AntiSpam

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.

Share tech news, updates, or what's on your mind.

Sign up to Post

hello,
we have a mail server protected with a well reputed firewall, and published in internet
we have lots of traffic with external users who never complained about sending mails to our domain users,
lately, there is a provider who has four different mail domains which are hosted in different corners in the world, but cannot send mails to our organization...
we checked everything a out our domain:
* mx records
* DNS publishing
* internal mail servers
but nothing seems to be incorrect or blocking sender domains, but the user is always receiving this message error:

host lookup did not complete

which is generated from a CPannel webapp,
i add, that both of us (our organization and external provider) are able to send/receive emails to other domains without a problem

I don't know what I should exactly check or what I can do to resolve that issue?

thank you
0
Become a CompTIA Certified Healthcare IT Tech
LVL 13
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

I am using hotmail, if I ever marked any email as Junk or Phishing or clicked Block, will hotmail automatically inform the sender’s server about I marked their emails as spam? I recently noted that a genuine sender said I marked their emails as spam previously (which I did not recall I did), and they stop delivering any emails to me now until they reverse this situation from their servers.
0
Dear Experts

I am hoping someone can assist me with the following issue. I have SPF and DKIM configured on my domain, which appear to be setup correctly but when I examine the message header of an email I sent I see the following entry "None (protection.outlook.com: za.cfao.com does not designate permitted sender hosts)"

Just to add I am using Exclaimer for signature management.

Please can someone examine the header below and advised if I configured something incorrectly.

"Delivered-To: nsadheo@gmail.com
Received: by 2002:a4f:c15:0:0:0:0:0 with SMTP id 21csp930979ivm;
        Wed, 21 Aug 2019 06:30:56 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyk6Zvuz4Zzp1WUwoJQlz3EsF/mENO5B7uNOXkWXKiQUJ9CmIl25//eS3gDvDa/NqaFIZJg
X-Received: by 2002:a17:906:158c:: with SMTP id k12mr31626198ejd.83.1566394255976;
        Wed, 21 Aug 2019 06:30:55 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1566394255; cv=pass;
        d=google.com; s=arc-20160816;
        b=lbJV6glrTA9esPnHzJRI/x2ugMmh1yM0zYOO4Hmhvpeuwblxjcnlf4yErbNS9ShdTC
         zz7tB3Tlp63d+mH95cXl0tVS6pXE852lUmxX47jdY5tuQ86Mn788xO/HP8y1VlFlamK2
         zTuOJ3ow4d264I2lPWXgueWLQOOwVvjyLOsz0hxpo4TIfLY+YLvTr2XlDUW7F4ZIC50o
         fjfU5YP15UvEHg4+YPHRqmiMQyp6DT6No71nhWhbZyCdzTWFs6A8a2QJEYYuY5hccLd7
         4sHcycJKruMu0BIGoa7e5O/BS5zXRxqoPzN9IvrMQu0IiI0hQS4Fc+iqTs+RRuRnl8Ex
         z3bA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        …
0
i am looking for an email security service for o365 exchange. Barracuda, Mimecast and Proofpoint.

since our vendor can only do Barracuda, so it would be first priority..

is Barracuda trustable esp for guarding phishing email? i am asked to buy both essential and sentinel

any comment?
0
Hi,

Some people in one of our employees' mailing list have been staring to receive emails with his as the sender (only by name, the email address isn't his own but some random addresses like herblay@teamaxe.com) & there's nothing in his sent items about this.

The emails themselves are fraudulent & contain a DOC file requesting to enable the macro in them!

The most worrying thing is that some of these emails seem to be a continuation of correspondences the guy actually had - meaning, it looks like he just replied to an ongoing correspondence!

Any ideas what's going on?
0
hello,
I would like to know if it is possible to find an open smtp relay in internet that i can use with telnet to test if there are any issues with our antispam hardware.
thank you in advance
0
Dear Experts,

We are using Wordpress on Bluehost for our website, and using WP Mail SMTP plug-in to send out acknowledgement emails after we receive a request.  We are having issues because our client, who is receiving this request mails use Mimecast, and they see this as spoofing, because All email for Bluehost's shared hosting customers is routed through a pool of proxy email servers.  We cannot white list a range of IPs because they seem to change all the time.
We tried other plug-ins, but the issue always remains the same.  
Please advise.
0
The spam filter my client uses is great at blocking spoofed emails, for example the ones from gmail that are common. Today an email got through that was spoofed but it used the same domain of my client. I haven't seen this in the past where the domain name is spoofed also, for example

Example of what I've seen:
- Envelope Sender (spoofed email): actual clients email address, client@clientdomain.com
- Message ID (actual email): spoofedemail@gmail.com

What happened just now:
- Envelope Sender (spoofed email): actual clients email address, client@clientdomain.com
- Message ID (actual email): spoofedemail@clientdomain.com

I verified the sending IP address is not coming from my clients email server and there aren't any bugs or breaches showing up.  I've never seen the @clientdomain.com spoofed before. Any light that can be shed on this is much appreciated.
0
I have a client and recently they have been informed that a lot of the outgoing emails are being caught in the spam filter for many important recipients.

