Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | ... | 20
hio77
'That VDSL Cat'
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks
Subscriber

  #1947267 26-Jan-2018 17:43
Send private message

hey folks,

 

 

 

I'd like to direct your attention to a new button!

 

 

 

 

This simplifies the process of reporting spam (previously it was handled by dragging into junk which isn't as easily picked up on)

 

 

 

 

 

Step in the right direction, I'm very aware there is alot of push still on this end to work further on the spam filtering.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 




FOCUS0
64 posts

Master Geek


  #1947293 26-Jan-2018 19:07

Thanks for the update,

 

I have been looking at the regex condition and it is quite powerful - if you understand what it can do.

 

None of the Open-Exchange documentation I came across said how to use it fully apart from the OR ( | ) example 

 

It has the capability to test HTML - which is what I wanted 

 

 

 

Here's a wiki page dedicated to it https://en.wikipedia.org/wiki/Regular_expression

 

 

 

Cheers

 

Al

 

 


pillmonsta
73 posts

Master Geek
Inactive user


  #1947300 26-Jan-2018 19:25
Send private message

hio77:

 

hey folks,

 

 

 

I'd like to direct your attention to a new button!

 

"snip"

 

 

 

This simplifies the process of reporting spam (previously it was handled by dragging into junk which isn't as easily picked up on)

 

 

hio77:

 

Step in the right direction, I'm very aware there is alot of push still on this end to work further on the spam filtering.

 

Haha when I hit reply to post I'd only read the top line "I'd like to direct your attention to a new button!" - My initial response was going be "A new spam filter would be better" :P

 

Then I saw the last sentence :)  It's a step forward at least, good to know the cries of the people are being heard. :)

 

 

 

 

 

P.S any word on that other thing?

 

 

 

 




lisati
63 posts

Master Geek


  #1947327 26-Jan-2018 20:34
Send private message

hio77:

 

hey folks,

 

 

 

I'd like to direct your attention to a new button!

 

<snip>

 

Step in the right direction, I'm very aware there is alot of push still on this end to work further on the spam filtering.

 

 

Agreed, a step in the right direction. Showing in Xtramail, but not (yet) showing in Spark Business mail (also on the Open Exchange platform). There are, however, a few bells and whistles available to Business Mail users that aren't available to Xtra users.

 

I'm a bit wary of the "Reject with reason" option - as much as I like the idea, informal tests I've done suggest that it's a good way of creating backscatter.


nunz
1421 posts

Uber Geek
Inactive user


  #1952156 5-Feb-2018 19:18
Send private message

Still on topic - sort of.

 

I have a client who is getting continually banned from his @xtra email as he has had lots of emails from his address binned as spam by xtra users.  The problem is he didn;t send the emails - so they must be spoofed from an external spammer but SMX is letting them through, accepting people marking him as a spammer and then banning him from using his own email.

 

 

 

1 - Ive been through all his devices, his web mail etc - there is zero evidence of any spam being sent in fact there would be a total of less than 50 emails in the last 5 - 6 weeks. Most to the same 10 people to complete a transaction. None are @xtra users he has sent to. This points to the spam being supposedly received from him being spoofed.

 

2- SMX should be junking emails from @xtra that dont come from their servers or at least have some kind of very strong dmarc / spf etc running to prevent spoofing.

 

3 - Spoofed addresses should be binned before they get to end users. With authenticated / encrypted smtp no @xtra email should come from 3rd party servers

 

4 - I understand SMX have guaranteed spam rates of less than 2 per 100k - they seem to be failing miserably at achieving this.

 

5 - SMX trying to achieve their guarenteed spam rates have dumped truckloads of legitimate emails but seem to be completely allowing low level easily filtered crud through.

 

 

 

 


lisati
63 posts

Master Geek


  #1952261 6-Feb-2018 07:26
Send private message

In one of my more recent interactions with SMX (haven't done so for a while) I got the sense that they thought that I was the spammer. I wouldn't be surprised if someone (or something) at their end is giving greater weight to "from" addresses and other easily forged details than would be justifiied.


Oblivian
7285 posts

Uber Geek

ID Verified

  #1953530 8-Feb-2018 10:44
Send private message

Hands up who has had a 'Access Blocked' Email around 10am pretty much every day for the past week from 'Kiwibank' spoofed .co.nz addresses with similar text in each message that would capture all..

 

*raises hand*

 

Do they even send mail to customers from the primary domain?.. like, could from:*@kiwibank.co.nz itself be binned and save everyone marking them daily...

 

 

 

 


lisati
63 posts

Master Geek


  #1953548 8-Feb-2018 11:12
Send private message

Oblivian:

 

Hands up who has had a 'Access Blocked' Email around 10am pretty much every day for the past week from 'Kiwibank' spoofed .co.nz addresses with similar text in each message that would capture all..

 

*raises hand*

 

Do they even send mail to customers from the primary domain?.. like, could from:*@kiwibank.co.nz itself be binned and save everyone marking them daily...

 

 

 

 

 

 

*raises hand* - had "Access blocked" come in this morning, another "Kiwibank Alert- Unlock your access" yesterday, and another "Access blocked" on the 6th. All have been reported via Spamcop and assorted other reporting agencies (including Kiwibank), and moved to the Spam folder.

