Obvious spam has SCL of -1?
For some time now, our junk mail filtering has... I believe the technical term is "sucked". We get a LOT of spam and just wade through it manually. SBS2K8, Exchange 2010, Forefront Protection for Exchange server 2010, everything is up to date,
I run a clean ship, yada, yada. Whatever, I'm certainly missing something here.
So, just as an example, here are the headers from an email that DID go into the junk mail folder:
Received: from server.isrinfo.com (162.144.61.128) by
remote.myserver.com (192.168.1.8) with Microsoft SMTP Server (TLS)
id 8.3.389.2; Sat, 3 Jan 2015 01:44:07 -0800
Received: from [41.83.29.1] (port=49318 helo=[192.168.1.14]) by
server.isrinfo.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.82)
(envelope-from <[email protected]>) id 1Y7LF5-00086v-WD; Sat, 03 Jan 2015
03:43:32 -0600
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Subject: Congratulations!!!
To: Recipients <[email protected]>
From: Apple Free Lotto <[email protected]>
Date: Sat, 3 Jan 2015 10:43:11 +0100
Reply-To: <[email protected]>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.isrinfo.com
X-AntiAbuse: Original Domain -myserver.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - apl.com
X-Get-Message-Sender-Via: server.isrinfo.com: authenticated_id: [email protected]
X-Source:
X-Source-Args:
X-Source-Dir:
Message-ID: <[email protected]>
Return-Path: [email protected]
X-MS-Exchange-Organization-PRD: apl.com
X-MS-Exchange-Organization-SenderIdResult: Fail
Received-SPF: Fail (myserver.local: domain of [email protected] does not
designate 162.144.61.128 as permitted sender) receiver=myserver.local;
client-ip=162.144.61.128; helo=server.isrinfo.com;
X-MS-Exchange-Organization-SCL: -1
X-MS-Exchange-Organization-Antispam-Report: v=2.1 cv=IL07VGfG c=1 sm=1 tr=0
a=z4H3oloq9kORX9Whg1f/Yw==:117 a=z4H3oloq9kORX9Whg1f/Yw==:17
a=8nJEP1OIZ-IA:10 a=n-nyA-wvAAAA:8 a=7YfXLusrAAAA:8 a=UFJYYV1tAAAA:8
a=XikixVyBAAAA:8 a=YNv0rlydsVwA:10 a=p_jAZ8I-e1rTrDgkLWcA:9
a=KxcaETtowfxUaaLN:21 a=Ajzh68oZL4escxSj:21 a=wPNLvfGTeEIA:10
a=WJtCvEN6LCgA:10 a=Xi1c__XFz18A:10 a=L39cjW1yEkYA:10
a=76LxldoYk5kA:10;OrigIP:162.144.61.128;SCL:-1
But even though it WAS correctly sorted, notice this
X-MS-Exchange-Organization-SCL: -1
despite this:
X-MS-Exchange-Organization-SenderIdResult: Fail
Received-SPF: Fail (myserver.local: domain of [email protected] does not
designate 162.144.61.128 as permitted sender) receiver=myserver.local;
client-ip=162.144.61.128; helo=server.isrinfo.com;
It's obviously spam, and I do NOT have the spam detection settings turned off. I think. Here is another one that came through into my inbox... full of information about... enhancing the performance of a certain part of the male anatomy... I mean it was the
poster child for obvious spam:
Received: from mail.gessimo.net (41.142.244.55) by
myserver.com (192.168.1.8) with Microsoft SMTP Server (TLS)
id 8.3.389.2; Fri, 2 Jan 2015 15:46:55 -0800
Received: from XeamsSB (192.168.8.90) by mail.gessimo.net (192.168.8.83) with
Microsoft SMTP Server id 14.2.318.4; Fri, 2 Jan 2015 23:46:05 +0000
X-SMScore: 142
X-LCID: 1483303
Received: from [(177.11.54.75)] by XeamsSB with Xeams SMTP; Fri, 2 Jan 2015
18:45:43 -0500 (ACT)
X-SM_RECEIVED_ON: Fri, 2 Jan 2015 18:45:43 -0500 (ACT)
From: Evellyn <[email protected]>
Subject: Re: Amigo, =?ISO-8859-1?Q?n=E3o est=E1?= satisfeito com o tamanho?
Isto pode te ajudar!
To: <[email protected]>
Content-Type: text/html
Reply-To: <[email protected]>
Date: Fri, 2 Jan 2015 21:46:20 -0200
MIME-Version: 1.0
Message-ID: <[email protected]>
Return-Path: [email protected]
X-MS-Exchange-Organization-PRD: sbbc.ma
X-MS-Exchange-Organization-SenderIdResult: None
Received-SPF: None (myserver.local: [email protected] does not designate
permitted sender hosts)
X-MS-Exchange-Organization-SCL: -1
X-MS-Exchange-Organization-Antispam-Report: v=2.1 cv=IL07VGfG c=1 sm=1 tr=0
a=cQ8Xs7I8qLQtykOxfzBuAg==:117 a=cQ8Xs7I8qLQtykOxfzBuAg==:17
a=jPJDawAOAc8A:10 a=Qfr2whkWTHcA:10 a=egK9k7A5aEgA:10 a=ZyurR0c_AAAA:8
a=Wem7T-hmAAAA:8 a=XikixVyBAAAA:8 a=YNv0rlydsVwA:10 a=SSmOFEACAAAA:8
a=Pe5aYLDLvP2KgpxZgOYA:9 a=HbKjNsmSVnptcH_q:21 a=_W_S_7VecoQA:10
a=MZpOI37Du90A:10;OrigIP:41.142.244.55;SCL:-1
In the Exchange Management Console, Org..., Hub... Anti-spam, all the options are enabled. In Content Filtering, I have NO exceptions, and Action is set to reject messages with SCL > 7. (no deleting or quarantining), blocklists from zen.spamhaus.org and
bl.spamcop.net. Pretty standard config as far as I can tell...
