Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | ... | 20
'That VDSL Cat'
9892 posts

Uber Geek
+1 received by user: 2317

Trusted
Spark
Subscriber

  Reply # 1947267 26-Jan-2018 17:43
One person supports this post
Send private message

hey folks,

 

 

 

I'd like to direct your attention to a new button!

 

 

 

 

This simplifies the process of reporting spam (previously it was handled by dragging into junk which isn't as easily picked up on)

 

 

 

 

 

Step in the right direction, I'm very aware there is alot of push still on this end to work further on the spam filtering.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


64 posts

Master Geek
+1 received by user: 3


  Reply # 1947293 26-Jan-2018 19:07

Thanks for the update,

 

I have been looking at the regex condition and it is quite powerful - if you understand what it can do.

 

None of the Open-Exchange documentation I came across said how to use it fully apart from the OR ( | ) example 

 

It has the capability to test HTML - which is what I wanted 

 

 

 

Here's a wiki page dedicated to it https://en.wikipedia.org/wiki/Regular_expression

 

 

 

Cheers

 

Al

 

 


 
 
 
 


73 posts

Master Geek
+1 received by user: 16
Inactive user


  Reply # 1947300 26-Jan-2018 19:25
Send private message

hio77:

 

hey folks,

 

 

 

I'd like to direct your attention to a new button!

 

"snip"

 

 

 

This simplifies the process of reporting spam (previously it was handled by dragging into junk which isn't as easily picked up on)

 

 

hio77:

 

Step in the right direction, I'm very aware there is alot of push still on this end to work further on the spam filtering.

 

Haha when I hit reply to post I'd only read the top line "I'd like to direct your attention to a new button!" - My initial response was going be "A new spam filter would be better" :P

 

Then I saw the last sentence :)  It's a step forward at least, good to know the cries of the people are being heard. :)

 

 

 

 

 

P.S any word on that other thing?

 

 

 

 


58 posts

Master Geek
+1 received by user: 3


  Reply # 1947327 26-Jan-2018 20:34
Send private message

hio77:

 

hey folks,

 

 

 

I'd like to direct your attention to a new button!

 

<snip>

 

Step in the right direction, I'm very aware there is alot of push still on this end to work further on the spam filtering.

 

 

Agreed, a step in the right direction. Showing in Xtramail, but not (yet) showing in Spark Business mail (also on the Open Exchange platform). There are, however, a few bells and whistles available to Business Mail users that aren't available to Xtra users.

 

I'm a bit wary of the "Reject with reason" option - as much as I like the idea, informal tests I've done suggest that it's a good way of creating backscatter.


1328 posts

Uber Geek
+1 received by user: 269

Subscriber

  Reply # 1952156 5-Feb-2018 19:18
One person supports this post
Send private message

Still on topic - sort of.

 

I have a client who is getting continually banned from his @xtra email as he has had lots of emails from his address binned as spam by xtra users.  The problem is he didn;t send the emails - so they must be spoofed from an external spammer but SMX is letting them through, accepting people marking him as a spammer and then banning him from using his own email.

 

 

 

1 - Ive been through all his devices, his web mail etc - there is zero evidence of any spam being sent in fact there would be a total of less than 50 emails in the last 5 - 6 weeks. Most to the same 10 people to complete a transaction. None are @xtra users he has sent to. This points to the spam being supposedly received from him being spoofed.

 

2- SMX should be junking emails from @xtra that dont come from their servers or at least have some kind of very strong dmarc / spf etc running to prevent spoofing.

 

3 - Spoofed addresses should be binned before they get to end users. With authenticated / encrypted smtp no @xtra email should come from 3rd party servers

 

4 - I understand SMX have guaranteed spam rates of less than 2 per 100k - they seem to be failing miserably at achieving this.

 

5 - SMX trying to achieve their guarenteed spam rates have dumped truckloads of legitimate emails but seem to be completely allowing low level easily filtered crud through.