 

I haven't looked for a pattern in the source of the last lot yet.

 

I receive genuine emails from Kiwibank with the kiwibank.co.nz domain, but to an email address other than the one receiving the phishing attempts. The handful of phishing attempts I've actually looked at have been done in a way so it appears like the emails are coming from kiwibank.co.nz when viewed in Thunderbird or Webmail, but the (probably faked) "From" address is actually another domain.

 

Update (Correction): the latest phishing attempts I've received use a (probably faked) communication.co.nz email address, disguised to display as a kiwibank.co.nz address.

 

 


Oblivian
7285 posts

Uber Geek

ID Verified

  #1953575 8-Feb-2018 11:58
Send private message

Sounds very much like nearly every address is getting the same one then.

 

And yes, although from a NZ source (display as kiwibank) the messages themselves are originating from Brazil VPS server via Germany - same as I earlier indicated with the Blackhat SEO guys too. Fire up free trail VPS, spam to your hearts content. Fall off the face of the earth.

 

If anything protection should be starting even at that level..

 

 

 

Received: from excmbx-22......de ([134.76.....] helo=email.gwdg.de)
by mailer.gwdg.de with esmtp (Exim 4.80)
(envelope-from <.communication.co.nz>)
id 1ejXAD-0006a1-SP; Wed, 07 Feb 2018 22:21:57 +0100
Received: from .virtua.com.br (179.218...) by EXCMBX-22.um.gwdg.de

 

Spamcop filters the same info, MX makes it look better

 

https://mxtoolbox.com/EmailHeaders.aspx 


1101
3121 posts

Uber Geek


  #1953726 8-Feb-2018 16:37
Send private message

Oblivian:

 

Sounds very much like nearly every address is getting the same one then.

 

And yes, although from a NZ source (display as kiwibank) the messages themselves are originating from Brazil VPS server via Germany

 

 

Isnt this the sort of thing any commercial spam filtering service should block?
greylisting, spf & ptr checks ...... Nope

Its like they arnt really trying to block OBVIOUS spam & scams .


Oblivian
7285 posts

Uber Geek

ID Verified

  #1953734 8-Feb-2018 16:50
Send private message

1101:

 

Oblivian:

 

Sounds very much like nearly every address is getting the same one then.

 

And yes, although from a NZ source (display as kiwibank) the messages themselves are originating from Brazil VPS server via Germany

 

 

Isnt this the sort of thing any commercial spam filtering service should block?
greylisting, spf & ptr checks ...... Nope

Its like they arnt really trying to block OBVIOUS spam & scams .

 

 

Now you see why for entertainment factor I have such persistence rather than ignoring the inbox and moving on ;)

 

Fun to pick holes at how slap-in-the-face some of the technical checks are failing.

 

/edit.. I thought the .br domain was familiar looking from other messages..

 

https://isc.sans.edu/forums/diary/Is+a+telco+in+Brazil+hosting+an+epidemic+of+open+SOCKS+proxies/22956/ 


lisati
63 posts

Master Geek


  #1956471 13-Feb-2018 17:13
Send private message

Just a friendly reminder, don't blindly reply to spam requesting unsubscription from the mailing list. I've had a couple of unsubscribe requests come my way via mailing lists used by spammers. Off to Spamcop go the copies of the offending spam message, and the unsubscribe requests too.


hio77
'That VDSL Cat'
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks
Subscriber

  #1956478 13-Feb-2018 17:21
Send private message

1101:

 

Oblivian:

 

Sounds very much like nearly every address is getting the same one then.

 

And yes, although from a NZ source (display as kiwibank) the messages themselves are originating from Brazil VPS server via Germany

 

 

Isnt this the sort of thing any commercial spam filtering service should block?
greylisting, spf & ptr checks ...... Nope

Its like they arnt really trying to block OBVIOUS spam & scams .

 

 

if examples of this are here, Please pass to me and i'll get them through to the guys..

 

 

 

Will need the details including Headers, Example emails, Target email etc.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 


Oblivian
7285 posts

Uber Geek

ID Verified

  #1956590 13-Feb-2018 20:44
Send private message

hio77:

 

1101:

 

Oblivian:

 

Sounds very much like nearly every address is getting the same one then.

 

And yes, although from a NZ source (display as kiwibank) the messages themselves are originating from Brazil VPS server via Germany

 

 

Isnt this the sort of thing any commercial spam filtering service should block?
greylisting, spf & ptr checks ...... Nope

Its like they arnt really trying to block OBVIOUS spam & scams .

 

 

if examples of this are here, Please pass to me and i'll get them through to the guys..

 

 

 

Will need the details including Headers, Example emails, Target email etc.

 

 

 

 

Been using the web-flag option/drag to spam from SMTP if it makes a difference already..

 

But the one in particular we mentioned here which stood out to multiples.. (hopefully noone is silly enough to click and it doesn't breach anything...)