In Forefront, I have everything enabled, including sender ID filtering which is supposed to stamp the header and continue. SCL thresholds are 5to8 and again, it's supposed to stamp the header at this point. At SCL=9, it's supposed to reject.
But I've never seen an email with anything other than SCL=-1. Why?
[PS] C:\Windows\System32>Get-ContentFilterConfig
Name : ContentFilterConfig
RejectionResponse : Message rejected as spam by Content Fil
tering.
OutlookEmailPostmarkValidationEnabled : True
BypassedRecipients : {}
QuarantineMailbox :
SCLRejectThreshold : 7
SCLRejectEnabled : True
SCLDeleteThreshold : 9
SCLDeleteEnabled : False
SCLQuarantineThreshold : 9
SCLQuarantineEnabled : False
BypassedSenders : {}
BypassedSenderDomains : {}
Enabled : True
ExternalMailEnabled : True
InternalMailEnabled : False
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=ContentFilterConfig,CN=Message Hygie
ne,CN=Transport Settings,CN=First Organ
ization,CN=Microsoft Exchange,CN=Servic
es,CN=Configuration,DC=mydomain,DC=local
Identity : ContentFilterConfig
Guid : 2faa4ced-2f01-40f1-9dc8-4131fde9c87b
ObjectCategory : mydomain.local/Configuration/Schema/ms-E
xch-Message-Hygiene-Content-Filter-Conf
ig
ObjectClass : {top, msExchAgent, msExchMessageHygiene
ContentFilterConfig}
WhenChanged : 10/22/2014 12:14:32 PM
WhenCreated : 3/8/2012 5:00:37 PM
OriginatingServer : myserver.mydomain.local
IsValid : True
[PS] C:\Windows\System32>Get-IPAllowListEntry
Identity IPRange ExpirationTime HasExpir
ed
2 192.251.125.0-192.251.125... 12/31/9999 3:59:59 PM False
3 216.200.145.17-216.200.14... 12/31/9999 3:59:59 PM False
4 62.95.91.206-62.95.91.207 12/31/9999 3:59:59 PM False
5 72.35.86.162 12/31/9999 3:59:59 PM False
7 208.65.145.65 12/31/9999 3:59:59 PM False
8 192.168.1.8-192.168.1.255 12/31/9999 3:59:59 PM False
Get-IPAllowListProvider returns nothing.
Get-ReceiveConnector | FL returns all this:
AuthMechanism : Tls, Integrated, BasicAuth, BasicAuth
RequireTLS, ExchangeServer
Banner :
BinaryMimeEnabled : True
Bindings : {192.168.1.8:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
DomainSecureEnabled : False
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
Fqdn : myserver.mydomain.local
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : unlimited
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : unlimited
MaxInboundConnectionPercentagePerSource : 100
MaxHeaderSize : 64KB
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10MB
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 5000
PermissionGroups : AnonymousUsers, ExchangeUsers, Exchan
geServers, ExchangeLegacyServers, Cus
tom
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {127.0.0.1, 192.168.1.3-192.168.1.255
, 192.168.1.0-192.168.1.1}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
ExtendedProtectionTlsTerminatedAtProxy : False
Server : myserver
SizeEnabled : EnabledWithoutValue
TarpitInterval : 00:00:05
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Default myserver
DistinguishedName : CN=Default myserver,CN=SMTP Receive Conn
ectors,CN=Protocols,CN=myserver,CN=Serve
rs,CN=Exchange Administrative Group (
FYDIBOHF23SPDLT),CN=Administrative Gr
oups,CN=First Organization,CN=Microso
ft Exchange,CN=Services,CN=Configurat
ion,DC=mydomain,DC=local
Identity : myserver\Default myserver
Guid : 79df4c8b-d6c2-4ddc-ad84-d46ab184b517
ObjectCategory : mydomain.local/Configuration/Schema/ms
-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 4/18/2012 8:42:43 AM
WhenCreated : 3/8/2012 5:05:13 PM
OriginatingServer : myserver.mydomain.local
IsValid : True
AuthMechanism : BasicAuth
Banner :
BinaryMimeEnabled : True
Bindings : {127.0.0.1:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
DomainSecureEnabled : False
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
Fqdn : myserver.mydomain.local
Comment :
Enabled : True
ConnectionTimeout : 06:00:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : unlimited
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize : 64KB
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10MB
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers, ExchangeUsers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {127.0.0.1-127.0.0.1}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
ExtendedProtectionTlsTerminatedAtProxy : False
Server : myserver
SizeEnabled : Enabled
TarpitInterval : 00:00:05
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Windows SBS Fax Sharepoint Receive TS
500
DistinguishedName : CN=Windows SBS Fax Sharepoint Receive
myserver,CN=SMTP Receive Connectors,CN=
Protocols,CN=myserver,CN=Servers,CN=Exch
ange Administrative Group (FYDIBOHF23
SPDLT),CN=Administrative Groups,CN=Fi
rst Organization,CN=Microsoft Exchang
e,CN=Services,CN=Configuration,DC=efp
lus4,DC=local
Identity : myserver\Windows SBS Fax Sharepoint Rece
ive myserver
Guid : e65dac21-4aa0-49d4-9a1e-5a511b00e57f
ObjectCategory : mydomain.local/Configuration/Schema/ms
-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 3/8/2012 5:17:01 PM
WhenCreated : 3/8/2012 5:17:01 PM
OriginatingServer : myserver.mydomain.local
IsValid : True
AuthMechanism : Tls
Banner :
BinaryMimeEnabled : True
Bindings : {192.168.1.8:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
DomainSecureEnabled : False
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
Fqdn : remote.electronicformsplus.com
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:01:00
MessageRateLimit : unlimited