 

 

 

 





nunz

58 posts

Master Geek
+1 received by user: 3


  Reply # 1952261 6-Feb-2018 07:26
Send private message

In one of my more recent interactions with SMX (haven't done so for a while) I got the sense that they thought that I was the spammer. I wouldn't be surprised if someone (or something) at their end is giving greater weight to "from" addresses and other easily forged details than would be justifiied.


3096 posts

Uber Geek
+1 received by user: 395


  Reply # 1953530 8-Feb-2018 10:44
One person supports this post
Send private message

Hands up who has had a 'Access Blocked' Email around 10am pretty much every day for the past week from 'Kiwibank' spoofed .co.nz addresses with similar text in each message that would capture all..

 

*raises hand*

 

Do they even send mail to customers from the primary domain?.. like, could from:*@kiwibank.co.nz itself be binned and save everyone marking them daily...

 

 

 

 


58 posts

Master Geek
+1 received by user: 3


  Reply # 1953548 8-Feb-2018 11:12
Send private message

Oblivian:

 

Hands up who has had a 'Access Blocked' Email around 10am pretty much every day for the past week from 'Kiwibank' spoofed .co.nz addresses with similar text in each message that would capture all..

 

*raises hand*

 

Do they even send mail to customers from the primary domain?.. like, could from:*@kiwibank.co.nz itself be binned and save everyone marking them daily...

 

 

 

 

 

 

*raises hand* - had "Access blocked" come in this morning, another "Kiwibank Alert- Unlock your access" yesterday, and another "Access blocked" on the 6th. All have been reported via Spamcop and assorted other reporting agencies (including Kiwibank), and moved to the Spam folder.

 

I haven't looked for a pattern in the source of the last lot yet.

 

I receive genuine emails from Kiwibank with the kiwibank.co.nz domain, but to an email address other than the one receiving the phishing attempts. The handful of phishing attempts I've actually looked at have been done in a way so it appears like the emails are coming from kiwibank.co.nz when viewed in Thunderbird or Webmail, but the (probably faked) "From" address is actually another domain.

 

Update (Correction): the latest phishing attempts I've received use a (probably faked) communication.co.nz email address, disguised to display as a kiwibank.co.nz address.

 

 


3096 posts

Uber Geek
+1 received by user: 395


  Reply # 1953575 8-Feb-2018 11:58
One person supports this post
Send private message

Sounds very much like nearly every address is getting the same one then.

 

And yes, although from a NZ source (display as kiwibank) the messages themselves are originating from Brazil VPS server via Germany - same as I earlier indicated with the Blackhat SEO guys too. Fire up free trail VPS, spam to your hearts content. Fall off the face of the earth.

 

If anything protection should be starting even at that level..

 

 

 

Received: from excmbx-22......de ([134.76.....] helo=email.gwdg.de)
by mailer.gwdg.de with esmtp (Exim 4.80)
(envelope-from <.communication.co.nz>)
id 1ejXAD-0006a1-SP; Wed, 07 Feb 2018 22:21:57 +0100
Received: from .virtua.com.br (179.218...) by EXCMBX-22.um.gwdg.de

 

Spamcop filters the same info, MX makes it look better

 

https://mxtoolbox.com/EmailHeaders.aspx 


1704 posts

Uber Geek
+1 received by user: 410


  Reply # 1953726 8-Feb-2018 16:37
One person supports this post
Send private message

Oblivian:

 

Sounds very much like nearly every address is getting the same one then.

 

And yes, although from a NZ source (display as kiwibank) the messages themselves are originating from Brazil VPS server via Germany

 

 

Isnt this the sort of thing any commercial spam filtering service should block?
greylisting, spf & ptr checks ...... Nope

Its like they arnt really trying to block OBVIOUS spam & scams .


3096 posts

Uber Geek
+1 received by user: 395


  Reply # 1953734 8-Feb-2018 16:50
One person supports this post
Send private message

1101:

 

Oblivian:

 

Sounds very much like nearly every address is getting the same one then.

