Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x

AntiSpam

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.

Share tech news, updates, or what's on your mind.

Sign up to Post

Please provide me with guides and processes on how to protect Office 365 email domains from email spoofing.

We need to prevent our Office 365 users from receiving spoofed emails that look like they were sent from legitimate existing internal email addresses.
0
Free Tool: IP Lookup
LVL 11
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

We use Exchange 2010 and have VIPRE Spam app that is supposed to move spam to a new folder designated 'SPAM'. It is identifying it as spam but not creating the SPAM folder or moving messages to said spam folder. Support with the company says its because Autodiscover is not working properly.

Their initial response is to fix any errors under test-outlookWebServices before they can offer further assistance. I have 0 issues with OWA and have 0 issues with mobile devices. 0 issues with Desktop Outlook clients yet they tell me that I must correct the error listed in the detail before they can assist. So I am looking to resolve the error, that isn't causing any problems, without creating new ones.

The error is   The certificate for the URL https://SERVER.DOMAIN.local/autodiscover/autodiscover.xml is incorrect
 . For SSL to work, the certificate needs to have a subject of SERVER.DOMAIN.local, instead the subject found is DOMAIN.com. Consider correcting service discovery, or installing a correct SSL certificate.

Obviously I cant get an alt for .local so I am trying to identify in my configuration where the system is referencing the .local domain.

internalURI is currently https://SERVER.DOMAIN.com/autodiscover/autodiscover.xml
internal URL is currently https://SERVER.DOMAIN.com/ews/exchange.asmx
externalURL is currently https://SERVER.DOMAIN.com/ews/exchange.asmx

I suppose it could be an IIS/Cert issue and not just an exchange config issue. Just looking for more …
0
A Windows Server 2008 R2 installation has been infected with a Trojan horse that has encrypted files with the *.rapid extension.  The server had Avast for Business installed.  An AVG rescue CD was made and ran multiple times to eliminate instances of the Trojan horse.  After four times, the server is labeled clean from the AVG rescue CD.  I then uploaded two *.rapid files to nomoreransom.org and it came back saying that there was no fix for this.  Does anybody know of a trusted decryption software that can correct this problem?  I can attach a file if requested.
0
Dears

I have a problem on my mDaemon mail server
I have 1 user that is receiving hundreds of mail delivery error as if he is trying to send emails to someone but failed...
The emails are to a weird email 24484763@att.txt

Looking at mDaemon logs I see that it is as if the user is really sending those emails while he is not.

Those ar the actions I took
I formatted his pc and reinstalled outlook
On mDaemon I changed the password of that user and created a complex password (10 char complex).
It worked for few hours then it is coming again...!!

My ISP is threatening to block me as he is saying thousands of emails are being sent as spams...

How to resolve this issue? What shall I do ?
BTW relay is not activated on my mDaemon server.
0
Dears,

I have been warned from my ISP that they have blocked my IPs because a lot of spamming is coming from my network.

How Can I check this ? I have a network of 50 Computers. I also have a firewall (Cyberoam).

Please advise.
0
[DKIM] Your DKIM signature is missing.
The message was not signed. This means that the message had no DKIM signature. This is not the same as failing.


What is the cause of this error?

I can say, I host the image file as my email signature as a domain that does not match my email's domain.

Is this the problem?

On a related note, what is the SPAM impact of hosting my email signature image on a domain that does not match my email's domain?

Thanks
0
I would love that since I could send a dozen different emails, and use that to improve my odds of being blocked.

It's a great service is anyone as looking for a new business, in the event the service does not yet exist.

Thanks.
0
I suspect my email may be flagged as SPAM and need to understand if so, and how to fix it.

I use a CRM call PipeDrive. This has two ways of tracking emails...

1) When the recipient has viewed the email, I get an alert.

2) In the case the email also contained a web URL, I get an alert when that URL has been clicked.

3) I also use an email signature as an image file, hosted by a web development company of mine.

 
Did I describe anything that makes my emails SPAMMY?

I see huge swaths of emails I sent that never got opened, but more directly, a customer I spoke with today had not gotten my emails.

When I sent a bare bones email, it got through.

Is have an image file (my signature) in the body of the email a red flag for SPAM filters?

What about the tracking mechanism for:
1) email's been read
2) the URL's been clicked.

Thanks.
0
Greetings,

Certain SPAM emails are reaching to user inbox though their SPAM score is high.

On checking further I found the those emails have a setting Backend TLS: YES.

Any clues on this.
0
I have done some researching in upgrading my current exchange 2013 to 2016, and I have a problem with needing to have the edge server outside my AD organization. All my servers are running in VMs in a scale computing hyperconverged system.  Can I just have the edge server on the same network, but not added to the domain, would that work?
Otherwise,  I would have to purchase a physical server to run somewhere outside of my firewall, which complicates things.

Any recommendations?
0
Who's Defending Your Organization from Threats?
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Dear Experts,
My client has regular pop3 email boxes from Godaddy, which recently have been spoofed.  Basically, someone is sending emails using their email addresses requesting payments or loans.  I changed their passwords, scanned their machines, and am pretty sure these emails are not coming from my clients' PCs.  After I spoke to Godaddy, they recommended I switch to Office 365 email boxes because of encryption.
What I am skeptical about is, if all they are using is the email addresses that they know exist, how does encryption of the email stop this type of spoofing?  It feels as though someone just saw my name on the website, and decided to use that name to register for something.
Unless my name itself is encrypted, I cannot stop that person from impersonating me, so why does encrypted email stop spoofing?
Please advise.
0
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense Magazine.
1
I'm successfully using a Barracuda spam filter in conjunction with our 2010 Exchange server.  Our MX record and our rDNS record point to mail.domain.com, which is also the Hello response from our Exchange server.  Now that the Barracuda is in line and working, it is responding with a Hello of Barracuda.domain.com.  I've added an A record for the Barracuda response, and MX Toolbox passes everything, but I'm concerned that eventually they will get black listed because the MX record and rDNS don't match the Hello banner.

