AntiSpam

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi expert,

I deployed exchange 2016 into production environment and deployed antispam into the exchange server as well. Now i'm having issue that certain external sender email can't be delivered to our mailbox and the logs show that the message can't be delivered.

I suspect this might be antispam causing problem, may i know what is the proper way to disable them?

please advise.

Thanks.
0
Hi expert,

I'm trying to enable exchange 2016 antispam, when i run cmdlet get-transportagent, below are the result, however there's spam email coming in to my mailbox..

Identity                                           Enabled         Priority
--------                                           -------         --------
Transport Rule Agent                               True            1
DLP Policy Agent                                   True            2
Retention Policy Agent                             True            3
Supervisory Review Agent                           True            4
Malware Agent                                      True            5
Text Messaging Routing Agent                       True            6
Text Messaging Delivery Agent                      True            7
System Probe Drop Smtp Agent                       True            8
System Probe Drop Routing Agent                    True            9
Content Filter Agent                               True            10
Sender Id Agent                                    True            11
Sender Filter Agent                                True            12
Recipient Filter Agent                             True            13
Protocol Analysis Agent                            True            14

When i run cmdlet get-contentfilterconfig | fl enabled, the result show FALSE
Does this mean i must get contentfilter agent to be activated, only the spam email will be rejected …
0
We have a situation where our IPS and sometimes our SPAM filter blocks specific IP addresses that are sending mail from GMail and Google mail. In every instance these blocked IP's are on an Internet black list. Googles' solution is to white list these servers and any other Google servers (literally thousands of them), this is insane to me. I am sure others have encountered this situation and I am wondering how do you handle it.
0
Is use DMARC and SPF to protect my domain, however a client recently became infected with malware and propogated the malware via spoofed email.  Now clients of mine are receiving mail addressed as me.  The question is how, what have I missed here.

Details
DMARC Record
v=DMARC1; p=none; rua=mailto:helpdesk@mydomain,mailto:7ffa0582@mxtoolbox.dmarc-report.com; ruf=mailto:My.name@mydomain,mailto:7ffa0582@forensics.dmarc-report.com; fo=1

SPF
v=spf1 +a +mx +ip4:M111.111.111.111 ~all
where
  • IP is my public IP address
  • MX is my cload spam filter provider.
0
Hello, is there any new updates or anything going on, I got two separate customers that are G Suite customers that use Outlook 2010 / 2019 and I am getting a few users that are saying they are starting to get normal emails going into their spam folder. Some of the emails are from users organization and in their contact list but something is starting to send more emails into the spam folder, I am wondering has Outlook done some sort of update or is something else going on or by chance more than one customer is experiencing the same problem?
0
We have dmarc implemented and I usually collect and review the reports weekly. About 3 weeks ago, the number of threat reports massively jumped and remains alarmingly high. Looking at a 2 month period: October-November, 7k emails passed dmarc, 70k have been reported as threats. This all looks like someone external has tried to use my domain and is failing the spf and dkim checks and I am getting the reports about it. I expect dmarc is working as it should but the volume of emails and the sudden increase around 3 weeks ago is what has got be concerned. Unfortunately I have had no reports from humans in that time of fake email coming from my domain. I do not even know the content of the emails or the recipients. All I know from dmarc is that they exist. My dmarc policy is set to quarantine rather than reject so conceivably people are still seeing the emails. I would appreciate any advice from the email experts here.
0
I think the autotask was added later by someone? How do i merge the two SPFs?

v=spf1 +a +mx +ip4:66.147.2.2 ?all
v=spf1 include:autotask.net ~all
0
Hi expert,

In our environment, we have exchange 2016 with symantec messaging gateway (SMG)

Since we have the symantec messaging gateway, we thought of turning off the antispam feature in SMG but keep the antimalware feature.

How can i verify if my exchange has antispam turned off completely?

When i run get-transportagent cmdlet in exchange cmdlet, below is the result, is the spam enabled?