 

And yes, although from a NZ source (display as kiwibank) the messages themselves are originating from Brazil VPS server via Germany

 

 

Isnt this the sort of thing any commercial spam filtering service should block?
greylisting, spf & ptr checks ...... Nope

Its like they arnt really trying to block OBVIOUS spam & scams .

 

 

Now you see why for entertainment factor I have such persistence rather than ignoring the inbox and moving on ;)

 

Fun to pick holes at how slap-in-the-face some of the technical checks are failing.

 

/edit.. I thought the .br domain was familiar looking from other messages..

 

https://isc.sans.edu/forums/diary/Is+a+telco+in+Brazil+hosting+an+epidemic+of+open+SOCKS+proxies/22956/ 


58 posts

Master Geek
+1 received by user: 3


  Reply # 1956471 13-Feb-2018 17:13
One person supports this post
Send private message

Just a friendly reminder, don't blindly reply to spam requesting unsubscription from the mailing list. I've had a couple of unsubscribe requests come my way via mailing lists used by spammers. Off to Spamcop go the copies of the offending spam message, and the unsubscribe requests too.


'That VDSL Cat'
9892 posts

Uber Geek
+1 received by user: 2317

Trusted
Spark
Subscriber

  Reply # 1956478 13-Feb-2018 17:21
Send private message

1101:

 

Oblivian:

 

Sounds very much like nearly every address is getting the same one then.

 

And yes, although from a NZ source (display as kiwibank) the messages themselves are originating from Brazil VPS server via Germany

 

 

Isnt this the sort of thing any commercial spam filtering service should block?
greylisting, spf & ptr checks ...... Nope

Its like they arnt really trying to block OBVIOUS spam & scams .

 

 

if examples of this are here, Please pass to me and i'll get them through to the guys..

 

 

 

Will need the details including Headers, Example emails, Target email etc.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


3096 posts

Uber Geek
+1 received by user: 395


  Reply # 1956590 13-Feb-2018 20:44
Send private message

hio77:

 

1101:

 

Oblivian:

 

Sounds very much like nearly every address is getting the same one then.

 

And yes, although from a NZ source (display as kiwibank) the messages themselves are originating from Brazil VPS server via Germany

 

 

Isnt this the sort of thing any commercial spam filtering service should block?
greylisting, spf & ptr checks ...... Nope

Its like they arnt really trying to block OBVIOUS spam & scams .

 

 

if examples of this are here, Please pass to me and i'll get them through to the guys..

 

 

 

Will need the details including Headers, Example emails, Target email etc.

 

 

 

 

Been using the web-flag option/drag to spam from SMTP if it makes a difference already..

 

But the one in particular we mentioned here which stood out to multiples.. (hopefully noone is silly enough to click and it doesn't breach anything...)

 

 

Return-Path: <alerts@communication.co.nz>
Received: from 10.23.40.103 ([10.23.30.4])
by 10.23.40.246 with LMTP id EDZAKfxte1rHUAAAOkX3FQ
; Wed, 07 Feb 2018 21:22:04 +0000
Received: from 10.23.30.46 ([10.23.30.4])
by 10.23.40.103 with LMTP id qOQDKfxte1rVbgAARqWCkg
; Wed, 07 Feb 2018 21:22:04 +0000
Received: from xtra.co.nz ([10.23.30.4])
by 10.23.30.46 with LMTP id uMfBJ/xte1reYQAA/dMj0w
; Wed, 07 Feb 2018 21:22:04 +0000
Received: from mailer.gwdg.de ([134.76.10.26]) by mx.xtra.co.nz with ESMTP
(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384
(256/256 bits)) id 5A7B6DFA-6047011D@mta2308;
Wed, 07 Feb 2018 21:22:03 +0000
Received: from excmbx-22.um.gwdg.de ([134.76.9.232] helo=email.gwdg.de)
by mailer.gwdg.de with esmtp (Exim 4.80)
(envelope-from <alerts@communication.co.nz>)
id 1ejXAD-0006a1-SP; Wed, 07 Feb 2018 22:21:57 +0100
Received: from b3dac851.virtua.com.br (179.218.200.81) by EXCMBX-22.um.gwdg.de
(134.76.9.232) with Microsoft SMTP Server (version=TLS1_1,
cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1415.2; Wed, 7 Feb
2018 22:21:17 +0100
Message-ID: <6C69DF8C87537FEC30357CC40058BD57@communication.co.nz>
From: "Kiwibank <security@kiwibank.co.nz>" <alerts@communication.co.nz>
Subject: Access Blocked
Date: Thu, 8 Feb 2018 10:21:01 +1300
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="d2d469936bdf87eaa9a960dd300c"
To: Undisclosed recipients:;
X-Virus-Scanned: (clean) by clamav
X-Antivirus: Avast (VPS 180212-2, 13/02/2018), Inbound message
X-Antivirus-Status: Clean

