Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand (including Skinny and BigPipe)New Spam getting through my Spark xtra account
View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15
1101
3141 posts

Uber Geek
+1 received by user: 1143


  #2233008 8-May-2019 14:14
Send private message

I have to ask, why cant SMX filter out spoofed email claiming to be from @xtra.co.nz

 

 

Surely to god that would be the easiest thing to filter/block ?

 

Please , can we get that implemented ?



cheshirecat
50 posts

Geek
+1 received by user: 18


#2233146 8-May-2019 17:12
Send private message

1101: I have to ask, why cant SMX filter out spoofed email claiming to be from @xtra.co.nz Surely to god that would be the easiest thing to filter/block ?

 

You would think so, but actually it's not so simple (nothing ever is). 

 

I assume you're referring to the case where the Envelope sender is for a valid external domain that passes SPF, but the From header has been set to an @xtra address?  The problem with this is that, if all incoming mails of this sort were dropped, you'd break many mailing lists.  There are valid scenari where the From header holds a different address to the sending domain - the RFC states that in this case, the Sender header should be set appropriately, but many mailing lists do not do this. In any case, DMARC gets broken whichever way you do it.  Dropping legitimate messages for false-positive is seen as worse than accidentally letting some spam through, and so the rule err on the side of caution.

 

If you want, you could set up your own filter rule (do this via webmail) to delete or quarantine messages with '@xtra.co.nz' in the From header and 'mx.xtra.co.nz' in the Received header (this excludes direct messages form other Xtra users).  This should catch all the messages with spoofed From headers, but be warned that it will also potentially catch mailing list messages and other bulk or automated messages that you may want.  Consider adding a test that the Header 'Sender' does not exist as well, and excluding any other special cases.  Initially you'd want to just flag the messages rather than delete until you're sure you have a working rule.

 

 

 

 

 

 

 

 

 

 

 

 

 

 




Any comments are my own personal opinion and should not be taken to be that of my current or previous employers

 

 

 

 

...

 

lisati
63 posts

Master Geek
+1 received by user: 5


  #2233203 8-May-2019 18:09
Send private message

Hammerer:
cheshirecat:

 

Making value judgements (e.g. "is this spam?") is notoriously difficult for AI to do accurately, the Xtra filters are actually catching a huge amount that you don't see and only a small fraction are getting through.

 



Xtra mail also bounces most of my emails from gmail/hotmail so that I now don't bother responding to email from xtra addresses - mainly elderly relatives.

 

One answer I got from Spark a few months back was to have the Xtra customer log in to webmail, and add your email address to their Xtra address book. This also sometimes seems to work if you're running into problems forwarding mail to the DIA or spamcop from your Xtra account.



lisati
63 posts

Master Geek
+1 received by user: 5


  #2233204 8-May-2019 18:12
Send private message

It's been a while since I've checked in. Here's a tip or two for filters (e.g. move to a folder, reject with reason):

 

  • Uncheck the "Process subsequent rules" checkbox when creating the rule
  • Move the rule so it gets processed before any rules that have the "process subsequent rules" checked

 

1101
3141 posts

Uber Geek
+1 received by user: 1143


  #2233475 9-May-2019 09:02
Send private message

cheshirecat: If you want, you could set up your own filter rule (do this via webmail)

 

 

 

 

Im not worried about a few spams getting through :-)

 

You could argue (I would), since this @xtra is really for personal , NOT business email, it shouldnt be used for bulk emails sent via a 3rd party system. And so email spoofing should be blocked .

cheshirecat
50 posts

Geek
+1 received by user: 18


  #2233866 9-May-2019 17:09
Send private message

lisati:

 

One answer I got from Spark a few months back was to have the Xtra customer log in to webmail, and add your email address to their Xtra address book. This also sometimes seems to work if you're running into problems forwarding mail to the DIA or spamcop from your Xtra account.

 

 

This is correct; addresses in your address book are given a positive score when calculating the chance of the message being spam.

 

1101:

 

You could argue (I would), since this @xtra is really for personal , NOT business email, it shouldnt be used for bulk emails sent via a 3rd party system. And so email spoofing should be blocked .

