AntiSpam

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.

Share tech news, updates, or what's on your mind.

Sign up to Post

I'm trying to configure a rule in Cisco CES cloud platform the stops people masquerading as the CEO
for attempted Phishing. So on our previous FW we had if the mail has the sender as 'our ceo' but does not come from
our Domain, then drop. I can see where to configure this in the CES.
0
Bootstrap 4: Exploring New Features
LVL 13
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

I have a user that has two AOL accounts on their Ipad and they are complaining how much spam is out of control.  To my knowledge, there is not much that can be done other than starting to unsubscribe to junk email or getting a new email account.  Am I right or is there something that can be done with a third party tool or something that can be configured within aol?  I know its a pretty junky system but I figure to ask as this is a VIP and they are tied to their choice of aol.
0
Yesterday I got an interesting SPAM that looked very much like the scam you see here.

I right clicked on the shortcut and copied it to the clipboard then pasted it into chrome on my test machine.  It takes me to what appears to be a legit bankofamerica website.  I have attached a screenshot.  I did not enter my passwords, but it sure looks 100% legit to me.

Here is the url:  https:/ / billpay-ui.bankofamerica.com/ imm/ PaymentCenter/ Index/ 8404?csbi=644077671&b0=20190916192841396056
I have added a space after each / to make it safe.


I've been told that some legitimate looking URL's will automatically redirect me to a bogus website, but how does that work? If the domain controller does the redirecting wouldn't bankofamerica.com avoid a bogus address? Or does the redirecting occur on the routers that the packets hop through?

In other words how can this particular link get me in trouble?
ee-bankofamerica.png
0
Working for a financial services company, our users typically send out templated marketing emails to the business contacts they interact with.

Their emails typically have the same subject and text and lately tend to end up in the recipients' Outlook junk folders. They are not bulk emails though. A single sales guy typically sends out about ten to twenty of them per day.

Our third party outbound spam filter is set to let these through but the controls that Microsoft provides at Exchange Online (Office365) appear to be pretty much non existent.

Any ideas how to circumvent this?
0
we have a single windows sbs2011 running exchange and windows 10 pro clients running outlook2007.

everything was running ok, but today, for some reason, for certain email contacts (not all), we receive a bounce back stating :-

No SMTP server defined. Use real server address instead of 127.0.0.1 in your account

I did research this and noticed an article relating to avast cloudcare, so we disabled the core shields on both the client and mail server, along with our vamsoft ORF antispam, but we still get the same error.

Can anyone advise how we go about resolving this?

Any advice much appreciated.

Thanks.
0
Can someone who understands DMARC explain to me exactly what is happening in this DMARC?

spf=neutral (google.com: 209.222.82.54 is neither permitted nor denied by best guess record for domain of 15200-bounces@bounces.ess.barracudanetworks.com) smtp.mailfrom=15200-bounces@bounces.ess.barracudanetworks.com;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mysupercompany.com
Return-Path: <15200-bounces@bounces.ess.barracudanetworks.com>
Received: from 22pmail.ess.barracuda.com (22pmail.ess.barracuda.com. [209.222.82.54])

is 209.222.82.54 not authorized/allowed to 15200-bounces@bounces.ess.barracudanetworks.com or is 15200-bounces@bounces.ess.barracudanetworks.com not authorized/allowed to 209.222.82.54.
0
We are setting up SPF, DKIM, and DMARC for our domains but just wanted to get some clarification on the best options to set for each scan result:
none, neutral, softfail, hardfail, permerror, temperror

So basically wanting to know which is the best option?
From reading it seems that HardFail would be the way to go but just wanted some insight for these settings and what is the best practice for them to set them up?
0
Hi,

I've got a client who has approached me regarding implementing DKIM and DMARC. They are already running SPF.

I have implemented simple DKIM and DMARC projects previously however this has some complications which I would like a second opinion on.

They are implementing this using a Fortinet using Fortimail to apply the DKIM signing on outgoing mail.

I have the following complications which I would like a second opinion on.

Firstly, they have three Domains which I believe gives us two options we can either create a DKIM signing key pair for all three or we can use CNAME records to use one key pair. What is the recommended best practice, I'm inclined to think using three separate key pairs would be best?

