Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

AntiSpam

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi Experts, AFAIK there are 3 ways to anti-spam to an Exchange 2016 environment: SPF, DKIM and DMARC

I can configured SPF record on domain control panel but not sure about the 2 others, does anyone have experience with them? Can we configure them on Exchange mailbox server, or public DNS of ISP?

Many thanks in advance,
1
When ransomware hits your clients, what do you do?
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

When we send an email through our company it is very commonly flagged as junk by the recipient. Can this be fixed? What do i need to do to fix this? We're using exchange from our own in house server. No we dont mass email people. We have never been hacked and used as a bot that im aware of.  Our in coming does go through an online spam filter.
0
Hi All,

Can anyone here please let me know what do I need to do in order to successfully cutting over the Anti Spam solution from onPremise Linux VM into the Cloud Solution with no data loss or user email flow interruptions?

As at the moment on my Exchange 2013, the Send Connector Smarthosts listing the local IP address for the 2x Linux VMs.

Do I just change it to the Public IP address of the Cloud Anti-Spam provider ?

Note: My Public DNS server is running on my On-premise Windows Server 2008 R2 VMs.

Thanks,
0
Hi,

We are using ESAT spam filter and we have a user that is getting spam reports with duplicate emails in them.  

eg.

email is caught in spam filter, it is in the spam report that the user gets
- user retrieves email from the filter
- he gets the email

Next spam report, the same email is in there but the person did not send the email again since it is exactly the same

Has anyone used this spam filter program?

Thanks
0
Hi

I have a setup with SpamAssassin, postfix, dovecot and a few other components.
I've set up user_preferences, so they are now loaded from mysql db using the user_scores_dsn etc. settings.

I have created a table in mysql for local Rules (header, body etc) and included them in the user-preferences lookup.
However - I cannot get them to work.

I have added the allow_user_rules and set it to 1.

This is my database connection settings:
allow_user_rules 1
user_scores_dsn                  DBI:mysql:mail:db-server:3306
user_scores_sql_password         <left out>
user_scores_sql_username         mail
user_scores_sql_custom_query     SELECT preference, value FROM spamassassin WHERE username = '$GLOBAL' OR username = CONCAT('%',_DOMAIN_) OR username = _USERNAME_ ORDER BY username ASC, priority asc

Open in new window


this query returns something like this:
Preference column:
  • use_bayes
  • bayes_auto_learn
  • blacklist_from
  • header LOCAL_H_FORBIDDEN_WORDS_SUBJ_SEX
  • score LOCAL_H_FORBIDDEN_WORDS_SUBJ_SEX
  • describe LOCAL_H_FORBIDDEN_WORDS_SUBJ_SEX

with corresponding values in the value column:
  • 1
  • 1
  • *@bejoqq.org
  • Subject =~ /sex/i
  • 4
  • Bad Word

Is there anyway to have all my rules stored in my database?
It's much easier to maintain her accross multiple servers etc.
0
1
A client's email can't reach our server due to SPF record check.
xxx.com does not designate permitted sender hosts

The client's SPF is

v=spf1 a:research.tenxxx.com include:spf.protection.outlook.com include:spf.zixxx.com, include:servers.mxx.net -all

Is there some wrong for the record ?

Thx
0
A sender try to pretend our email domain (eg. abc.com) but add a subprefix on it (ie, mail.abc.com) which in fact we doesn't use it.

The sender email is in fact come with @brisanet.com.br but in Outlook, it only show the fraud email address, (ie. @mail.abc.com) within any information for the sender's actual email address.

SPF check has been enabled in our server and it can't block it. Is it because of the sender using mail.abc.com instead of abc.com which allow him to pass the SPF check.

Any chance that we can block this type of fraud mail ?

Thx
C--temp-Screen1.png
C--temp-Screen2.png
0
Hello ,

I imagine that if there is a transparent anti spam server works like in a topology as this :

------------->   SERVER BOX ---------------->  Switch ----------------> Hosting / Mail ...etc. servers.

