[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More



Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a problem with some exchange servers 2010.
I have an external anti spam filter (online) to point my MX Record.

When an email come to the antispam filter. Every mail was tagged [spam] in the object email but it's the exchange server who tagg [spam] not our antispam filter.
If I disable all option's antispam in exchange manager.. I have always [spam] in object..
But if I point my MX directly to my exchange server, the mail come correctly to the mailbox without [spam].

Some people have an idea to resolve this problem.

For informations all work fine before last week.

Many thanks.
Build an E-Commerce Site with Angular 5
LVL 12
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

Error from web server 471 - License Invalid : unable to GET: https://aztec.brightmail.com/rules5/dayzero.vcdiff/4/latest.

Symantec Brightmail Gateway v10.6.3-2

I notice the spam definition is not up to date. 17840 days ago.

how can i fix this ?
We have 3 apps that a user runs on his computer every other day: 'SUPERAntiSpyware', 'Spy-Bot Search and Destroy' and 'Comodo Antivirus'.  The user runs the 3 apps at that same time whenever cleaning up is desired.  The user would leave theses tools running overnight.

The app 'Comodo Antivirus' never finds a virus.  The apps 'SUPERAntiSpyware' and 'Spy-Bot Search and Destroy' always finds spyware.  In  the morning the user would first click 'SUPERAntiSpyware' to delete or isolate the threats reported and then do the same to 'Spy-Bot Search and Destroy'.  Finally restart the computer.   Note, prior running the apps, the user would run cCleaner to cleanup any junk in his drive.

To-Date, there is no problem we have identified and all seems to be ok.  Our question is more directed to know EE opinion on:

  • Why 'SUPERAntiSpyware' and 'Spy-Bot Search and Destroy' display different results?
(Spy-bot would show registry entries and superantispyware would show files)
  • Any negative effect by running these 3 apps simultaneously?
  • Finally, is it necessary to run cCleaner prior running the apps?
Hi , our public UP is being blacklisted by CBL.

Reason given: This IP is infected (or NATting for a computer that is infected) with an botnet that is emitting email spam. The infection is probably sendsafe.

I'm assuming that one o the 25 or so computers in my network is infected.

Question: Is there a way usnijg the Sonicwall to determine in a machine is acting as an SMTP server and sending out spam email?

My SonicWall is a new model NSA 2600 with updated SonicOC
Hi all,

we facing a DUHL SORBS problem, customer moves to tele2 fiber, changed IP and DNS and suddenly 20% of the sent mails are blocked by DUHL SORBS.
We try now for 3 months to figure out what is wrong, Tele2 won't help at all.
same settings works fine for 5 years on a VDSL line, so it's very unclear why this is happens.

sbs2008 server receives mail via spamexperts spamfilter so the MX points to them. lb.mailscanner.nxs.nl and fallback2.mx.nxs.nl

we have spf in place v=spf1 a a:relay.indetel.net a:_spf.ibvision.nl
where a:relay.indetel.net is the tele2 mailproxy we use this at the moment to avoid mail delivery problems, but some outgoing mails still fail
where a:_spf.ibvision.nl is the webshop supplier.

PTR is in place and outlook.marindex.nl point to the customers sbs2008 server.

When I tried to delist with SORBS is says that the whole IP block is listed and that only the ISP that owns the IP block can delist is.
When i login by SORBS i found this:

End users may submit change requests if suitable rDNS is in place.

NOTE to end users: "Suitable rDNS" means there should be a PTR record that points to a hostname that is listed in your MX record, and the MX record should refer to a hostname that resolves to the same IP address.  If it does not we CANNOT delist you!  For further information, including details on "Suitable rDNS"

any help will be preciated.

Best regards,

Victor Esselman.
i need to remove my mail server IP from spa list as attached 2018-10-14_103952.jpgpam
We have multiple customers with on-prem Exchange servers interested in adding cloud antispam to their arsenal, but we’re facing a ‘tyranny of choice’ situation where we’re not sure which service to recommend, because they all look pretty good.