Secondly, they have two external companies which send emails on their behalf using their Domain name (allowed spoofing to a degree). This is allowed using SPF as their IP is listed in the allowed senders however to my knowledge this will not work once DKIM and DMARC are implemented. Therefore, my thoughts are these companies need to relay the Emails via the on-prem Exchange Server at the clients site, this way the Emails leave via the Fortimail and have the signing applied. I believe this is fairly easy to do using receive connectors locked down to a specific IP address. Is this the best way around this issue?

Thanks
0
How can I block countries from spamming my hotmail account?
I'm getting crap from the .CO domain and just want to shut that down completely.

ALSO, I keep getting crap from techstargroup.com but their emails are  prefaced with abc.techstargroup.com and ccs.techstargroup.com
Is there a wildcard I can use in hotmail's junk settings?
I placed their domain on the block list but they're still getting through.
0
We are getting bogus emails:  (emails that were never sent by anyone inside our organization) - to people that are inside our organization.  Subjects are different, nothing is ever the same.  Its like we have a Gremilin inside sending emails that are making no sence.  What could be doing this, and how do I stop it.  One emails in particular is one of our employees that is responsible for purchasing received an email from the Bosses email address telling her to purchase speffic gift cards and us them to get dome supplies from like Home Depot.  The Boss never sent that email.  What could be happening here, and how can I stop it ?  Using Trend Micro Advance Security for email scanning and PC Security agent.

Thanks in advance for any help I can get.  

Mark H.
0
Fundamentals of JavaScript
LVL 13
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

Hey guys,

What is a good spam filter software (not service)?  I have a client who would like to install spam filter software on few computers.  Thanks in advance.
0
The user has a brand-new email account, and wants to control what senders they receive email from.
They have an Exchange account with Intermedia, a large hosting company.

I recall there being a company that had a system which receives and holds the email, notifies the user, and waits for the user to approve senders.

Can anyone tell me what companies offer this service?
0
Microsoft states the following description about the Sender Filter Config:
Stamp status: The Sender Filter agent accepts the message and updates the message to indicate that it came from a blocked sender. The Content Filter agent uses this information when it calculates the spam confidence level (SCL) of the message. For more information about content filtering and the Content Filter agent, see Content filtering.

https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antispam-protection/sender-filtering?view=exchserver-2019

But I can not find any reference about how Sender Filter Config "Stamp" affects the SCL. I do not find any header added by Sender Filter Config. In more details, how many SCL added if the email is "stamp", and whether we can control how many SCL given for this "stamp"?
0
Hi,

I was wondering if EEs could give me some suggestions for managed  AV software. I have tried norton, avg, bitdefender (current), webroot, kaspersky, virus kept on slipping through.

Any ideas?  thanks
0
When adding SenderDomains to the Spam Filter in Exchange Online to block any emails from reaching the end users...  

Does anyone know what the maximum number of domains that can be listed/added to the

1. BlockedSenderDomains and
2. BlockedSenders

The Transport Rules method seems to max out at just over 200 entries...
0
So I received a cute little spam email saying that someone has taken over my account and wants me to buy bitcoin, yada, yada, yada.  The one thing they mention is how if I take a look at the sender information above its actually my email address.  Sure enough, its my email address.  How did they manage to get my email address to show up in the sender field?  Typically I usually see a bogus email address but this one is actually my email address.  I can see from the header its from a different email address but how did they get my email address to show up in that field?  Is it like a display name or something?

Is there a way to train average users how to spot these fraudulent emails.
0
Hi

Can some one tell me the procedure of cutting over from Message Labs to Mimecast please
0
Hi

i'm looking for some advice please

I'm looking into Migrating a company from on premise exchange to Office 365

I'll be using Migration Wiz to complete the data migration. They will be using Mimecast to filter spam

Can someone please tell me the process to follow to get this complete, I just need an over view list please.

Thanks
0
SPF question

Given the SPF entry below for ficticious domain ABC.com

v=spf1 ip4:50.50.50.0/24 ip4:50.102.50.0/24 ip4:50.62.161.12 include:spf.protection.outlook.com include:amazonses.com -all


An attacker spoofs an email from john@abc.com and sends it to bob@abc.com.  Inspected the headers show  this:

1      *      192.3.21.34      smtp-relay.gmail.com      ESMTPS      3/19/2019 6:21:22 PM      Not blacklisted
2      1 Second            mail-io1-f102.google.com      SMTP      3/19/2019 6:21:23 PM      
3      0 seconds      mail-io1-f102.google.com 209.85.166.102      CO1NAM03FT012.mail.protection.outlook.com 10.152.80.99      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)      3/19/2019 6:21:23 PM      Is on a blacklist
4      1 Second      CO1NAM03FT012.eop-NAM03.prod.protection.outlook.com      SN6PR0102CA0028.outlook.office365.com      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)      3/19/2019 6:21:24 PM      
5      1 Second      SN6PR0102CA0028.prod.exchangelabs.com      BYAPR01MB4919.prod.exchangelabs.com      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)      3/19/2019 6:21:25 PM      
6      *      192.3.21.34      smtp-relay.gmail.com      ESMTPS      3/19/2019 6:21:22 PM      Not blacklisted
7      1 Second            mail-io1-f102.google.com      SMTP      3/19/2019 6:21:23 PM      
8      0 seconds      mail-io1-f102.google.com 209.85.166.102      CO1NAM03FT012.mail.protection.outlook.com 10.152.80.99      Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)      3/19/2019 6:21:23 PM      Is on a blacklist
9      1 Second      …
0
Amazon Web Services
LVL 13
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

I have noticed anonymous callers ask me by my name which surprised me.  When I asked them, some didn't say but 2 said that my number was in google along with my name:
  • How is this possible?
  • How can I check if true?
  • Is my address there also?
  • How can I get rid of my phone number from those databases?
0
Hallo Experts
       
I would like to collect the following Threat Artifacts from a compromised Windows System:
     
  • CPU
  • Routing-, ARP- & Process tables
  • Memory
  • Temporary files
  • Relevant data from storage media
   
What would you collect? Is there any best practice from NIST or anyware?
 
Thanks a lot
1
Hallo Experts
     
For our Security Operations Center (SOC), we are searching for a tool that can collect “Threat Artifacts”. When I worked with McAfee in the past, they used GetSusp to collect information about undetected malware on their computer.
     
We are searching for a similar tool that we can use in the network to collect information remotely. What would you recommend us? It would be nice, if the tool would work on Windows & Linux, albeit this is not a must.
   
Thanks a lot
1
Hi

We have move to 0365 and the exchange online protection is not very effective. We are planning to go with 3rd party spam filtering system. .

We are a education establishment .Please post e any good products that you are aware of.

Thanks
0
Hi

We had on site exchange server and we had a third-party spam filtering hosted outside our network and all email were filtered before it could hit our network and occasionally we had any phishing and spoofing emails.

Now after moving to 0365, we are getting many phishing and spoofing emails and sometimes the email looks so genuine. When the link on the email is clicked and it shows a 0365 login page but directs to a phishing website ( Only IT guys can identify) and the end user don’t have any knowledge of whether it is a fake website or not and they end up putting the username and password and the hacker gets access to the user mail box and few staff mailbox were compromised.

We keep blocking the domains and making changes on the 0365-protection centre etc… , but things are not settling…..

I am wondering is there any way to deal with this issue. Is the Microsoft exchange online protection itself  enough to deal with the problem that we are experiencing?
Or is it better to go with some third-party spam filtering system.

Any help and suggestions would be great .
Thanks
0
System/Setup:
Exchange 2010 Hybrid with Office 365 Tenant.
Multiple Domains. Some Go Directly to Office 365 Tenant, some go to the On-Premise First, then either Stay on the On-Prem, or get Transferred to the Office 365 Tenant.
I'm trying to Block some SPAM that the user is forging our Email Addresses.   I Have SPF Records setup and have tested them and they seem to be functioning fine.   Though we are still getting emails from us to us though they are not coming from us.

The From: Header has my email address in it, so it looks like it came from me, though the sender used the Following Headers, which I think caused the SoftFail on the SPF and managed to get the email through.
X-Sender: jarch@chol.com
X-Complaints-To: <abuse@mailer.chol.com>
Errors-To: noreply@chol.com
Return-Path: jarch@chol.com


I've just started to look into DKIM/DMARC though still learning what it is all about. I'm not sure if this would prevent the email from reaching us.   Would it? Is there something else I can do?

Here is a copy of one of the emails with Most all of the Headers. My IPs/Names/Emails have been edited. I've removed all of the X-Microsoft-Exchange-Diagnostics: Headers.

Received: from BYAPR15MB2310.namprd15.prod.outlook.com (2603:10b6:a02:bc::33)
 by BYAPR15MB2312.namprd15.prod.outlook.com with HTTPS via
 BYAPR07CA0020.NAMPRD07.PROD.OUTLOOK.COM; Tue, 5 Feb 2019 20:33:15 +0000
Received: from
0

AntiSpam

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.