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize : 64KB
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10MB
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {192.168.1.2-192.168.1.2, 192.168.1.0
-255.255.255.255, 0.0.0.0-192.167.255
.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
ExtendedProtectionTlsTerminatedAtProxy : False
Server : myserver
SizeEnabled : Enabled
TarpitInterval : 00:00:05
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Windows SBS Internet Receive myserver
DistinguishedName : CN=Windows SBS Internet Receive myserver
,CN=SMTP Receive Connectors,CN=Protoc
ols,CN=myserver,CN=Servers,CN=Exchange A
dministrative Group (FYDIBOHF23SPDLT)
,CN=Administrative Groups,CN=First Or
ganization,CN=Microsoft Exchange,CN=S
ervices,CN=Configuration,DC=mydomain,D
C=local
Identity : myserver\Windows SBS Internet Receive TS
500
Guid : 753d4f8f-e372-4a91-a41c-777afb2a3ba2
ObjectCategory : mydomain.local/Configuration/Schema/ms
-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 4/4/2012 3:04:08 PM
WhenCreated : 3/9/2012 5:32:42 PM
OriginatingServer : myserver.mydomain.local
IsValid : True
AuthMechanism : ExternalAuthoritative
Banner :
BinaryMimeEnabled : True
Bindings : {0.0.0.0:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
DomainSecureEnabled : False
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
Fqdn : myserver.mydomain.local
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : unlimited
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize : 64KB
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10MB
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : ExchangeServers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {192.168.1.10-192.168.1.19, 192.168.1
.9, 192.168.1.41-192.168.1.42, 192.16
8.0.100-192.168.1.110}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
ExtendedProtectionTlsTerminatedAtProxy : False
Server : myserver
SizeEnabled : Enabled
TarpitInterval : 00:00:05
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : updates
DistinguishedName : CN=updates,CN=SMTP Receive Connectors
,CN=Protocols,CN=myserver,CN=Servers,CN=
Exchange Administrative Group (FYDIBO
HF23SPDLT),CN=Administrative Groups,C
N=First Organization,CN=Microsoft Exc
hange,CN=Services,CN=Configuration,DC
=mydomain,DC=local
Identity : myserver\updates
Guid : f103f9f5-f3c4-4ff4-b1a8-4cc67d7b7ee3
ObjectCategory : mydomain.local/Configuration/Schema/ms
-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 6/3/2013 11:48:19 AM
WhenCreated : 4/4/2012 12:52:11 PM
OriginatingServer : myserver.mydomain.local
IsValid : True
AuthMechanism : Tls
Banner :
BinaryMimeEnabled : True
Bindings : {0.0.0.0:465}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
DomainSecureEnabled : False
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
Fqdn : myserver.mydomain.local
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : unlimited
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize : 64KB
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10MB
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {192.168.1.0-255.255.255.255, 192.168
.0.2-192.168.1.2, 0.0.0.0-192.167.255
.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
ExtendedProtectionTlsTerminatedAtProxy : False
Server : myserver
SizeEnabled : Enabled
TarpitInterval : 00:00:05
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Port 465
DistinguishedName : CN=Port 465,CN=SMTP Receive Connector
s,CN=Protocols,CN=myserver,CN=Servers,CN
=Exchange Administrative Group (FYDIB
OHF23SPDLT),CN=Administrative Groups,
CN=First Organization,CN=Microsoft Ex
change,CN=Services,CN=Configuration,D
C=mydomain,DC=local
Identity : myserver\Port 465
Guid : c265179c-9276-4a38-8a92-0a8367ff93c9
ObjectCategory : mydomain.local/Configuration/Schema/ms
-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 4/18/2012 8:43:03 AM
WhenCreated : 4/9/2012 3:11:26 PM
OriginatingServer : myserver.mydomain.local
IsValid : True
AuthMechanism : Tls
Banner :
BinaryMimeEnabled : True
Bindings : {0.0.0.0:587}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
DomainSecureEnabled : False
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
Fqdn : myserver.mydomain.local
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : unlimited
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize : 64KB
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10MB
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {192.168.1.0-255.255.255.255, 192.168
.0.2, 0.0.0.0-192.167.255.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
ExtendedProtectionTlsTerminatedAtProxy : False
Server : myserver
SizeEnabled : Enabled
TarpitInterval : 00:00:05
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Port 587
DistinguishedName : CN=Port 587,CN=SMTP Receive Connector
s,CN=Protocols,CN=myserver,CN=Servers,CN
=Exchange Administrative Group (FYDIB
OHF23SPDLT),CN=Administrative Groups,
CN=First Organization,CN=Microsoft Ex
change,CN=Services,CN=Configuration,D
C=mydomain,DC=local
Identity : myserver\Port 587
Guid : ebbb4c3a-dece-45f5-976b-8b7bd33a21d9
ObjectCategory : mydomain.local/Configuration/Schema/ms
-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 4/18/2012 8:43:09 AM
WhenCreated : 4/9/2012 3:13:59 PM
OriginatingServer : myserver.mydomain.local
IsValid : True
Similar Messages
-
Spam has greatly increased in my inbox. It was not a problem before. How can this be improved? Is anyone else having this problem?