Identity                                           Enabled         Priority
--------                                           -------         --------
Transport Rule Agent                               True            1
DLP Policy Agent                                   True            2
Retention Policy Agent                             True            3
Supervisory Review Agent                           True            4
Malware Agent                                      True            5
Text Messaging Routing Agent                       True            6
Text Messaging Delivery Agent                      True            7
System Probe Drop Smtp Agent                       True            8
System Probe Drop Routing Agent                    True            9
0
Hi Guys,

We have 3 x MX records (mail servers).
MX1 (MX level 10)
MX2 (MX level 20)
MX3 (MX level 30)

Is there a way to only make MX2 and MX3 available if MX1 is down?  (automatically)
Our strongest SPAM filtering & smart host is on MX1,
We don't want anyone to be able to use MX2 & MX3 if MX1 is up.
0
I am using hotmail, if I ever marked any email as Junk or Phishing or clicked Block, will hotmail automatically inform the sender’s server about I marked their emails as spam? I recently noted that a genuine sender said I marked their emails as spam previously (which I did not recall I did), and they stop delivering any emails to me now until they reverse this situation from their servers.
0
Dear Experts

I am hoping someone can assist me with the following issue. I have SPF and DKIM configured on my domain, which appear to be setup correctly but when I examine the message header of an email I sent I see the following entry "None (protection.outlook.com: za.cfao.com does not designate permitted sender hosts)"

Just to add I am using Exclaimer for signature management.

Please can someone examine the header below and advised if I configured something incorrectly.

"Delivered-To: nsadheo@gmail.com
Received: by 2002:a4f:c15:0:0:0:0:0 with SMTP id 21csp930979ivm;
        Wed, 21 Aug 2019 06:30:56 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyk6Zvuz4Zzp1WUwoJQlz3EsF/mENO5B7uNOXkWXKiQUJ9CmIl25//eS3gDvDa/NqaFIZJg
X-Received: by 2002:a17:906:158c:: with SMTP id k12mr31626198ejd.83.1566394255976;
        Wed, 21 Aug 2019 06:30:55 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1566394255; cv=pass;
        d=google.com; s=arc-20160816;
        b=lbJV6glrTA9esPnHzJRI/x2ugMmh1yM0zYOO4Hmhvpeuwblxjcnlf4yErbNS9ShdTC
         zz7tB3Tlp63d+mH95cXl0tVS6pXE852lUmxX47jdY5tuQ86Mn788xO/HP8y1VlFlamK2
         zTuOJ3ow4d264I2lPWXgueWLQOOwVvjyLOsz0hxpo4TIfLY+YLvTr2XlDUW7F4ZIC50o
         fjfU5YP15UvEHg4+YPHRqmiMQyp6DT6No71nhWhbZyCdzTWFs6A8a2QJEYYuY5hccLd7
         4sHcycJKruMu0BIGoa7e5O/BS5zXRxqoPzN9IvrMQu0IiI0hQS4Fc+iqTs+RRuRnl8Ex
         z3bA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        …
0
I'm trying to configure a rule in Cisco CES cloud platform the stops people masquerading as the CEO
for attempted Phishing. So on our previous FW we had if the mail has the sender as 'our ceo' but does not come from
our Domain, then drop. I can see where to configure this in the CES.
0
I have a user that has two AOL accounts on their Ipad and they are complaining how much spam is out of control.  To my knowledge, there is not much that can be done other than starting to unsubscribe to junk email or getting a new email account.  Am I right or is there something that can be done with a third party tool or something that can be configured within aol?  I know its a pretty junky system but I figure to ask as this is a VIP and they are tied to their choice of aol.
0
hello,
I would like to know if it is possible to find an open smtp relay in internet that i can use with telnet to test if there are any issues with our antispam hardware.
thank you in advance
0
Dear Experts,

We are using Wordpress on Bluehost for our website, and using WP Mail SMTP plug-in to send out acknowledgement emails after we receive a request.  We are having issues because our client, who is receiving this request mails use Mimecast, and they see this as spoofing, because All email for Bluehost's shared hosting customers is routed through a pool of proxy email servers.  We cannot white list a range of IPs because they seem to change all the time.
We tried other plug-ins, but the issue always remains the same.  
Please advise.
0
Yesterday I got an interesting SPAM that looked very much like the scam you see here.

I right clicked on the shortcut and copied it to the clipboard then pasted it into chrome on my test machine.  It takes me to what appears to be a legit bankofamerica website.  I have attached a screenshot.  I did not enter my passwords, but it sure looks 100% legit to me.

Here is the url:  https:/ / billpay-ui.bankofamerica.com/ imm/ PaymentCenter/ Index/ 8404?csbi=644077671&b0=20190916192841396056
I have added a space after each / to make it safe.


I've been told that some legitimate looking URL's will automatically redirect me to a bogus website, but how does that work? If the domain controller does the redirecting wouldn't bankofamerica.com avoid a bogus address? Or does the redirecting occur on the routers that the packets hop through?

