@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

@dashrender said in Whack a mole: Dealing with Spam/Phishing:

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

@dashrender said in Whack a mole: Dealing with Spam/Phishing:

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

@dashrender said in Whack a mole: Dealing with Spam/Phishing:

@pete-s said in Whack a mole: Dealing with Spam/Phishing:

@gjacobse said in Whack a mole: Dealing with Spam/Phishing:

@pete-s said in Whack a mole: Dealing with Spam/Phishing:

@gjacobse said in Whack a mole: Dealing with Spam/Phishing:

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

The problem is the process... why would someone be reporting spam and why is someone blocking it? That doesn't make sense. Get a good spam filter, configure, train people how to delete, done

"But this is the way we (they) have always done it... "

You mean they are "reporting" as in actually reporting it to someone? And not by marking it as spam in the email client?

Yeah, that doesn't make any sense. Far too time consuming.

Outlook Toolbar.. Reporting
d4517c20-ac54-44fd-a195-1b6ef87caf87-image.png

OK, but that just ends up sending an alert email to the designated phishing mail contact, which is IT right?

It would have made more sense if those emails had been forwarded to Trend Micro automatically and their adaptive algorithm would have learned how to detect them.

Right now Trend Micro doesn't have a clue what emails their user are classifying as spam or phishing attempts. Because that happens way after the email has passed through their gateway.

That's interesting.

With Appriver - we forward emails to [email protected] and appriver deals with it. Other than constantly reminding people that's where the report needs to go - I don't really deal with it.

Thought as Scott mentioned - so much spam is a once and done situation - so reporting it is often pointless.

That's not a bad process. But still a bit more than just "mark as spam" which is really simple.

oh, that most definitely is. and it's an option we have in O365.... but we now have two layers of spam filtering - appriver and MS...

So people have to report to O365 AND AppRIver? Do they really catch enough different to justify filtering twice?

no, they don't - and likely they aren't. I've shown nearly no one how to report to MS - so that's the one that's skipped. Everyone has been told about forwarding email to spam@appriver - and yes, it's more work than just right click - mark as spam, but not so much so that people don't do it.

Why report to that one when O365 is the important one and the one that's like 10x more likely to be permanent instead of being clearly in the "should be removed" category? Less work, better results, less long term risk.

Time, the old process is already in place. It's just a matter of informing people at this point - it just hasn't happened yet.

@dashrender said in Webroot status:

I have one client (well, x-client now) that just moved away from it because the new owners used something else, but up to the beginning of June, they were on it with no issues.

Unless "paying for something that has a negative impact on them" is an issue. To a business, that is always an issue. It's a "loss event" just like any other, similar to a small outage or dataloss. It's a business mistake that causes measurable lost revenue and puts other revenue at risk. So while a hobby could classify it as "not having any issue", no actual business can.

@manxam said in Exchange 2013 not sending email to Junk Folder:

Wonder if this is a legacy setting brought forward from SBS 2008.. Regardless, changing it to 4 like you did should likely fix your issue going forward.

Possibly. Time will tell if mail start going to Junk or not.

@Natchos said in 3rd party spam filter solution pricing:

We have been using MS Exchange Online Protection for the last 8 years. It's been working good with our on-premise Exchange server.
Price we pay is 18.99$ per user per year. We are almost at 50 users.

I signed up for this. It was only $1/user/month

Switched things today. So far, all is working normally.

@WLS-ITGuy said in O365 & Spam filter:

I thought I read it somewhere. Thanks.

What about backups? I thought I read somewhere that O365 doesn't do backups. So if an end user deletes an email or accidentally deletes/moves a folder there is no way to retrieve that.

Although the backups are for Microsoft themselves see this
https://docs.microsoft.com/en-us/office365/servicedescriptions/exchange-online-service-description/high-availability-and-business-continuity

https://docs.microsoft.com/en-us/exchange/back-up-email

Same as what @JaredBusch said on a user level or even an admin.

@pattonb said in DNS PTR Record with 2 FQDN Entries with SPAM Check:

@JaredBusch incorrect, Scott has summarized succinctly

That is what you asked. But going with that is not what you actually wanted, then the answer to your original post is that you don't fix anything.

You whitelist the domain in question and move on.

The sender's ISP is in charge of setting the PTR record and there is not a damned thing you can do about it.

@scottalanmiller said in Microsoft BCL or Bulk Complaint Level Values for Email:

Some sources call this an SCL or Spam Complaint Level.

Emails into O365 have both BCL and SCL.

I used to use a barracuda 300 (for about 6 years) in conjunction with their cloud filtering for our on-prem Exchange 2010 server. I think there were 2 times that they had some sort of issue where they let a crap-ton of spam through, unfiltered.

I have moved to Office 365 and am exclusively using their filtering. I think barracuda was better at filtering. Especially, when it comes to phishing messages that pretend to be from Microsoft's services. You'd think that Microsoft would be able to catch those better than anyone. Not in my experience.

He only sent me a few hundred thousand, I feel ripped off.

Thanks all, this has been helpful for me as I'm developing a training on email security for our company.

@travisdh1 said in SPAM Filtering with Zimbra:

@dbeato I'm a fan of using their RBL list. Anyone know if that's still available for free?

@travisdh1 also the server is b.barracudacentral.org

@jaredbusch said in Where did they come from?:

@wrcombs said in Where did they come from?:

When if first joined ML there were no spammers (at least to my knowledge) where did they all come from?
Why do companies push their employees to spam and such on Thread websites?
Sounds like a great way to push people away from you product.

Because it costs them next to nothing to spam hundreds of websites.

And it only takes one sucker to click through and make that phone call to earn a profit.

Yeah, some quick math...

A full time spammer can be hired overseas for $300/mo. That's a MONTH. And that's high, $200 is definitely plausible. All they have to do is join websites, post pre-written spam copy. Simplest job ever. They can spam maybe 100 communities a day. That's 2,800 a month. Out of 2,800 posts, it would take maybe an average of five "customers" to cover the cost of that for really cheap software.

Easy math.

If you ever need to report a Microsoft partner for ethics breaches, you can email [email protected]

@mike-davis said in Spam filtering software:

@tech1 Sometimes it helps to take a step back and evaluate what you're really trying to do instead of look for a product for what is already in place. Liquid mail claims to filter, but clearly it's not working. o365 and gmail do a great job, so why not consider them? It would probably be better to filter it before it hits the client.

And for a single user.... the cost of looking at another option is too much. Office 365 is $4/mo... that's $48/year. That's hosting, storage, support, everything. And that's a top end, luxury level service. It only gets cheaper from there.

@coliver said in Smart Phishing Spams worrying me:

This is called spear phishing or targeted phishing. There isn't much you can do about it from a technical perspective. Train your users is about the only option.

That's really the case. The thing about spear phishing is that it is all but impossible to conidently detect unless you are the human recipient and can verify the details in some other manner.

I have received USPS and UPS ones lately. Normals would be totally fooled by them. 😞

@NetworkNerd said in Marketing Campaign E-mail and Office365 - Check My Logic, Please:

@JaredBusch said in Marketing Campaign E-mail and Office365 - Check My Logic, Please:

I would need to see the ehaders, but I send email from a postfix relay with a valid return on my Office 365 server to other Office 365 users all the time and nothing is junked.

The only thing I did was to add the WAN IP of the location with the Postfix server as a new connector trusted by IP.

Very similar to what you mention here, I think this is it - https://support.e2ma.net/Resource_Center/Account_how-to/how-to-whitelist-emma.

Not exactly. That is whitelisting entire IP blocks.