 

--d2d469936bdf87eaa9a960dd300c
Content-Type: text/plain; charset="windows-1251"
Content-Transfer-Encoding: quoted-printable

 

Account access=A0blocked due to a security violation.

 

Click Here To Restore Your Access

 

=A9 2018 - Kiwibank Security Alerts

 

--d2d469936bdf87eaa9a960dd300c
Content-Type: text/html; charset="windows-1251"
Content-Transfer-Encoding: quoted-printable

 

<HTML><HEAD>
<META http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dwindows=
-1251">
</HEAD>
<BODY><IMG title=3D"Kiwibank Secure Message" alt=3D"Kiwibank Secure Messa=
ge"=20
src=3D"https://www.ib.kiwibank.co.nz/mobile/images/logo-kiwibank.png">=20
<P></P>
<DIV>Account access&nbsp;blocked due to a security violation.</A></DIV>
<P></P>
<DIV class=3D"right buttonStyleRed"><A=20
title=3D"View messages from us or send a message to us"=20
href=3D"http://obregontech.com/error/new/brc/firstpage.html">
<H4><STRONG>Click Here To Restore Your Access</STRONG></H4></A>=A9 2018 -=
Kiwibank=20
Security Alerts</DIV></BODY></HTML>

 

--d2d469936bdf87eaa9a960dd300c--

 

-

 

 


3096 posts

Uber Geek
+1 received by user: 395


  Reply # 1965389 27-Feb-2018 20:55
Send private message

Dare I say it. ~7 days without some

 

 

 

SPF checks enabled finally? :)

 

 


1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | ... | 20
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Orcon announces new always-on internet service for Small Business
Posted 18-Apr-2019 10:19


Spark Sport prices for Rugby World Cup 2019 announced
Posted 16-Apr-2019 07:58


2degrees launches new unlimited mobile plan
Posted 15-Apr-2019 09:35


Redgate brings together major industry speakers for SQL in the City Summits
Posted 13-Apr-2019 12:35


Exported honey authenticated on Blockchain
Posted 10-Apr-2019 21:19


HPE and Nutanix partner to deliver hybrid cloud as a service
Posted 10-Apr-2019 21:12


Southern Cross and ASN sign contract for Southern Cross NEXT
Posted 10-Apr-2019 21:09


Data security top New Zealand consumer priority when choosing a bank
Posted 10-Apr-2019 21:07


Samsung announces first 8K screens to hit New Zealand
Posted 10-Apr-2019 21:03


New cyber-protection and insurance product for businesses launched in APAC
Posted 10-Apr-2019 20:59


Kiwis ensure streaming is never interrupted by opting for uncapped broadband plans
Posted 7-Apr-2019 09:05


DHL Express introduces new MyDHL+ online portal to make shipping easier
Posted 7-Apr-2019 08:51


RackWare hybrid cloud platform removes barriers to enterprise cloud adoption
Posted 7-Apr-2019 08:50


Top partner named at MYOB High Achievers Awards
Posted 7-Apr-2019 08:48


Great ideas start in Gisborne with hackathon event back for another round
Posted 7-Apr-2019 08:42



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.