 

 

Unfortunately there is a huge range of subscribers to Xtramail, spanning home users, hobbyists, and businesses.  Some use mailing lists and subscribe to bulk notifications from various businesses.  It is impossible to make any useful generalisation about Xtramail users as they span all of the different groups in our population; you can't even say they live in New Zealand as some live overseas for parts of the year, and many go on holiday all over the world.

 

 

 

 

 

 

 

 

 

 

 

 

 

 




Any comments are my own personal opinion and should not be taken to be that of my current or previous employers

 

 

 

 

...

 

 
 
 
 

Shop on-line at New World now for your groceries (affiliate link).
JaseNZ
2576 posts

Uber Geek
+1 received by user: 1489

ID Verified
Lifetime subscriber

  #2261479 20-Jun-2019 12:58
Send private message

@hio77 , Had this come through today.

 

 

 

 

 

 

 

Return-Path: <rfcouch@xtra.co.nz>
Received: from 10.23.40.101 ([10.23.30.21])
by 10.23.40.245 with LMTP id uNsdJhqzCl1WLwAADFX+yw
; Wed, 19 Jun 2019 22:11:38 +0000
Received: from 10.23.30.43 ([10.23.30.21])
by 10.23.40.101 with LMTP id 4MDUJRqzCl2XFwAAq/qbSg
; Wed, 19 Jun 2019 22:11:38 +0000
Received: from xtra.co.nz ([10.23.30.21])
by 10.23.30.43 with LMTP id 2EY0JRqzCl3RFAAAu83VPg
; Wed, 19 Jun 2019 22:11:38 +0000
Received: from internal ([10.23.30.56]) by xtra.co.nz with ESMTP
id 5D0AB313-8CEA1DA5@mta2306; Wed, 19 Jun 2019 22:11:34 +0000
DKIM-Signature: v=1; a=rsa-sha256; d=xtra.co.nz; s=alpha; c=relaxed/relaxed;
q=dns/txt; i=@xtra.co.nz; t=1560982288;
h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc;
bh=pJqqTZAys3OTIWrN4tdGDOxbCvmJqUQJhgRhUJmeZqY=;
b=HR6WSo2gcP5FtAKUu+pObTXVvD1CjzI+r7WCD9Lg1NwxNvRakGJG8+N/BaCOgDqk
v7K5kYB5rXnxjPmxiQDRLAEEg6XvkXAYiDJ2S5/iKWK7VkUckFQ8CvMqxBl5o2H1
VeOt48G+PiYLZJ1UkuKxE8aP+0UIVh2myAaEFHoaymU=;
SMX-S1C:
SMX-S1V:
SMX-S1S:
Received: from [10.23.30.21] by shared.xtra.co.nz with ESMTP
id 5D0AB30D-E35B0D6D@mta2306.omr;
Wed, 19 Jun 2019 22:11:28 +0000
Date: Thu, 20 Jun 2019 10:11:23 +1200 (NZST)
From: SparkTM <rfcouch@xtra.co.nz>
Message-ID: <290413481.1543424.1560982283925@webmail.xtra.co.nz>
Subject: Re :
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_1543422_1342856324.1560982283897"
X-Priority: 3
Importance: Medium
X-Mailer: Open-Xchange Mailer v7.8.4-Rev41
X-Originating-Client: open-xchange-appsuite

 

------=_Part_1543422_1342856324.1560982283897
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit 

 

Dear Customer,
Important notification available on your SparkEmail .

 

To view it please click on the link below .

 

Acces to your account https://qhsb.com.my/zab.html

 

Sincerely,
SparkTM

 

 




Ding Ding Ding Ding Ding : Ice cream man , Ice cream man

hio77
'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified
Trusted
Lizard Networks
Subscriber

  #2261489 20-Jun-2019 14:02
Send private message

The other cat will likely see this :)

 

 

 

Just another phishing attempt. Hit the report spam button




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have. 

eracode
Smpl Mnmlst
9334 posts

Uber Geek
+1 received by user: 6203

ID Verified
Trusted
Lifetime subscriber

  #2261501 20-Jun-2019 14:28
Send private message

hio77:

The other cat will likely see this :)


 


Just another phishing attempt. Hit the report spam button



I received it too. Reported as spam and blacklisted.

Had a similar one yesterday purporting to be from Apple.