What’s your preferred cloud antispam/AV service, and why?  Conversely, is there a service you had bad experiences with, or otherwise avoid—if so, why?  We’ve been looking at Barracuda, Mimecast, and the Email Laundry, but we’re certainly open to other options too.

The solution needs to provide inbound & outbound antispam filtering with a quarantine feature, antivirus scanning, DKIM/SPF/DMARC support, attachment sandboxing, link following, etc.  No cloud archive is needed.  We’re a small shop, so access to a competent support team is also a must, preferably one based in the US or Europe.

Unfortunately, O365 is not an option for these customers—we have to stay onprem, so this product must support onprem Exchange.

Thanks, everyone!
We are on Office 365 . Lately, we we are getting emails from our CEO going to random people in our company on the same domain , but emails are not from him . They normally ask re recipients a response “ are you available today ? “
We know it’s not from him be use when we go in and look at the email address it’s not him . It just has his name . We do have spf records in place .
We have an office 365 tenant with about 20 some users, we have been receiving a lot of spam though our domain, among other things we recently setup and turned on DKIM. Since that time we did receive spam but interestingly we received phishing emails from the same domain name that we believed DKIM would block.
Do you know of any way to verify if DKim is working?
Tough spam problem can't seem to isolate. Out of 20 users only one affected. Spam is not going through the spam filter incoming or outgoing. Has to be something on a local device infusing the spam into the users inbox. Nothing in sent either. Have removed the computer they work from in the office, disabled the NIC. Ran a malware scan on they're laptop and the ccleaner bug was found, see below for details regarding the CCleaner incident.

CCleaner v5.33 and CCleaner Cloud v1.07 Security Notification. Not sure if this is related.

Haven't run a scan on the users phone doing so now.

The bug is the same one identified here.
Check Out How Miercom Evaluates Wi-Fi Security!
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

My  Outlook email is bouncing due to spam filter and it looks like it is coming from C:\Program Files (x86)\Microsoft Office\root\Office16  Any idea how to resolve this?
Hello Experts

I would like to be able to talk and get some questions about the configuration of spam in MAILENABLE.
We have a Hybrid email environment and all the user mailbox has been created over office 365 and synced with local AD.

Off late after enabling a password notification email through Local AD we have been receiving loads of spams and phishing emails with the content more often then not being a password expiry or reset password notification.

Any idea if the new password expiry email set up would cause or what could be the prime reason for such emails getting triggered.

I guess there's a relation between how spammers identify the modification and then use similar content.

how coud we tackle such issues or any indepth knowledge on how these work could be a great topic for discussion.
Scrollout F1 is setup as a SPAM inbound gateway to an Exchange server.  We have some senders whos emails won't deliver to the Exchange server.  Thus far the emails have not kicked back.  The remote Exchange server is stating the message delivery has been delayed.  I am assuming Scrollout is terminating the connection from the remote mail server.  I did notice that the remote domain doesn't have an SPF record.  Would that be enough to cause this issue?  What can I do i Scrollout to mitigate the issue so we can receive their emails?  I don't see anything in the logs of the web interface that report any activity for the remote server domain.  Are there other logs on the Scrollout file system that I should be looking at?

Any help would be appreciated
You have a secure Document from . Open message below

 click here.

Note; Your email and your password is required for authentication.

Can you please let me know how to block this message in o365 and what are the  preventive steps? Thanks.


Note- please help me how to block - we have o365
I want to know about email spoof.
For example , I know that we can verify an email is spoofed or not by SPF.
But using anonymousemail.me ,we can know it is spoofed mail, but it goes into inbox.
Why it is not filter by spam-filter?
Thank you.
Phishing scam: "Pending message"- how to set my sonic wall for such type of email. We have O365 email system. Thanks
I have a client that sends invoices through Netsuite. The clients domain uses SPF, DKIM, and DMARC. Their DMARC policy is: (v=DMARC1;p=reject;aspf=r;rua=mailto:admin@domain.com)

When emailing certain customers they get bouncebacks and after contacting Rackspace who hosts most of the customers they can't reach. Rackspace is saying it's because of domain alignment under the DMARC standard even though SPF and DKIM match fine. (After I finally reached someone who understood what DMARC was and didn't want me to add Rackspace to our SPF...)