I'm considering changed the MX record, and the matching rDNS record, to Barracuda.domain.com.  But this has been up and running for a while and I don't want to create an issue where one doesn't exist.

Thoughts please??  Thanks!!
0
Hello people,

In my Exchange 2013 after we configured the anti spam solution, we cannot receive emails.

I checked the configuration and it is not working...we made some changes in the receive connectors.

Do you have any clue where to start?
0
Hi Guys,

I've setup the SonicWALL Antispam module and all went well with the config.
When trying to send a test mail to the incoming MX, I am getting the following error.

Any advise will be appreciated,


Resolving hostname...
Connecting...
Connection: opening to mx2.domain.com:25, timeout=300, options=array (
                     )
Connection: opened
SERVER -> CLIENT:
SMTP NOTICE: EOF caught while checking if connected
Connection: closed
2017-11-24 08:38:17      The following From address failed: user@domain.com : Called MAIL FROM without being connected,,,SMTP server error: Called MAIL FROM without being connected
Message sending failed.

0
We are providing antispam service to few clients using our builtin antispam in our server.
Now customers requesting for interface to release the quarantined emails.

Is there any antispam software you guys know which can provide interface and filter spams?

Thanks
0
1
 
LVL 3

Expert Comment

by:Juana Villa
I wish people use their intelligence in an ethical way :(
1
Our main domain for mailservers has been blacklisted by Spamhaus.
I have not received any complaints prior to this (24 hours ago).
Spamhaus do not let me delist, the domain has been flagged for manual delist (whatever that is), and I did that 24 hours ago, but until now, nothing from Spamhaus.

Anyone knows how to get out of that blacklist, or to get sem response from Spamhaus?

/Jan
0
Phishing emails are a popular malware delivery vehicle for attack. While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to come from a trusted source. Ready to learn more?
1
Free Tool: ZipGrep
LVL 11
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Hello,

I've a problem with bounce back when i send a mail with a distribution group and the recipent address is faulse, i don't receive the bounce back.
technical context :
2 Exchange server 2016 standard without edge in DAG
Antispam Exchange ENABLED
my external mail are filtred by an antispam gateway

Diagnostic:
My antispam gateway send me the bounce back, my  server1 create event HARECEIVE the mail and create an event HADISCARD and the mail is DROP by the server1 or the server2.
pb1.pngpb2.png
do you have already meet this case ?

Thanks for your help!

Vincent
0
I am using exchange server 2010. When I sent email, a header is added in mail. When analyse the header, it gives the information of My MailServers private IP, Host name and other private information which breach in security. Also, if some one send mail to us and goes bounce back because of some reason, it also gives the full informatiom about my private IP As shown below. Instead of Private IP, If public ip is shown, its OK But I want to hide. It will be very much good if it could be like attached file.

1. Any local IP
2. Server Hostname

Delivery has failed to these recipients or groups:

MyName(GV) (myName@example.com)
The e-mail address you entered couldn't be found. Please check the recipient's e-mail address and try to resend the message. If the problem continues, please contact your helpdesk.






Diagnostic information for administrators:

Generating server: hmlmumbai.local

MyName@example.com
#550 5.1.1 RESOLVER.ADR.RecipNotFound; not found ##rfc822;myname@example.com

Original message headers:

Received: from hmlmumbai.local.hmlindia.com (<Local IP>) by
 HubTransport.Domain.local (Local IP of Transport) with Microsoft SMTP Server (TLS) id
 14.3.301.0; Tue, 24 Oct 2017 14:03:26 +0530
X-ASG-Debug-ID: 1508833996-05f7ce6e4a016f0001-QWa99X
Received: from mail-qt0-f177.google.com (mail-qt0-f177.google.com
 [209.85.216.177]) by hmlmumbai.local.hmlindia.com with ESMTP id
 MaJLwpyu0xxKvgoI (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 …
0
Hi There,

For the past few weeks users on my network and users they typically email have been complaining about receiving a lot of spam from our users.  I have gone around to every computer and ran malware cleaning tools such as malwarebytes, superantispyware, ccleaner, adwcleaner, antivirus and so on.  I have found many problems and removed them but the spam will stop for a few days then suddenly come back with a ton of emails.  Our email is hosted by an outside company like godaddy and it is pop.  We don't have a good firewall yet so i can't scan the logs of the firewall.  Is there another way to scan the network to detect which pc has the spambot infection and do you know how to remove the virus.
0
Most of my organisations emails are being bounced back even though they are not listed on any blacklisted site, they are predominantly 365 users.  They are being bounced back with a security issue.  Even if I try and send an email to microsoft to delist I get the following message 550 5.7.1 TRANSPORT.RULES.RejectMessage; the message was rejected by organization policy.

Not too sure if any one else has had the same issue.

Thanks
0
Hi Experts, AFAIK there are 3 ways to anti-spam to an Exchange 2016 environment: SPF, DKIM and DMARC

I can configured SPF record on domain control panel but not sure about the 2 others, does anyone have experience with them? Can we configure them on Exchange mailbox server, or public DNS of ISP?

Many thanks in advance,
1
When we send an email through our company it is very commonly flagged as junk by the recipient. Can this be fixed? What do i need to do to fix this? We're using exchange from our own in house server. No we dont mass email people. We have never been hacked and used as a bot that im aware of.  Our in coming does go through an online spam filter.
0

AntiSpam

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.