What mail program are you using??? Who's your provider???
You can usually log in to your account and make changes to spam filtering, server side.
Client side you can add spam filtering software like SpamSieve. Very effective. -
I am receiving multiple "undeliverable" emails as response to emails I did not send. I am getting deluged on my .ME account. Anyone?
When people receive emails which appear to come from their own address but they haven't sent they naturally tend to be concerned: however it's most unlikely that anyone has hacked their account, they've just been targeted by one of two common spammers' techniques: both arise because it's all too easy to forge the 'from' address on messages to be something other than the real one.
There are two things that can happen. One is that the sender has forged the 'from' address to be the same as the 'to' address (so other people will see it coming from themselves, not you), presumably in the hope of confusing spam filters. It's harmless, if extremely annoying. Delete it (never ever answer spam or try to unsubscribe from it), and you don't need to be worried about it.
The other problem, which appears to be what is affecting you, is that a spammer is forging your address as the 'from' address on a whole batch of messages. The first thing you hear about this is when you start getting bounce messages because the spam has been sent to non-existent addresses and is being bounced to you. There's no point at all in responding to it. It's infuriating but normally stops after a bit as they move on to another forged address.
There isn't really anything you can do about it: closing the account isn't really worth the hassle unless you are totally swamped, because you will have to tell everyone your new address. Apple can't really do any more than they already are about spam. -
Hi,
My spam has become somewhat unmanageable.
Although I have spamguard on, I seem to get as much spam in my spam folder as my inbox. I know it's a losing batle, but I've kept adding spam addresses to my blocked addresses list, but it's now approaching it's 500 address limit.
Is my only option to get a new email address, and re-sign up for everything (newsletters etc.)? Any other solutions I could try?
Thanks in advance.
Daviddavidncohen wrote:
Hi,
My spam has become somewhat unmanageable.
Although I have spamguard on, I seem to get as much spam in my spam folder as my inbox. I know it's a losing batle, but I've kept adding spam addresses to my blocked addresses list, but it's now approaching it's 500 address limit.
Is my only option to get a new email address, and re-sign up for everything (newsletters etc.)? Any other solutions I could try?
Thanks in advance.
David
Hi.
A block address list is frankly pointless as spammers hardly ever use the same email address as the "From" address each time. It is usually random, or forging existing ones.
I find the anti-spam system very good, and although I have the setting to receive all the emails, including spam set - I hardly get any.
Are these emails general rubbish, or are they of a typical nature ?
I personally have my own domains, and for each company I deal with, I set up a unique email address for them. If I receive spam on any of them, I can delete that email address and know that the company has been "bad".
As already mentioned, the disposable addresses can be used, set up via webmail under Options/Mail Options/Disposable. Typically you won't normally use these to send emails.
http://www.andyweb.co.uk/shortcuts
http://www.andyweb.co.uk/pictures -
Spamming has made app reviews pointless and report button no longer works
The app reviews have become useless to me because of all of the spamming. And to make matters worse, the report button no longer works so the spamming posts can't be reported. Who do we contact to report spam?
My guess is that you have a scope problem. By putting the button inside a movieclip you have made the buttons scope the same as that clip.
So if you add a trace inside the release event handler, what do you get?
trace("My current scope is: "+this);
I'm guessing it is "_level0.mc_anim_backdrops_menu," right?
So since you are using the global function of gotoAndPlay() it is looking for that label in the current timeline and not finding it.
You should probably use the MovieClip method and specifiy which timeline it should look in.
_root.gotoAndPlay("Why");
_level0.gotoAndPlay("Why")
_parent.gotoAndPlay("Why");
both would probably work. I would never use the first two, other than to make sure that there wasn't something else going on... -
Our BC site uses Captcha, recently spam has jumped up??
20+ spam Web form submissions are coming in daily now. We use Captcha, but it appears this is no longer an assurance of spam not getting through? Help please.
Hey there,
If you can could you please make a ticket to the BC team, link the site, the web page with form and maybe some examples of the spam. They will need this information to help them.