Sometimes I just sit and think. Other times I just sit.

eracode
Smpl Mnmlst
9334 posts

Uber Geek
+1 received by user: 6203

ID Verified
Trusted
Lifetime subscriber

  #2261505 20-Jun-2019 14:39
Send private message

hio77:

The other cat will likely see this :)


 


Just another phishing attempt. Hit the report spam button



Does marking as spam get noticed &/or actioned by xtra - or just at the user’s device end? Sorry have no idea how these things work.




Sometimes I just sit and think. Other times I just sit.

cheshirecat
50 posts

Geek
+1 received by user: 18


  #2261651 20-Jun-2019 20:55
Send private message

eracode: Does marking as spam get noticed &/or actioned by xtra - or just at the user’s device end? Sorry have no idea how these things work.

 

If you 'Mark as Spam' then the notification will automatically feed back into the Spam analysis system and help detect future spams.  So don't do it as a replacement for the delete button, only if it is really UCE

 

Specifically Spark-targetted phishing emails can be reported to the Spark service desk as they might originate from compromised Xtra accounts, and Spark should probably know about any attacks targetting their customers.

 

I believe that there are other processes in action that are working to target and prevent this sort of phishing spam in the future, though it would be hard with emails like the one above that appears to have originated on webmail from a compromised account, but sadly I am not able to go into details here

 

 




Any comments are my own personal opinion and should not be taken to be that of my current or previous employers

 

 

 

 

...

 

 
 
 
 

Shop now for Lenovo laptops and other devices (affiliate link).
Jase2985
13735 posts

Uber Geek
+1 received by user: 6217

ID Verified
Lifetime subscriber

  #2261721 21-Jun-2019 05:07
Send private message

so what do you do about emails that end up in your spam folder, you cant report them as spam and they just keep coming.....

 

 

cheshirecat
50 posts

Geek
+1 received by user: 18


  #2261723 21-Jun-2019 05:16
Send private message

Jase2985:

 

so what do you do about emails that end up in your spam folder, you cant report them as spam and they just keep coming.....

 

 

Mails in your spam folder have already been identified as spam, though they are in the 'probably spam' category rather than the 'definitely spam' category (which are already discarded).  The spam folder is intended to help you identify false-positives, just in case there is an error.  If you're confident (or reckless) like I am, you'll just ignore the spam folder entirely.

 

False-negatives are when the spam ends up in your Inbox - these, you use the Spam button to report, so that the algorithms can be improved.

 

I know the spam just keeps coming.  At least almost all of it is filtered out by the system before hitting the inbox.  If you know any way to stop them sending it, please let us all know :(

 

 




Any comments are my own personal opinion and should not be taken to be that of my current or previous employers

 

 

 

 

...

 

1101
3141 posts

Uber Geek
+1 received by user: 1143


  #2261831 21-Jun-2019 10:35
Send private message

For those of us not using webmail

 

Is there anyway to stop email going into the spam filter ?
Those using POP3, dont get to see whats in the spam folder

Id rather get a few more spams than have legit email go to the unseen(POP3) spam folder .
Or do I just need to use IMAP instead & also sync the (webmails)spam folder ?

 

 

cheshirecat
50 posts

Geek
+1 received by user: 18


  #2262202 21-Jun-2019 20:17
Send private message

1101:

 

Is there anyway to stop email going into the spam filter ?
Those using POP3, dont get to see whats in the spam folder

 

 

The system sends "probable spam" into the Spam folder by default.  This is email that previously would have been dropped, but now is put into the Spam folder for you to optionally review, before it is autodeleted after a couple of weeks.

 

Of course, only webmail and IMAP users can see the spam folder as POP3 does not have the concept of folders.  So, if you're using POP3 but want to see these mails, you have a problem.

 

Options -

 

  • Just forget about them.  They are probably spam anyway.
  • Switch to using IMAP - its a better protocol anyway
  • Use POP3 normally, but every so often (weekly?) go onto webmail to review the spam folder content
  • Set up a custom filter (using webmail) to catch messages with the spam flag, and then move them into the INBOX (and probably tag them in some way else you'll be getting lots of spam in your inbox).  This is a bit awkward as they are hard to identify.

 

 

 

 

 




Any comments are my own personal opinion and should not be taken to be that of my current or previous employers

 

 

 

 

...

 

1 | ... | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright