
2. BlockedSenders

The Transport Rules method seems to max out at just over 200 entries...
So I received a cute little spam email saying that someone has taken over my account and wants me to buy bitcoin, yada, yada, yada.  The one thing they mention is how if I take a look at the sender information above its actually my email address.  Sure enough, its my email address.  How did they manage to get my email address to show up in the sender field?  Typically I usually see a bogus email address but this one is actually my email address.  I can see from the header its from a different email address but how did they get my email address to show up in that field?  Is it like a display name or something?

Is there a way to train average users how to spot these fraudulent emails.

Can some one tell me the procedure of cutting over from Message Labs to Mimecast please

i'm looking for some advice please

I'm looking into Migrating a company from on premise exchange to Office 365

I'll be using Migration Wiz to complete the data migration. They will be using Mimecast to filter spam

Can someone please tell me the process to follow to get this complete, I just need an over view list please.

SPF question

Given the SPF entry below for ficticious domain

v=spf1 ip4: ip4: ip4: -all

An attacker spoofs an email from and sends it to  Inspected the headers show  this:

1      *      ESMTPS      3/19/2019 6:21:22 PM      Not blacklisted
2      1 Second        SMTP      3/19/2019 6:21:23 PM      
3      0 seconds      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)      3/19/2019 6:21:23 PM      Is on a blacklist
4      1 Second      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)      3/19/2019 6:21:24 PM      
5      1 Second      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)      3/19/2019 6:21:25 PM      
6      *      ESMTPS      3/19/2019 6:21:22 PM      Not blacklisted
7      1 Second        SMTP      3/19/2019 6:21:23 PM      
8      0 seconds      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)      3/19/2019 6:21:23 PM      Is on a blacklist
9      1 Second      …
Exploring SharePoint 2016
LVL 13
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

I have noticed anonymous callers ask me by my name which surprised me.  When I asked them, some didn't say but 2 said that my number was in google along with my name:
  • How is this possible?
  • How can I check if true?
  • Is my address there also?
  • How can I get rid of my phone number from those databases?
Hallo Experts
I would like to collect the following Threat Artifacts from a compromised Windows System:
  • CPU
  • Routing-, ARP- & Process tables
  • Memory
  • Temporary files
  • Relevant data from storage media
What would you collect? Is there any best practice from NIST or anyware?
Thanks a lot
Hallo Experts
For our Security Operations Center (SOC), we are searching for a tool that can collect “Threat Artifacts”. When I worked with McAfee in the past, they used GetSusp to collect information about undetected malware on their computer.
We are searching for a similar tool that we can use in the network to collect information remotely. What would you recommend us? It would be nice, if the tool would work on Windows & Linux, albeit this is not a must.
Thanks a lot

We have move to 0365 and the exchange online protection is not very effective. We are planning to go with 3rd party spam filtering system. .

We are a education establishment .Please post e any good products that you are aware of.


We had on site exchange server and we had a third-party spam filtering hosted outside our network and all email were filtered before it could hit our network and occasionally we had any phishing and spoofing emails.

Now after moving to 0365, we are getting many phishing and spoofing emails and sometimes the email looks so genuine. When the link on the email is clicked and it shows a 0365 login page but directs to a phishing website ( Only IT guys can identify) and the end user don’t have any knowledge of whether it is a fake website or not and they end up putting the username and password and the hacker gets access to the user mail box and few staff mailbox were compromised.

We keep blocking the domains and making changes on the 0365-protection centre etc… , but things are not settling…..

I am wondering is there any way to deal with this issue. Is the Microsoft exchange online protection itself  enough to deal with the problem that we are experiencing?
Or is it better to go with some third-party spam filtering system.

Any help and suggestions would be great .
Exchange 2010 Hybrid with Office 365 Tenant.
Multiple Domains. Some Go Directly to Office 365 Tenant, some go to the On-Premise First, then either Stay on the On-Prem, or get Transferred to the Office 365 Tenant.
I'm trying to Block some SPAM that the user is forging our Email Addresses.   I Have SPF Records setup and have tested them and they seem to be functioning fine.   Though we are still getting emails from us to us though they are not coming from us.

The From: Header has my email address in it, so it looks like it came from me, though the sender used the Following Headers, which I think caused the SoftFail on the SPF and managed to get the email through.
X-Complaints-To: <>

I've just started to look into DKIM/DMARC though still learning what it is all about. I'm not sure if this would prevent the email from reaching us.   Would it? Is there something else I can do?

Here is a copy of one of the emails with Most all of the Headers. My IPs/Names/Emails have been edited. I've removed all of the X-Microsoft-Exchange-Diagnostics: Headers.

Received: from (2603:10b6:a02:bc::33)
 by with HTTPS via
 BYAPR07CA0020.NAMPRD07.PROD.OUTLOOK.COM; Tue, 5 Feb 2019 20:33:15 +0000
Received: from


Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.