In other words how can this particular link get me in trouble?
ee-bankofamerica.png
0
Working for a financial services company, our users typically send out templated marketing emails to the business contacts they interact with.

Their emails typically have the same subject and text and lately tend to end up in the recipients' Outlook junk folders. They are not bulk emails though. A single sales guy typically sends out about ten to twenty of them per day.

Our third party outbound spam filter is set to let these through but the controls that Microsoft provides at Exchange Online (Office365) appear to be pretty much non existent.

Any ideas how to circumvent this?
0
we have a single windows sbs2011 running exchange and windows 10 pro clients running outlook2007.

everything was running ok, but today, for some reason, for certain email contacts (not all), we receive a bounce back stating :-

No SMTP server defined. Use real server address instead of 127.0.0.1 in your account

I did research this and noticed an article relating to avast cloudcare, so we disabled the core shields on both the client and mail server, along with our vamsoft ORF antispam, but we still get the same error.

Can anyone advise how we go about resolving this?

Any advice much appreciated.

Thanks.
0
Can someone who understands DMARC explain to me exactly what is happening in this DMARC?

spf=neutral (google.com: 209.222.82.54 is neither permitted nor denied by best guess record for domain of 15200-bounces@bounces.ess.barracudanetworks.com) smtp.mailfrom=15200-bounces@bounces.ess.barracudanetworks.com;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mysupercompany.com
Return-Path: <15200-bounces@bounces.ess.barracudanetworks.com>
Received: from 22pmail.ess.barracuda.com (22pmail.ess.barracuda.com. [209.222.82.54])

is 209.222.82.54 not authorized/allowed to 15200-bounces@bounces.ess.barracudanetworks.com or is 15200-bounces@bounces.ess.barracudanetworks.com not authorized/allowed to 209.222.82.54.
0
We are setting up SPF, DKIM, and DMARC for our domains but just wanted to get some clarification on the best options to set for each scan result:
none, neutral, softfail, hardfail, permerror, temperror

So basically wanting to know which is the best option?
From reading it seems that HardFail would be the way to go but just wanted some insight for these settings and what is the best practice for them to set them up?
0
Hi,

I've got a client who has approached me regarding implementing DKIM and DMARC. They are already running SPF.

I have implemented simple DKIM and DMARC projects previously however this has some complications which I would like a second opinion on.

They are implementing this using a Fortinet using Fortimail to apply the DKIM signing on outgoing mail.

I have the following complications which I would like a second opinion on.

Firstly, they have three Domains which I believe gives us two options we can either create a DKIM signing key pair for all three or we can use CNAME records to use one key pair. What is the recommended best practice, I'm inclined to think using three separate key pairs would be best?

Secondly, they have two external companies which send emails on their behalf using their Domain name (allowed spoofing to a degree). This is allowed using SPF as their IP is listed in the allowed senders however to my knowledge this will not work once DKIM and DMARC are implemented. Therefore, my thoughts are these companies need to relay the Emails via the on-prem Exchange Server at the clients site, this way the Emails leave via the Fortimail and have the signing applied. I believe this is fairly easy to do using receive connectors locked down to a specific IP address. Is this the best way around this issue?

Thanks
0
How can I block countries from spamming my hotmail account?
I'm getting crap from the .CO domain and just want to shut that down completely.

ALSO, I keep getting crap from techstargroup.com but their emails are  prefaced with abc.techstargroup.com and ccs.techstargroup.com
Is there a wildcard I can use in hotmail's junk settings?
I placed their domain on the block list but they're still getting through.
0
We are getting bogus emails:  (emails that were never sent by anyone inside our organization) - to people that are inside our organization.  Subjects are different, nothing is ever the same.  Its like we have a Gremilin inside sending emails that are making no sence.  What could be doing this, and how do I stop it.  One emails in particular is one of our employees that is responsible for purchasing received an email from the Bosses email address telling her to purchase speffic gift cards and us them to get dome supplies from like Home Depot.  The Boss never sent that email.  What could be happening here, and how can I stop it ?  Using Trend Micro Advance Security for email scanning and PC Security agent.

Thanks in advance for any help I can get.  

Mark H.
0
Hey guys,

What is a good spam filter software (not service)?  I have a client who would like to install spam filter software on few computers.  Thanks in advance.
0
The user has a brand-new email account, and wants to control what senders they receive email from.
They have an Exchange account with Intermedia, a large hosting company.

I recall there being a company that had a system which receives and holds the email, notifies the user, and waits for the user to approve senders.

Can anyone tell me what companies offer this service?
0

AntiSpam

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.