I want to know if there is a software that works without creating config for each domain / mailbox will handle the mails and send to the servers if they are not spam
0
We have 2 Exchange Servers 2010 SP3. One is installed on Windows Server 2008 R2 and other is installed on Windows Server 2012 R2. I have enabled Antispam settings on hub transport on both exchange servers, all settings are enabled. We don't have edge transport server.
Users are getting spam emails with some particular contents in emails. As CEO asked me to create a rule so that emails with those contents or subject should be filtered out and blocked. So,  i added that phrases from spam email into content filtering properties under "Block messages containing these word or phrases" and enabled Delete messages (SCL Rating >= 8), Reject Messages (SCL Rating >= 7), Quarantine messages (SCL rating >=6). Also defined Quarantine  Mailbox Email. Then i send a message with same contents (which i added in block messages) in email from my gmail in order to test but the message was not blocked and i received the message in my corporate email. It was supposed to be blocked but it didn't.
Antispam.JPG
0
Free Tool: Subnet Calculator
LVL 10
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

we have a client using SBS2011 with on site Exchange 2010.  they are using trend worry free business advanced anti virus/spam on the server.

there is a particular external sender who cant send our client emails.  there's no bounce back message, the message doesn't appear to even hit the server according the exchange message tracker, i also queried Trends spam filter and nothing from them appears to be quarantined.  i disabled Trend spam filtering but as of yet still nothing.  i can send to the client fine but it seems to be this one sender who cant, and its to any email address with the clients domain not just a particular person.  ive also checked blacklisting for sender and receiver which are clear and i've white listed the senders IP and domain in Trend.

the sender has tracked the message they sent and its saying it has left their servers, so not quote sure whats going on.
0
Earlier today I got rid of the search.yahoo.com redirect. I ran avast smartscan and malwarebytes, and I've rebooted. It's only on Google Chrome, and there are no extra extensions installed. Any ideas? Thanks.

Capture.JPG
0
Hi All ,

Quiet frequently I'm getting below mentioned error on my barracuda spam filter on out queue mails . The error message is

 "Deferred: conversation with 192.168.77.189[192.168.77.189] timed out while sending message body" .
 
192.168.77.189 is NLB interface of my 2 CAS servers (Exchange 2013 on server 2012 ) . Some days the queue goes up-to 300 mails and goes off in 1-2 hours by itself .

communication between barracuda and the cas server is stable .i couldn't figure out the issue yet . I have contacted barracuda support and they asked me to contact MS as its an issue with the exchange side. can somebody help me out to resolve this issue .

regards,
Sharaf
barracuda.jpg
0
we have very recently switched from a barracuda antispam appliance to using exchange online protection. we are a hybrid config with no mailboxes yet migrated to on-line.
I'm having an issue trying to get the spam scoring to "work". i.e. I get messages with the scl set to 6 in the header but they are not going to the junk folder as desired. we have had 2 microsoft tickets on the topic.
first thing, after reading an online article, we added 2 transport rules to our on-prem that are supposed to take anything with an scl of 6 and move it there. then Microsoft told my boss to turned off the users ability to set junk filter properties and have it set to disable.
second, today they told me it wont ever deliver them to the junk folder so I have set it to quarantine, which we really don't want unless its the only option.

surely there has to be a way to have the junk folder work... I'm attaching a screenshot of the automation advice when I opened todays ticket and had the message analyzed in case it helps.
automation.png
0
I will split points as equally as I can, this is asking for an opinion.

My website/email server hoster has recently introduced a spam filter on their servers.  This spam system has decided experts-exchange.com has started to spam me.  Apparently because the concerning information is often very similar (probably Question alert:, Help Answer:....) and because the body of the text sometimes contains unrecognisable words (possibly things like: what does for(int x=1;x<q*q;x+=3){q=foo(x);} mean).

Now comes the fun bit.
I have asked if I can white list the email address.  No, the spam filter works only with IMAP and is self learning.
I have pointed out I use POP3.  The spam filter works on all emails both POP3 and IMAP, but only learns on IMAP.

My opinion is that this filter is well meant but actually a terrible idea.  What are your opinions.
0
Hello Everyone,

Recent days we are witnessing lot of spoof emails coming into our organization. Attackers used to change 'display name' of the sender so that it look like valid email address. But when analyzing the headers it clearly shows its coming form private domains. Is there any way to block this behavior in Exchange 2013?