With popular sites and Amazon infustructure your just open to this, Captcha can be bypassed but also bots send the image to serives that manually type these out and send back the answer via API type services so they can bypass this.
Not much you can do, but if you send that information across to BC they can have a look for you.
How is your javascript, you know jQuery? I can advise on a sort of sollution that is not captcha that could help here for you. -
HELP! Freaky spam has killed my e-mail capabalitites...
Last night (at a swanky restaurant), I started getting a deluge of e-mails from "Solution IP Registration" which read:
"Welcome to the Solution IP network, before you can use the Internet connection you must register for service. To register, run your web browser and access the URL:
http://soln-sr548.solutionip.com/register
You will automatically be redirected to the registration screens. Thank you."
I did NOT click on the link yet this e-mail propagated to all seven of my e-mail accounts dozens of times in each account.
Then, after dinner, when I got back to my hotel and tried to access the my e-mails, I had this pop-up message on the phone:
"The POP server "insert e-mail account" does not support X-APOP authentication. Please check account settings."
I am absolutely clueness and no e-mails are coming through.
Suggestions?So.... I deleted all the accounts and re-synced them back in. I now get e-mail but have two new glitches: the sync re-loaded the entire history of mail back into the phone (two years' worth) that I am having to delete one at a time. When I first got the phone, it did that but only loaded the first 50 with the option of seeing more. This time, when I delete those first 50, the next fifty keep filtering in. I've already spent FOUR HOURS deleting old e-mail and I am still doing it.
The second thing is the passwords and I am getting this message: Cannot Send Mail - No password provided for user "insert" on server "smtp.####.com"
Please go to Mail Account Settings and enter a password.
Of course when I go to the Mail Account Settings, there is a password there... -
Safe List Aggregation: Spam comes in with SCL 0
Hi,
I am getting obvious spam with a spam confidence level (SCL) of zero. It then goes into the inbox instead of the spam folder.
I suspect that someone in the organisation has put the domain on the safe senders list in Outlook and it has then been put on the global safe senders list in Exchange via safe list aggregation.
The sender's domain (usps.gov) is legit but it was faked as the SPF soft fail indicates.
This would no doubt go into the spam folder and not get a SCL of 0. There's even a .zip file attached with an .exe file in it.
What can I do about it?
Received: from PRTSHJSNT (200.74.141.50) by mail.x.com
(x.x.x.x) with Microsoft SMTP Server id 8.3.348.2; Mon, 28 Jul 2014
21:07:31 +0200
Message-ID: <[email protected]>
Date: Mon, 28 Jul 2014 14:11:30 -0500
From: =?koi8-r?B?k1VTUFMgRXhwcmVzcyBTZXJ2aWNlcyI=?=
<[email protected]>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: <[email protected]>
Subject: =?koi8-r?B?VVNQUyCWIE1pc3NlZCBwYWNrYWdlIGRlbGl2ZXJ5?=
Content-Type: multipart/mixed;
boundary="------------070108070705030105070303"
Return-Path: [email protected]
X-MS-Exchange-Organization-PRD: usps.gov
X-MS-Exchange-Organization-SenderIdResult: SoftFail
Received-SPF: SoftFail (Mail.x.local: domain of transitioning
[email protected] discourages use of 200.74.141.50 as permitted
sender)
X-MS-Exchange-Organization-SCL: 0
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report:
DV:3.3.13925.474;SV:3.3.7305.291;SID:SenderIDStatus
SoftFail;OrigIP:200.74.141.50Hi Ben,
You are right that
end users can add specific users or domains to a safe sender list or a blocked sender list by configuring their junk email settings . (In Exchange 2010 and Exchange 2013,
user can no longer add specific domanins to the safe sender list and the blocked sender list.)
Based on your description, I suggest you to use the IP Block list Providers service.
Here is an article for your reference.
How to Configure IP Allow List and IP Block List Providers
http://technet.microsoft.com/en-us/library/bb124369(v=exchg.80).aspx
And to the best of my knowledge, these are free:
Spam and Open Relay Blocking System (SORBS)
http://www.us.sorbs.net/
Composite Blocking List (CBL)
http://cbl.abuseat.org/
SpamCop Blocking List (SCBL)
http://www.spamcop.net/bl.shtml
If you have any further questions, please let me know.
Best regards,
Eric -
____ spam mails getting through with scl -1
Hi,
We've recently installed an exchange 2010 with forefront security for exchange. We where happy to receive very little to no spam in our inbox.
But now since a week or so we get a lot of spam through. Very obvious spam like this:
Cheap ViagraPills start fr $1.85
GenericViagra:
** 25mg:
40 pills - $ 78
** 50mg:
30 pills - $ 99
270 pills - $499
** 100mg:
30 pills - $105
270 pills - $540
** 150mg:
20 pills - $139
** 120mg:
20 pills - $117
Optional: Delivery Insurance (Guaranteeed reshipment if delivery failed)
This in plain text is obviously spam. The header of the email says SCL -1.
Does anyone have any idea how come this is happening?