They use Exchang Online but all outgoing emails go via Mimecast after leavinf Exchange Online.

I want to configure DKIM and SPF correctly to try to minimise these outgoing emails going to spam.

Can someone explain how this should be done correclty.

Also do I need to configure DMARC too.

I have used MXToolbox to check if they are blacklisted and they are not.

I have little experience with any of the 3 things so could do with some advice.
0
Gurus ,

have you evaluated XDR Cortex Product from PaloAlto ? How does it compare with Cylance or Microsoft EDR

Regards,
SID
0
Introduction to R
LVL 13
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

We've recently use a 'scrubbing' service and now we're having an issue where our marketing email list(hosted with a 3rd party) flags emails from our own domain as 'catch-all' and removes those email addresses from the mailing list. We host our email in Office 365 and the domain is set as 'Authoritative'

Any idea on how we can avoid this issue?


Thanks!
0
I need to add our survey companies email address to the safe sender list.
I have been given following details of the survey sender company:-
- Website IP
- Mail Server IP
- Email address /the Domain name abc@contoso.com

We use mimecast for our MX records.
Have onsite exchange servers where the email is passed onto from mimecast.
But have user mailboxes in Office 365.

In which places should I add this to safe sender list?
0
WhatsApp-Image-2019-06-19-at-14.11..jpegWhatsApp-Image-2019-06-19-at-14.11..jpeg
Hi,

I receive this error message while I send mails to a specific domain.
please help.

Regards
Alfred
0
We are planning for Dedicated Mail  Server in Our Data Centre. Existing 100E firewall is connected. Existing 100E spam filter is Good  or Baracuda Appliance Or Cloud based Spam filter is good. Please recommend.
0
Hi, i want to add an [EXTERNAL - WARNING MESSAGE FROM OUTSIDE PARTY] to external emails, we use Exchange 2016 w/Barracuda spam filter.

Please let me know the easiest way.
0
My Exchange Server 2013 is blocking genuine emails with the error message 554 5.7.1 This message has been blocked because it contains a banned word. (in reply to end of DATA command). Where do i maintain this list as i never setup any filtering on the exchange server. I already have the filtering on the gateway level. This is strange as i even disable the malware filtering in the Exchange 2013 ECP. I don't want any blocking of emails on the Exchange server

Rdgs
Kong
0
Hi,

We are using Barracuda Email Security Gateway 300Vx (Virtual Appliance). We usually start receiving spam emails in bulk quantity and barracuda take 3 -4 hours to stop those emails.
In  the meantime almost all users receive spam email. Please review the attach image. This is today's outbreak. Its not generated single IP or domain so blocked IP/Domain is not an option. I already contact their support several times but I didn't get proper solution. They usually reply like this "We have blocked the finger prints so it will take 2-24 hours to reflect the changes."
I am already using their Cloud Protection Layer (CPL) but there is no effect on spam emails. Spam email pass their CPL and BC device.
This is how we received the emails: Email-->CPL (scan)-->BC (scan)-->Exchange server.

My question is how we can stop those spam outbreak? How we can tighten the security? What's the best alternate for Barracuda Email Security Gateway with same price?
Thanks in advance..
0
Emails that include a specific office number sent from GoDaddy Office 365 are being flagged by Gmail as SPAM.

When I send emails that do not include this specific office number, emails are delivered to the Gmail users Inbox.  When the body or email signature includes the extension 8305, gmail will deliver the email to the SPAM folder.  I have tried all different variations, including bracketx, dots, hyphens, spaces, etc... when you add the entire number, the email is sent to the Gmail SPAM folder.  I have even swapped out the numbers, and the email is delivered perfectly.  Its only with the 8305 extension is added to the email, that gmail decides to filter and deliver the mail to the SPAM folder.  

Also, when I test and send the exact email from my on-prem Exchange 2010 box, the email is delivered properly to the gmail Inbox.  I was leaning more towards Google being the issue, but it seems to be GoDaddy Office related.  What exactly should I be looking for? In my research, I see posts to ensure that my SPF and DKIM are setup properly.  I have checked MXtoolBox and everything comes back OK.  Not sure what else to check?  Any suggestions?
0
Hi,

As part of a local football club, I email out newsletters through Campaigner from our club's email address to subscribers of newsletter which details news for the club.

There are 250 people who receive the newsletters and they had subscribed to the newsletters themselves.

Until recently, these newsletters were delivered successfully each week.

For the last few weeks, these newsletters have been sending to the subscribers' spam folders.

To fix this problem, we set up or DKIM and SPF records correctly for Campaigner.

This week 4 out of 250 people received the newsletters correctly.

Mostly all of the subscribers use Gmail.

If all subscribers put in the club's email address, where newsletters are sent from, into their contacts in Gmail would that solve anything?