Thanks in advance
0
I had a spam problem about a month ago, which I fixed on my end.  I notice now that email I send to recipients at gmail are automatically being marked as spam.

My mail server is Unix - Communigate Pro running on an old PowerMac. Outbound mail goes to my SMTP server, which is a Dell SonicWall ES-3300    I changed the IP address after the spam got past the SonicWall, and put the new address into my DNS, which is hosted by DYN.com

I looked at the header of a message I sent to my gmail account.  I see something wrong with the SPF record  

X-Mlf-Uniqueid: o201708020314430029673
Arc-Seal: i=1; a=rsa-sha256; t=1501643684; cv=none; d=google.com; s=arc-20160816; b=fxKfyh5i6PzjoNNZkIMPSigH31cy4YQ3IwPn/XLlJekZPjdgLTVrCmwlzwGh2orLVN GAg7JYp8zmTIKmoj2fOo5/v5m9m+aMH16VJDa7PKxY2H5qYRt9OHehY+o6UqP95Il9lz 3/cqc1G6Fo+j3t0oCCa8H/JW4+03+o3X9nlX+ioY6gOoFGy7GtWzW4OJpxiJZUjxhtxp FgenvR03ekg/ZHQv7j3P/FIoDPhoQK/EzgofSx6a7qKwl0D4jY8YzBVvcQjfHYaJV96j porICVs9nghyv8bE7Oy34UxkqG3ZLJznTB4WqAmYzkC8Nw3duZRcC8G0B+ZXQXz1s7mi Jz0A==
X-Received: by 10.55.197.88 with SMTP id p85mr27288566qki.281.1501643684625; Tue, 01 Aug 2017 20:14:44 -0700 (PDT)
X-Mlf-Version: 8.3.2.6531
Return-Path: <prvs=138714c1e1=larry@computerlarry.com>
Arc-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning prvs=138714c1e1=larry@computerlarry.com does not designate 24.89.176.52 as permitted sender) smtp.mailfrom=prvs=138714c1e1=larry@computerlarry.com
0
Hi

We are looking for a email filtering solution and have been speaking to mimecast and proofpoint (enterprise version with TAP). Having had sales style demos both products look very similar so wanted so real world guidance.
We currently have 365 for email with EOP and it is doing a very poor job of filter spam, virus attachments and protecting against targeted phishing (fake CEO)
0
"Prohibits the DOD from using software platforms developed by Kaspersky Lab due to
reports that the Moscow-based company might be vulnerable to Russian government
influence."

https://www.armed-services.senate.gov/imo/media/doc/FY18%20NDAA%20summary2.pdf

https://www.bleepingcomputer.com/news/government/senate-gets-ready-to-ban-kaspersky-products-as-fbi-interviews-companys-us-employees/

2
Looking for the Wi-Fi vendor that's right for you?
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

4
User was tricked at home, he took the whole bait and hook, paid $ to a fake Microsoft person and allowed them on his computer. Anyway after running some tools and removing malicious malware he still has on his desktop a fake phone number that shows on his Task bar area. This is a Vista O.S. how do I remove?
I will be reformatting the computer in a  couple week.
0
Hello,

I am doing some testing of spam filtering solutions. Is there a service that will just send you spam to an email address? Thanks.
0
We have a Barracuda spam/Firewall 300 here that's got about 30,000 blocked/deferred messages in the outbound queue that I need to get deleted. I can't even bring up the outbound queue in queue management. I spent over an hour with Support and they cant connect with the guy couldn't figure out how to connect with it....that's a different issue. How can I clear these out? Its killing our mail throughput?? I know its got SSH but I can't connect to it. I'm not local to the system but I've got full admin rights. I cant even pull the export out of it.
0
I manage a small network (84 users) We currently have a Barracuda Email Security 300 that is getting a bit long in the tooth and is in need of replacement. So, with that said I am looking at Fortimail (Because we have a Fortigate 200D) and Barracuda Essentials for Email Security.

I do know that in terms of price that Barracuda solution is cheaper but I hate having to evaluate based on price (But that's what the higher Up's see) Has anyone used the Fortimail solution? is it more or less the same compared to the Barracuda solution? I do think both offer "sandboxing" and that is something I am interested in..
0
2

AntiSpam

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.