Don't forget about Alt+Esc!Ok so here's the header:
Received: from vATS007.atsgroep.be (10.0.0.161) by vats003.atsgroep.be
(10.0.0.121) with Microsoft SMTP Server (TLS) id 14.1.255.0; Sat, 6 Nov 2010
19:39:56 +0100
Received: from bqcev (82.233.192.127) by mail.atsgroep.be (194.78.214.42) with
Microsoft SMTP Server id 14.0.702.0; Sat, 6 Nov 2010 19:39:55 +0100
To: <[email protected]>
Date: Sat, 6 Nov 2010 12:33:45 -0700
Sender: <[email protected]>
From: Rubie Ema <[email protected]>
In-Reply-To: <aa0801cb7b22$7ee5d7eb$a3157d55@crwnk81>
Subject: GenericViagra: 50mg:30 pills-$99, 100mg: 270pills-$540, 150mg: 20pills-$139 sk
X-Sender: <[email protected]>
Message-ID: <[email protected]>
MIME-Version: 1.0
Reply-To: Rubie Ema <[email protected]>
Content-Type: multipart/alternative;
boundary="----=_Part_49282_0715_05676809.BA20F319"
User-Agent: Mozilla/5.047 (Windows; U; Windows NT 5.0; U; NT4.0; en-us) Gecko/25250101
Return-Path: [email protected]
X-MS-Exchange-Organization-PRD: cs.com
Received-SPF: None (vATS007.atsgroep.be: [email protected] does not
designate permitted sender hosts)
X-MS-Exchange-Organization-Antispam-Report: v=1.1
cv=rT00GTpZ5MSp1ZxZFnbz90rwzC0u/eIJHHhk9TgDoBE= c=1 sm=1 a=7C9BXaI6PjcA:10
a=GoqiXTz7-MIA:10 a=Bm5CGD5hNXwA:10 a=nsHQh+8dCwREoUYq5PAOiw==:17
a=ie9QzACsAAAA:8 a=E_L80fFITzSPg6_BmNcA:9 a=cuI9EFUVpeGK_7-9qG8A:7
a=noDXP0wlcfnoTGAvK9V8zB8UWL8A:4 a=CjuIK1q_8ugA:10 a=PMIgtkiIR_m9gaii:21
a=KUoTCPfgi0dl5dgL:21 a=urt2cUY3a_t7NE3V:21 a=LK2Jkdhqki-MnjMQf5EA:9
a=CqlJE-djHJjGR-XVuDkA:7 a=mjXP_EH4SfxCrkfH5ibzS5K3CuoA:4
a=ZFUir7Rss4gDEpGH:21 a=L39HvqBh4ZPSvNEo:21 a=EgusNkTKHnttRevb:21
a=nsHQh+8dCwREoUYq5PAOiw==:117;OrigIP:82.233.192.127;SCL:-1
X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;1;0;0 0 0
X-MS-Exchange-Organization-SCL: -1
X-MS-Exchange-Organization-SenderIdResult: NONE
X-MS-Exchange-Organization-AuthSource: vATS007.atsgroep.be
X-MS-Exchange-Organization-AuthAs: Anonymous
Don't forget about Alt+Esc! -
This was the e-mail I received:
Environmental company currently looking for partners from all over the world.
Commission of 5 percent on 200K USD monthly turnover derivedfrom sales of intellectual property products on the internetFeatures required:- Company ownership- Timely performance of all tasks- Continuous availability for Email, Skype and telephone feedbackConsidering your interest, please furnish us with the following:- Full Name- Age- Location- Telephone- EmailPlease reply to: Kind Regards,Marketing, Liaison and HR Department
<Email Edited by Host>Firstly, it's a really bad idea to post your email address (or anyone else's) - it's an invitation to even more spam - and I've asked the Hosts to remove them.
When people receive emails which appear to come from their own address but they haven't sent they naturally tend to be concerned: however it's most unlikely that anyone has hacked their account, they've just been targeted by one of two common spammers' techniques: both arise because it's all too easy to forge the 'from' address on messages to be something other than the real one.
There are two things that can happen. One is that the sender has forged the 'from' address to be the same as the 'to' address (so other people will see it coming from themselves, not you), presumably in the hope of confusing spam filters. It's harmless, if extremely annoying. Delete it (never ever answer spam or try to unsubscribe from it), and you don't need to be worried about it.
The other problem is that a spammer is forging your address as the 'from' address on a whole batch of messages. Usually the first thing you hear about this is when you start getting bounce messages because the spam has been sent to non-existent addresses and is being bounced to you. In this case it looks as if this is what has happened but you've also got onto their mailing list so you're getting it directly.
There's no point at all in responding to it. It's infuriating but normally stops after a bit as they move on to another forged address.
There isn't really anything you can do about it: closing the account isn't really worth the hassle unless you are totally swamped, because you will have to tell everyone your new address. Apple can't really do any more than they already are about spam. -
Why has the amount of spam I receive tripled in the last few weeks ?
daily spam has increased daily
Sorry, that is not a Firefox support issue, Firefox doesn't do email. You may need to adjust your spam filters.
If you are using Firefox to access your mail, you are using "web-mail". You need to seek support from your service provider or a forum for that service.
If your problem is with Mozilla Thunderbird, see this forum for support.