The headers on the netsuite include the following bits which some or all are apparently the cause because they specify netsuite instead of my client's domain so they aren't aligned:

Reply-To: User <transactions#_msg_#@transactions.na3.netsuite.com>
Return-Path: b.#.user_domain_pcom.#@bounces.na3.netsuite.com

Spoke with someone at Netsuite who says that Netsuite can't change this behavior at all, but Netsuite also claims they can send DMARC-compliant mail. Is anyone else able to get DMARC working completely with Netsuite?

When the client sends to me on O365 it passes SPF/DKIM/DMARC just fine, but I also see the above bits in the headers. It looks to me like it's doing SPF checks against the netsuite.com domain instead of my client's domain...which seems like Netsuite actually is tagging these wrong...

This is what O365 says in my headers for DKIM/SPF/DMARC …
email that I'm sending is now going to my customers spam boxes.  kinda happened out of the blue.  its not bulk emails.  its individual emails the i type with info for my clients.  i do copy/paste some info that goes into each email as well.

been working fine for years...its just all of the sudden everyone is saying that email is going to their junk boxes.  

its my own private domain email, i use gmail as the client for checking and sending it.

i havent changed anything on my end.  what do I need to look for to see what is going on?  TIA
Challenges in Government Cyber Security
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

How to block outgoing SMTP-connections from one IP on a Linux server.

I have a Linux server (Running Plesk) with 2 IP's
IP1 is used for website
IP2 is used for mail

I want to block users from creating script to send mail directly (spam).
All mail are supposed to be send via the mailserver on IP2

In the Plesk Firewall, I can block incoming connections on ex. port 25, but not (as far as I can see) outgoing.

I found this suggestion:
iptables -I OUTPUT -m owner ! --uid-owner postfix -m tcp -p tcp --dport 25 -j REJECT

How can this be done?

ISP LTD magticom, from our server cant sending email to kedetech.com domain, reason :
host mxbiz1.qq.com []
    SMTP error from remote mail server after end of data:
    550 Mail content denied. http://service.exmail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000726
please unblock our server's ip.
thx for cooperation
Hi There,

For the past few weeks users on my network and users they typically email have been complaining about receiving a lot of spam from our users.  I have gone around to every computer and ran malware cleaning tools such as malwarebytes, superantispyware, ccleaner, adwcleaner, antivirus and so on.  I have found many problems and removed them but the spam will stop for a few days then suddenly come back with a ton of emails.  Our email is hosted by an outside company like godaddy and it is pop.  We don't have a good firewall yet so i can't scan the logs of the firewall.  Is there another way to scan the network to detect which pc has the spambot infection and do you know how to remove the virus.
Hello ,

I imagine that if there is a transparent anti spam server works like in a topology as this :

------------->   SERVER BOX ---------------->  Switch ----------------> Hosting / Mail ...etc. servers.

I want to know if there is a software that works without creating config for each domain / mailbox will handle the mails and send to the servers if they are not spam
Hi All,

Could I ask for your recommendations please. I am having lots of problems with loads of spam at the moment on my server.  I used to run AVG on the server but still my clients had far too much spam getting through.  Can you suggest what is best.  I only have a small network of 10 clients and 1 server and limited budget.  Have been attempting to get BitDefender but their customer service is poor at the moment as I have been awaiting a call back for 2 weeks after several chase ups.

Have tried using the spam setting within my Windows setup but changing the setting makes little difference.

Many thanks
Hi, I have a justspam.org issue. Our WP web server has been compromised and has been infected with a spam-sending virus. We have cleaned the infection but we got to many spamlists including justspam.org. The problem is, that we have never used this server (IP) as a mail server and we are using google services (not only) for emailing. We have made actions to block any smtp traffic from or to our web server. But that aslo means that we are not able to send de-listing email from our  IP.  This is a "catch 22 situation" when we are not able to send mail from that ip but the justpam.org server still keeps record that we used to spam and some of our customers' mail servers deny our mails as spam because they check our domain IP which ends on this IP... . How to get out of that? Is the only way to start webserver on that IP and send delisting mail? I would really hate to do that...


Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.