What are your thoughts on this matter?

Thanks,
Robbie
0
Bootstrap 4: Exploring New Features
LVL 13
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

All of our customers run Symantec Mail Security for MS Exchange (SMSMSE) 7.9 to protect their Exchange servers of various flavors.  We've noticed that in the last 6 months, the volume and sophistication of inbound virus/malware content for multiple customers has forced us to switch to Rapid Release defs; if we stay on certified, messages with malicious attachments get through, even if the certified defs are only a day (or less!) old.  That's with heuristics on maximum, and blocking of macro-enabled Office attachments, VBA content, and quarantining of multimedia files.  Is anybody else experiencing this too?  What are you doing to mitigate it?

The other issue is that RR definitions aren't as reliable as certified defs, and sometimes spontaneously (and silently) fail to load.  Once we've noticed that's happened, one of the easier fixes is remoting to the server, manually updating certified defs, then updating rapid release again.  Almost like SMSME Rapid Release gets 'stuck' sometimes, and that 'unsticks' it.  The trick is noticing it's happened in the first place, because SMSMSE itself doesn't consider defs out-of-date until several days have passed, and so won't report on them.  We can't wait several days to know--as I mentioned, certified defs of even the same day are too out of date to provide complete protection.

To that end, we set up a scheduled report with a our PDQ Inventory automation tool, that monitors the modification date on the catalog.dat file in the virus…
0
my domain is listed in spamhaus DBL and i send lot of request but is not resolve the problem yet ,someone can help pleaase ????
0
In a Nation Builder nation, I have a 700-member e-mail recipient list. The majority of these recipients were imported when my nation was set up a couple of months ago. Email to these recipients is solicited because they all pay a monthly/annual fee for membership.

I've sent about a dozen email blast in this time without problem, and I get stats on how many people opened links inside the emails, how many bounces, how many are ad addresses. However a couple of weeks ago, I sent one out and it first reported everything to be OK, with zero bounced, but after about 4 days, the bounced shot up to 117. This was highly irregular because the highest number of bounces before this was about 8. I had a look at the 117 and they are all Yahoo, AOL or Sky addresses, and since AOL and Sky go through Yahoo, we can assume that this is specifically a Yahoo problem. Here's the message that appears in Nation Builder next to each bounce...

4.0.0 Email was deferred due to the following reason(s): [IPs were throttled by recipient server]

I've done two more blasts since this, and the same thing happens. I've checked with a few owners of these email addresses and can confirm that the emails are not being received.

Is there anything I can do to help this situation, either on Nation Builder, on Google G-Suite, or on Yahoo? I've contacted Nation Builder support, but all they suggested was that I send a handful of emails at a time in order to rewarm Yahoo. But this could take a long time, …
0
Hi,
I have a problem with some exchange servers 2010.
I have an external anti spam filter (online) to point my MX Record.

When an email come to the antispam filter. Every mail was tagged [spam] in the object email but it's the exchange server who tagg [spam] not our antispam filter.
If I disable all option's antispam in exchange manager.. I have always [spam] in object..
But if I point my MX directly to my exchange server, the mail come correctly to the mailbox without [spam].

Some people have an idea to resolve this problem.

For informations all work fine before last week.

Many thanks.
0
Error from web server 471 - License Invalid : unable to GET: https://aztec.brightmail.com/rules5/dayzero.vcdiff/4/latest.

Symantec Brightmail Gateway v10.6.3-2

I notice the spam definition is not up to date. 17840 days ago.

how can i fix this ?
0
Hi all,

we facing a DUHL SORBS problem, customer moves to tele2 fiber, changed IP and DNS and suddenly 20% of the sent mails are blocked by DUHL SORBS.
We try now for 3 months to figure out what is wrong, Tele2 won't help at all.
same settings works fine for 5 years on a VDSL line, so it's very unclear why this is happens.

situation:
sbs2008 server receives mail via spamexperts spamfilter so the MX points to them. lb.mailscanner.nxs.nl and fallback2.mx.nxs.nl

we have spf in place v=spf1 a a:relay.indetel.net a:_spf.ibvision.nl
where a:relay.indetel.net is the tele2 mailproxy we use this at the moment to avoid mail delivery problems, but some outgoing mails still fail
where a:_spf.ibvision.nl is the webshop supplier.

PTR is in place and outlook.marindex.nl point to the customers sbs2008 server.

When I tried to delist with SORBS is says that the whole IP block is listed and that only the ISP that owns the IP block can delist is.
When i login by SORBS i found this:

End users may submit change requests if suitable rDNS is in place.

NOTE to end users: "Suitable rDNS" means there should be a PTR record that points to a hostname that is listed in your MX record, and the MX record should refer to a hostname that resolves to the same IP address.  If it does not we CANNOT delist you!  For further information, including details on "Suitable rDNS"

any help will be preciated.


Best regards,

Victor Esselman.
0

AntiSpam

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.