[http://www.mozillamessaging.com/en-US/support/] <br />
or this one <br />
[http://forums.mozillazine.org/viewforum.php?f=39] -
Problems with spam filtering (specific and general)
I I am getting messages coming through that are OBVIOUS spam (phishing attempts from [email protected] and
[email protected] saying the at the account was frozen). The address is wrong in the bottom, the domains are obviously wrong, and we've seen these repeatedly. And yet they keep coming through. I was actually told that because it was marked as
NSPM by the filter it should have been delivered, but I'm appalled that it isn't getting marked as spam at all.
I was given a few options for creating manual rules (well, I can do that all day, but then why have a service?) and then reset my SPF and other content delivery conditions for future monitoring. But really what I want is a definite answer as to why something
that any person can look at and recognize is not getting picked up. It's pretty embarrassing to have moved to Office 365 and had spam protection get notably worse than it was under Postini. And then to have support tell me that it got delivered because
it was marked as NSPM ("I know it got marked that, but how in the world did that happen?"). We've been getting these off and on for months.
My more general complaint is how spam whitelists and blacklists are maintained. They are one step up from having to manually edit text files (which would actually be easier to do since I could search those easily). Again- this can't be the best Microsoft
has to offer, and given the global issue that spam has become I can't believe they aren't making this better more quickly.
Received: from BY2PR01MB107.prod.exchangelabs.com (10.242.43.19) by
CO1PR01MB109.prod.exchangelabs.com (10.242.164.146) with Microsoft SMTP
Server (TLS) id 15.0.934.12 via Mailbox Transport; Sun, 4 May 2014 22:42:34
+0000
Received: from BY2PR01CA002.prod.exchangelabs.com (10.255.247.32) by
BY2PR01MB107.prod.exchangelabs.com (10.242.43.19) with Microsoft SMTP Server
(TLS) id 15.0.934.12; Sun, 4 May 2014 22:42:30 +0000
Received: from BL2FFO11FD018.protection.gbl (2a01:111:f400:7c09::198) by
BY2PR01CA002.outlook.office365.com (2a01:111:e400:2c16::32) with Microsoft
SMTP Server (TLS) id 15.0.934.12 via Frontend Transport; Sun, 4 May 2014
22:42:29 +0000
Received: from ios7supp0rt.com (176.58.88.173) by
BL2FFO11FD018.mail.protection.outlook.com (10.173.161.36) with Microsoft SMTP
Server id 15.0.929.8 via Frontend Transport; Sun, 4 May 2014 22:42:28 +0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=ios7supp0rt.com;
h=To:Subject:Date:From:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; [email protected];
bh=txKF8WnwFM/0C4YId7Ij73YddMc=;
b=ZNL5MeSkubrD8iqoHfwWvIkob+rT9t9OOB4tcYymj2oN6S6u9DvavgjAgzhD06ENEUtOJy+X/AG3
Ttdm6MVp+Qw85SqQIdu9aDO0yvs4SE2jwtLdWq0Rv6ynhqulRFsUKdfrlf+rIUrAgH9ovGmtjBdg
e68KX3Prx0j+6Yqe9H8=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=default; d=ios7supp0rt.com;
b=lUMpjXXTRnieJEsqhu5oDBmNOyNKRNAZ4jzlmeOK51AaGmbtZy7WKaEp2i0/Wmwrzn41EeDDqba3
5Cv3CYXOGg77SvVATHTL4IGlr8taesMd66PkcMMnhAqTa9XqZPo66Aq2nWotZILvjKFzs8kEtmfJ
QstWULOZADNps03bb1c=;
To: [email protected]
Subject: Apple/iCloud Account Frozen
Return-Path: [email protected]
Date: Sun, 4 May 2014 22:42:25 +0000
From: "Apple Europe" <[email protected]>
Reply-To: [email protected]
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Message-ID: <[email protected]>
X-EOPAttributedMessage: 0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: CIP:176.58.88.173;CTRY:GB;IPV:NLI;EFV:NLI;SFV:NSPM;SFS:(428001)(199002)(189002)(25786004)(31696002)(23846002)(40036003)(74316001)(20776003)(50466002)(85852003)(46102001)(80022001)(99396002)(19617315010)(18206015023)(4396001)(19300405004)(15975445006)(21056001)(83072002)(50986999)(64706001)(77982001)(80976001)(92726001)(79362001)(76482001)(946001)(79102001)(956001)(43066001)(575854001)(19580395003)(81342001)(44976005)(71816001)(70736001)(101416001)(74502001)(83322001)(53806999)(87836001)(19580405001)(33646001)(15202345003)(74662001)(81542001)(54356999)(23676002)(551544002)(307094003)(467094002)(8886004)(575514002)(18016003)(435084004);DIR:INB;SFP:;SCL:1;SRVR:BY2PR01MB107;H:ios7supp0rt.com;FPR:;MLV:nov;PTR:orders.ios7supp0rt.com;A:1;MX:1;LANG:en;
X-MS-Exchange-Organization-Network-Message-Id: 517b8afa-807f-489c-e9f2-08d136014419
X-MS-Exchange-Organization-AVStamp-Service: 1.0
Received-SPF: None (: ios7supp0rt.com does not designate permitted sender
hosts)
Authentication-Results: spf=none (sender IP is 176.58.88.173)
[email protected];
X-MS-Exchange-Organization-SCL: 1
X-MS-Exchange-Organization-AuthSource: BL2FFO11FD018.protection.gbl
X-MS-Exchange-Organization-AuthAs: AnonymousHi,
Do you mean your client is list in the spam list by your Exchange Server?
