AntiSpam

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.

Share tech news, updates, or what's on your mind.

Sign up to Post

Looking for a low cost spam filter in an exchange server.  I was wondering if I could use a Ubuntu VM on the Exchange box and if there were some built-in or open source spam solution that I could install on the Ubuntu VM to filter out the SPAM email before passing it along to the Exchange server.
0
ON-DEMAND: 10 Easy Ways to Lose a Password
LVL 1
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

This message is sent to me, from me and on behalf of me. Upon clicking the reply key I see the real sender. I have tried to options and add to the blocked list and also open the blocked content and unsubscribe them (meggannsmith6) to hopefully get them blocked by the actual company with the unsubscribe link.
This person is sending me multiple messages each day in two accounts and I changed the passwords and no luck.
What is the solution?
0
Hello all,
I have a client that has 50 POP3 email addresses for their 50 computers that is being hosted at web.com and using Outlook 2016 as the email program.
The issue is that one of the POP3 email addresses is suddenly receiving a number of porno spam emails.
The web.com spam filter is set to default and I really don't want to change this since the client is in the medical community so it might reject legitimate emails.
Is there a good spam filter program that we can test on the computer that has the POP3 account on it?
I do NOT want to change the MX record for the domain at all to the spam software company like some of the software wants you to.
Thanks,
Kelly W.
0
We will soon be starting a relationship with a company where we will be allowing them to send emails to our customers on our behalf from their mail provider using our domain name. They are using Amazon Ses, and they have asked us to add the amazonses.com domain as an allowed sender in our SPF record. We are going to do this, but I am a little uncomfortable with the risk of any potential Amazon cloud customer having the ability to spoof our domain and pass SPF. Because of this, I am looking into implementing DKIM and having the third party sign their messages with a private key.

I want to implement DKIM for our own domain's email messages as well. I have been reading up on DKIM, but it gets a little confusing when third party senders become involved. I am looking to see if anyone can provide me with a best practice for this situation.  If I create a private/public key pair for our domain, I am guessing that it is not recommended practice to provide that key to the third party and tell them to use the selector name I make up. I have come across different articles describing the use of multiple selectors, but I admit I am finding them confusing. Can I have two different private keys for the same domain? Then I could give them one private key for their emails and have a separate key for our emails? Do I use the same private key, but create two selectors for my domain? Then provide the third party with the private key and tell them to sign using the alternate selector? At that …
0
Dear Experts

Iam looking for good antivirus/anti spam and other protection software for the recently purchased dell latitude 3940 with windows 10 would like to subscribe for good one can you please suggest which one to go for, thanks in advance. mcafee total protection is slightly cheaper compared to mcafee business security please suggest.
0
I deleted an important folder and the spam folder. I empty the deleted mail folder. I restored both together in a new folder. Now I have few important messages (10.000) and a mass of spam together (54.000 ).

We have both kaspersky serverside anti spam and EOP. Both only works on recived Items. Is there a way to scan a folder marking spam items and moving them to spam folder?

I tested spambully but it crashes on training.
0
This question is for the Exchange Admins out there who have experience in dealing with phishing campaigns or malicious emails in general.

When a phishing campaign with malicious links and/or attachments hits your mail servers what are doing to figure out who clicked the links or attachments in said phishing email?

We are using Exchange 2013 CU19 On-Premise , Outlook 2013

Thank you for your time and knowledge!
0
i am a google adwords customer and have a number of ads setup, each of which directs the "clicker" to one of my website pages. I was testing one of the ads yesterday and found that when I click on it, I am directed to a page that is not remotely associated with my website. It takes me to a page that sells viagra. This happens on all of my computers and all browsers on all of those computers. It even happens on my cell phone. It does not appear to happen to anyone else. I just got off of the phone with Google support and they could not replicate the problem. When anyone there clicked on the ad, the correct page opened. I've had others test it as well and they all get connected to the right page. It appears that it is just me who is having the problem. I downloaded malwarebytes and ran a scan on one of my pcs but nothing was detected.

Any ideas out there about what could be causing this and how I can fix it?

If you google for "Maximo Training" my add should be very near the top of the list. It's "Maximo Training | Training by Maximo Experts | mmgts.com. When I click on that add, a page with the correct URL opens but it shows a page for Viagra sales. When I right click the link and choose "open link in an incognito window", the correct page shows up.

I have 2 windows 7 pro PCs and one windows 10 pro PC. As i mentioned, I get the same results on each. Also have the problem on my cell phone.
0
Dear Experts

Please can someone assist me.

The public IP of my IronPort keeps getting blacklisted.

I have an Exchange 2010 environment with Cisco IronPorts used as my MTAs.

I have attached the error message.

They keep talking about "direct-to-mx".

My send org send connectorThe Error
0
AV software best compatible with O365. Any suggestion? Local outlook emails? Thanks
0
Top Threats of Q1 & How to Defend Against Them
LVL 1
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

1. Is it recommended to have both Windows Defender and
     Symantec EndPoint Protection running at the same time ?

 2. If not, how can I setup my MDT image
    so it does not deploy Windows Defender ?
-----------------------------------------------
Environment
  ** Windows Server 2012 R2 test domain
  ** Symantec EndPoint Protection deployed
       to Windows 10 Pro client via MDT image
0
Hi everyone,

I have a simple questions that's been bothering me for a while now. I have a 3rd party Spam Filter connected to my Office 365 Tenant. When an external sender sends me a legit email it is being tagged as a SPAM. My question is when the email passes through the 3rd party spam filter, is the email still going to be scanned by Office 365 EOP once it reaches Microsoft server or will it bypass EOP?
0
Our organization is on Exchange 2010 hybrid environment with O365. All incoming mails are directed to an external spam filter organization which delivers to our CAS servers that handles mail. 3 emails were stuck all night into the spam deliver queue unable to deliver these 3 messages to our server, rest of the messages were flowing. On the spam company side, it just shows peer not accepting the message so they kept retrying. In the end we ended up simply rejecting these messages from the external spam filter delivery queue.

I want to investigate the reason to why this email was stuck in the queue for so long and our exchange was not accepting it. It looked legitimate. I am new to exchange learning, what would be the best way to find out the reason and analyze the log once I find them ?

Thanks
0
I'm using MailWasherPro and I'm having some problems designating terms to blacklist.

Today, I got spam email from these addresses:

contact@mp8v83rnlazygenuis.site

contact@zzvxx5bvlazygenuis.site

contact@8bys2vc6lazygenuis.site

contact@9hknyh3lazygenuis.site

contact@wl71cftjlazygenuis.site

I've tried designating *.********lazygenuis.com as a blacklisted address but that doesn't seem to trip the spam "on" for MailWasherPro. And I've had the same situation with other emails that have similar constructions. Some seem to work sometimes but not all the time.

I have a feeling I'm missing something really simple. And maybe it is--for an expert.

Comments? Questions? Solutions?
0
Looking to get exchange documentation for a 2010 environment

There are 2 CAS , and the same are used as HUB Transport Servers

3 Mailboxes, 1 Unified Messanging Role, Have documented through scripting

Use of Ironport C170 , Barracuda Spam Firewall 300 and Enterprise Vault as well

Is there a handy way to check load balancing, I want to see if its set up through CAS Array, whats best way to check this and interaction with Ironport, Barracuda etc to generate mailflow diagrams?
0
Hi...why all of sudden all my domains are blacklisted in Spamhaus DBL.
0
This is using MS Exchange Server 2016 antispam features. Although I have run the "install antispam.ps1" successfully. However, spam still rampage. How to configure this features so as spam can be detected and caught in no time?

Thanks in advance.
0
In the past week I had two clients that a spam email was send out from their email to all their contacts. Thy wanted to notify all their contacts that this was a spam and not open or reply, just delete.

The simple way would be, sending out an email to all their contacts, but when google seas such kind of activity from one email sending out to this many email addresses it will mark it as spam or block it.

What I did, I export all contacts and was looking for a company that will not charge monthly since I don’t need a monthly plan [have no issue to pay on the project], most company’s I googled charge monthly at it’s designed for marketing project. I found a company sendpulse.com which gives up to 2500 emails free. But 1- most email landed in spam 2- it’s difficult to use it for such type of task, it’s designed for marketing with lot of fields to fill out, make the work complicated and slows the process. And in  this case we need quick and simple action.

I am sure there is a quick and efficient way to handle such cases, any advice?
0
We currently have a Sonicwall NSA 2600.  We also have a Small Business Server 2011 running Exchange 2010.  The Sonicwall has NAT and firewall configured to pass the mail to the server.  That is working fine.

I have activated a 30 day trial of Sonicwall's Anti-Spam Service.  During the initial configuration I received the following pop up error: "Mail Server Auto-Detect Failed.  The system detects there are one or more NAT and/or Rule policies that use a service group of a service port range that includes SMTP and non-SMTPservice ports.  The system could not enable the Anti-Spam service using the current configuration.

The user guide for enabling Anti-Spam lists a step where you identify the mail server.  I am assuming I need to delete the current NAT and Firewall rules forwarding mail to the server and let the Anti-Spam setup configure them again.  Am I correct?

Any help is appreciated.
0
What were the top attacks of Q1 2018?
LVL 1
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

How to get the correct detail for DKIM and SPF from vendor domain to add to TXT record for  our domain so vendor can send as us and not be blocked as spam.
Hi. thanks for looking at this problem.
An external vendor does mail outs for us.
When they do mailouts their emails sent as name@ourdomain.com get blocked since it isn't our domain sending the email.
I understand we can add their DKIM information as a TXT record to our DNS to make their domain trusted to send as us.
Do you know what detail it needs?
I have found this article
https://support.symantec.com/en_US/article.TECH132756.html

I have gotten the vendor detail from the message header of an email they have sent as us.
I can do an nslookup like this:
nslookup -type=txt "vendorselector"._domainkey."vendordomain"
and it comes back with a text record like:
v=DKIM1: p=sdfasdfafasdfasdfasdf
but there is no K or H value.
the other TXT records I have seen for DKIM have at least a K value which seems to be mostly RSA

Does anyone know if I do this kind of NSLookup and it returns that TXT record, if that is all I have to put in our DNS?

Normally I would just ask the vendor for this detail, but they don't seem to have the will to gather it.

Thanks,
Shaun
0
Is there a limit to the # of ip4 mechanisms included in an SPF record?  From what I'm reading, the limit is 10 DNS lookups, but excludes the ip4 mechanism.  I need to specify 20 IP4 addresses, so will the following SPF record be valid?

v=spf1 ip4:50.248.119.81 ip4:64.62.153.100 ip4:166.185.141.5 ip4:66.220.18.38 ip4:67.215.195.44 ip4:68.105.30.113 ip4:162.249.61.215 ip4:184.105.58.118 ip4:206.51.40.12 ip4:209.51.186.86 ip4:216.66.84.6 ip4:217.29.66.1 ip4:91.198.176.10 ip4:185.1.55.10 ip4:80.239.193.9 ip4:195.246.227.22 ip4:216.66.80.94 ip4:77.241.206.36 ip4:81.16.231.31 ip4:185.1.113.9 include:spf.protection.outlook.com -all
0
When you get a blank email from someone that only has a subject line of "HI, this is KEN".  What is the purpose of that email?  There is no bad code, nothing to download, no attachments, no links.
0
I sent an email from my domain to google and i found the error when i go to original message

spf=permerror (google.com: permanent error in processing during lookup of btv1==6117437fd2d==rsharma@iss.school.fj: mail.international.school.fj not found) smtp.mailfrom=btv1==6117437fd2d==rsharma@iss.school.fj

spf record = v=spf1 a mx include:_spf.google.com include:mail.international.school.fj include:mailrelay.unwired.com.fj ~all

spf=permerror (google.com: permanent error in processing during lookup of btv1==611a1cd8c90==rsharma@international.school.fj: mail.iss.school.fj not found) smtp.mailfrom=btv1==611a1cd8c90==rsharma@international.school.fj

spf record =v=spf1 a mx include:mail.iss.school.fj include:mailrelay.unwired.com.fj ~all



requesting assistance and how i can solve this
0
Hi,

We have this script to delete phising emails from our organisation, however we also these requirements:

1)      We need to add into the search-mailbox after -searchquery an additional requirement for date or time, as we only want to search for emails since a certain date. We use this script to delete phishing attack emails, so we know when they started, so need to be able to search for all emails since a date and delete them if the subject matches. So the most recent example, would be all emails containing subject “RE: NOTICE: MC Support UPGRADE.” however only emails received after 01/03/2018. I assume we can just do -searchquery “Subject:’Content of Subject’ AND ReceivedDate:>01/03/2018” or something like that?
2)      We need to be able to search for subjects with special characters in. –searchquery “Subject:’RE: NOTICE: MC Support UPGRADE.’ Will currently give an error as it won’t like the : in the subject.
3)      We need to be able to search for the above criteria, but also potentially include only emails from certain email addresses. One of the phishing emails was “RE: Attention (Staff Migration)” which could be very close to something we actually send to users. The phishing email only came from a certain email though, so if we add an extra criteria for sender, that would help us focus the search.


Please can someone show me how to achieve this?

also I would appreciate if you any other suggestions for improvement.


$mbs = Get-Mailbox 

Open in new window

0
Is there a way in EOP Spam filter policy to prevent messages hitting Junk email box and deliver them to the user's inbox with a text prepend to the subject line of the messages?
0

AntiSpam

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.