 

 

Return-Path: <alerts@communication.co.nz>
Received: from 10.23.40.103 ([10.23.30.4])
by 10.23.40.246 with LMTP id EDZAKfxte1rHUAAAOkX3FQ
; Wed, 07 Feb 2018 21:22:04 +0000
Received: from 10.23.30.46 ([10.23.30.4])
by 10.23.40.103 with LMTP id qOQDKfxte1rVbgAARqWCkg
; Wed, 07 Feb 2018 21:22:04 +0000
Received: from xtra.co.nz ([10.23.30.4])
by 10.23.30.46 with LMTP id uMfBJ/xte1reYQAA/dMj0w
; Wed, 07 Feb 2018 21:22:04 +0000
Received: from mailer.gwdg.de ([134.76.10.26]) by mx.xtra.co.nz with ESMTP
(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384
(256/256 bits)) id 5A7B6DFA-6047011D@mta2308;
Wed, 07 Feb 2018 21:22:03 +0000
Received: from excmbx-22.um.gwdg.de ([134.76.9.232] helo=email.gwdg.de)
by mailer.gwdg.de with esmtp (Exim 4.80)
(envelope-from <alerts@communication.co.nz>)
id 1ejXAD-0006a1-SP; Wed, 07 Feb 2018 22:21:57 +0100
Received: from b3dac851.virtua.com.br (179.218.200.81) by EXCMBX-22.um.gwdg.de
(134.76.9.232) with Microsoft SMTP Server (version=TLS1_1,
cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1415.2; Wed, 7 Feb
2018 22:21:17 +0100
Message-ID: <6C69DF8C87537FEC30357CC40058BD57@communication.co.nz>
From: "Kiwibank <security@kiwibank.co.nz>" <alerts@communication.co.nz>
Subject: Access Blocked
Date: Thu, 8 Feb 2018 10:21:01 +1300
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="d2d469936bdf87eaa9a960dd300c"
To: Undisclosed recipients:;
X-Virus-Scanned: (clean) by clamav
X-Antivirus: Avast (VPS 180212-2, 13/02/2018), Inbound message
X-Antivirus-Status: Clean

 

--d2d469936bdf87eaa9a960dd300c
Content-Type: text/plain; charset="windows-1251"
Content-Transfer-Encoding: quoted-printable

 

Account access=A0blocked due to a security violation.

 

Click Here To Restore Your Access

 

=A9 2018 - Kiwibank Security Alerts

 

--d2d469936bdf87eaa9a960dd300c
Content-Type: text/html; charset="windows-1251"
Content-Transfer-Encoding: quoted-printable

 

<HTML><HEAD>
<META http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dwindows=
-1251">
</HEAD>
<BODY><IMG title=3D"Kiwibank Secure Message" alt=3D"Kiwibank Secure Messa=
ge"=20
src=3D"https://www.ib.kiwibank.co.nz/mobile/images/logo-kiwibank.png">=20
<P></P>
<DIV>Account access&nbsp;blocked due to a security violation.</A></DIV>
<P></P>
<DIV class=3D"right buttonStyleRed"><A=20
title=3D"View messages from us or send a message to us"=20
href=3D"http://obregontech.com/error/new/brc/firstpage.html">
<H4><STRONG>Click Here To Restore Your Access</STRONG></H4></A>=A9 2018 -=
Kiwibank=20
Security Alerts</DIV></BODY></HTML>

 

--d2d469936bdf87eaa9a960dd300c--

 

-

 

 


Oblivian
7285 posts

Uber Geek

ID Verified

  #1965389 27-Feb-2018 20:55
Send private message

Dare I say it. ~7 days without some

 

 

 

SPF checks enabled finally? :)

 

 


1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | ... | 20
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Amazfit Expands Active 2 Lineup with the New Active 2 Square
Posted 23-Jun-2025 14:49


Logitech G522 Gaming Headset Review
Posted 18-Jun-2025 17:00


Māori Artists Launch Design Collection with Cricut ahead of Matariki Day
Posted 15-Jun-2025 11:19


LG Launches Upgraded webOS Hub With Advanced AI
Posted 15-Jun-2025 11:13


One NZ Satellite IoT goes live for customers
Posted 15-Jun-2025 11:10


Bolt Launches in New Zealand
Posted 11-Jun-2025 00:00


Suunto Run Review
Posted 10-Jun-2025 10:44


Freeview Satellite TV Brings HD Viewing to More New Zealanders
Posted 5-Jun-2025 11:50


HP OmniBook Ultra Flip 14-inch Review
Posted 3-Jun-2025 14:40


Flip Phones Are Back as HMD Reimagines an Iconic Style
Posted 30-May-2025 17:06


Hundreds of School Students Receive Laptops Through Spark Partnership With Quadrent's Green Lease
Posted 30-May-2025 16:57


AI Report Reveals Trust Is Key to Unlocking Its Potential in Aotearoa
Posted 30-May-2025 16:55


Galaxy Tab S10 FE Series Brings Intelligent Experiences to the Forefront with Premium, Versatile Design
Posted 30-May-2025 16:14


New OPPO Watch X2 Launches in New Zealand
Posted 29-May-2025 16:08


Synology Premiers a New Lineup of Advanced Data Management Solutions
Posted 29-May-2025 16:04









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.