If so, I think the most efficient way is to contact the Exchange Administrator to check the spam list.
Thanks,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support -
From: Apple-ID [mailto:[email protected]]
Sent: Wednesday, December 11, 2013 7:36 PM
To: Deborah McKay
Subject: Final step To verify your Apple
Dear Apple Customer,
Your Apple ID has been used to open a session iCloud from an unauthorized device..
It's easy: Click the link Your iTunes account is now locked, please enter your account to verify your information. .
Update Now >
After you finished your account is confirmed, let us know immediately. Report, it is important because it helps us prevent fraudsters from stealing your information. Sincerely, apple.
copyright 2013 Apple Inc. Please do not reply to this email because we are not monitoring this inbox. To get in touch with us, log in to your account and click "Contact Us" at the bottom of any page. Copyright © 2013 apple. All rights reserved. apple (Europe) S.à r.l. et Cie, S.C.A. Société en Commandite par Actions Registered office: 22-24 Boulev ard Royal, L-2449 Luxemburg RCS Luxemburg B 118 349 apple Email ID PP315.
I just got this message and sent it to [email protected] per instructions on another post. the link leads to a page asking for Apple id and credit card information.I got a similar email. It's obviously Spam. The double period afetr the first sentence and the otherwise poor grammar are dead giveaways even before I checked out the link embedded. -- I didn't click on it, just hovered over it to get the url. And the return address was [email protected] Very bogus.
-
My mom's iphone is sending spam imessages and emails?
So my mother has a iPhone 4, running iOS 5.0.1 I believe. Our service provider is Bell Canada.
This afternoon I recieved an odd **iMessage** from my mother on my Iphone 4S, containing a link. Knowing that this was strange, I immediately responded to the message via the app Kik Messenger asking her what she sent me. As I suspected, she said she didn't send me anything via iMessage. On a hunch I checked my email, where I found three obvious spam **E-mail** messages sent roughly the same time. After informing her, she found that all of her contacts on her iPhone with email addresses attached had recieved spam e-mails, and those that had iPhones had also recieved similar spam iMessages via email.
Basically its like that old "I love you" spam email message that if you open it it goes through and sends itself to your whole contact list, only it is somehow able to send both e-mails and iMessages. No SMS that I'm aware of.
I'm going to get her to restore her phone from a back-up... but this boggles my mind. I'm having her change her passwords for both her email address and Apple ID, though I doubt that will actually do anything (at least it will make her feel better about the whole thing)
How is this possible? Does anybody understand the relationship between iMessage, your Apple ID and your email address? .My girlfriend's iPhone just did this today, something about joining Vox me!, which she or I know nothing about.
-
SPAM targeting Verizon customers
I just got an email that LOOKS like it came from Verizon - it has all the usual icons and link titles - but it is a SPAM message! It claims that I have a $905.08 bill for my latest billing cycle! But if you put your cursor over the links, they show up as going to obvious spam sites like 'vinilrichard.com' - so watch out!
This came up a couple of weeks ago too - and it's always, ALWAYS good practice NEVER click links in emails, even if it appears legitimate. If the notice is from your bank or a company you normally do business with (like Verizon), just close out the email and go directly to your account by typing in the website yourself. If all appears normal, then you know it was "phishing" to get your login and password.
Thanks for the heads up to be on the lookout - and probably a rep is going to come on and give you an email address to forward that to so they can get a look at it.
There was a similar scheme but the spam came in as a text message with a link to click - https://community.verizonwireless.com/message/792773#792773
Maybe you are looking for
-
Delete File From Mounted Volume
Hey, I am trying to delete the "Calendar Cache" files on both my laptop PowerBook G4 and the Mac Pro Quad that I sync my calendars with. I am using ChronoSync and the individual calendars sync fine, but there is a little house keeping needed with the
-
I want to connect my MacBook Pro i7 that has a mini Dsiplay Port/Thunderbolt port. I want to connect it to my VGA NEC LT20 DLP Projector. I have the Apple MiniDisplayPort to VGA adapter, MB5727Z/A, Model Number A1307 and the computer does not recogni
-
Object '485V83KBEXPI7' (ROUT) of type 'Routine' is not avble in D Version
Hi, when i am installing BI Content Activation for InfoObject catalog 0MMPUR_CHA0, InfoObject catalog remains Inactive and showing below error. Object '485V83KBEXPI7VUNBAQ0D9UCR' (ROUT) of type 'Routine' is not available in version 'D' Message no. RS
-
Change slide duration to 2.5 seconds??
Is it possible to change the duration of a slide to 2.5 seconds in imovie08. I keep trying, but it seems to make it go to 4 seconds rather than 2.5. 2 seconds is a little too fast and 3 makes my slide show a bit too long. I have also changed the dura
-
Jstart.exe not starting in the SAPMMC - Forgot admintrator's password
hi, Presently i am working in CE 7.1 -trial version. I started my SAPMMC today. I forgot my administrator's password so i was unable to login into the portal. Then i activated the Emergency user. Logged into portal as SAP* and changed the administrat