Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | ... | 20
'That VDSL Cat'
10207 posts

Uber Geek
+1 received by user: 2450

Trusted
Spark
Subscriber

  # 1947267 26-Jan-2018 17:43
One person supports this post
Send private message

hey folks,

 

 

 

I'd like to direct your attention to a new button!

 

 

 

 

This simplifies the process of reporting spam (previously it was handled by dragging into junk which isn't as easily picked up on)

 

 

 

 

 

Step in the right direction, I'm very aware there is alot of push still on this end to work further on the spam filtering.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


64 posts

Master Geek
+1 received by user: 3


  # 1947293 26-Jan-2018 19:07

Thanks for the update,

 

I have been looking at the regex condition and it is quite powerful - if you understand what it can do.

 

None of the Open-Exchange documentation I came across said how to use it fully apart from the OR ( | ) example 

 

It has the capability to test HTML - which is what I wanted 

 

 

 

Here's a wiki page dedicated to it https://en.wikipedia.org/wiki/Regular_expression

 

 

 

Cheers

 

Al

 

 


 
 
 
 


73 posts

Master Geek
+1 received by user: 16
Inactive user


  # 1947300 26-Jan-2018 19:25
Send private message

hio77:

 

hey folks,

 

 

 

I'd like to direct your attention to a new button!

 

"snip"

 

 

 

This simplifies the process of reporting spam (previously it was handled by dragging into junk which isn't as easily picked up on)

 

 

hio77:

 

Step in the right direction, I'm very aware there is alot of push still on this end to work further on the spam filtering.

 

Haha when I hit reply to post I'd only read the top line "I'd like to direct your attention to a new button!" - My initial response was going be "A new spam filter would be better" :P

 

Then I saw the last sentence :)  It's a step forward at least, good to know the cries of the people are being heard. :)

 

 

 

 

 

P.S any word on that other thing?

 

 

 

 


60 posts

Master Geek
+1 received by user: 3


  # 1947327 26-Jan-2018 20:34
Send private message

hio77:

 

hey folks,

 

 

 

I'd like to direct your attention to a new button!

 

<snip>

 

Step in the right direction, I'm very aware there is alot of push still on this end to work further on the spam filtering.

 

 

Agreed, a step in the right direction. Showing in Xtramail, but not (yet) showing in Spark Business mail (also on the Open Exchange platform). There are, however, a few bells and whistles available to Business Mail users that aren't available to Xtra users.

 

I'm a bit wary of the "Reject with reason" option - as much as I like the idea, informal tests I've done suggest that it's a good way of creating backscatter.


1363 posts

Uber Geek
+1 received by user: 281

Subscriber

  # 1952156 5-Feb-2018 19:18
One person supports this post
Send private message

Still on topic - sort of.

 

I have a client who is getting continually banned from his @xtra email as he has had lots of emails from his address binned as spam by xtra users.  The problem is he didn;t send the emails - so they must be spoofed from an external spammer but SMX is letting them through, accepting people marking him as a spammer and then banning him from using his own email.

 

 

 

1 - Ive been through all his devices, his web mail etc - there is zero evidence of any spam being sent in fact there would be a total of less than 50 emails in the last 5 - 6 weeks. Most to the same 10 people to complete a transaction. None are @xtra users he has sent to. This points to the spam being supposedly received from him being spoofed.

 

2- SMX should be junking emails from @xtra that dont come from their servers or at least have some kind of very strong dmarc / spf etc running to prevent spoofing.

 

3 - Spoofed addresses should be binned before they get to end users. With authenticated / encrypted smtp no @xtra email should come from 3rd party servers

 

4 - I understand SMX have guaranteed spam rates of less than 2 per 100k - they seem to be failing miserably at achieving this.

 

5 - SMX trying to achieve their guarenteed spam rates have dumped truckloads of legitimate emails but seem to be completely allowing low level easily filtered crud through.

 

 

 

 





nunz

60 posts

Master Geek
+1 received by user: 3


  # 1952261 6-Feb-2018 07:26
Send private message

In one of my more recent interactions with SMX (haven't done so for a while) I got the sense that they thought that I was the spammer. I wouldn't be surprised if someone (or something) at their end is giving greater weight to "from" addresses and other easily forged details than would be justifiied.


3170 posts

Uber Geek
+1 received by user: 412


  # 1953530 8-Feb-2018 10:44
One person supports this post
Send private message

Hands up who has had a 'Access Blocked' Email around 10am pretty much every day for the past week from 'Kiwibank' spoofed .co.nz addresses with similar text in each message that would capture all..

 

*raises hand*

 

Do they even send mail to customers from the primary domain?.. like, could from:*@kiwibank.co.nz itself be binned and save everyone marking them daily...

 

 

 

 


60 posts

Master Geek
+1 received by user: 3


  # 1953548 8-Feb-2018 11:12
Send private message

Oblivian:

 

Hands up who has had a 'Access Blocked' Email around 10am pretty much every day for the past week from 'Kiwibank' spoofed .co.nz addresses with similar text in each message that would capture all..

 

*raises hand*

 

Do they even send mail to customers from the primary domain?.. like, could from:*@kiwibank.co.nz itself be binned and save everyone marking them daily...

 

 

 

 

 

 

*raises hand* - had "Access blocked" come in this morning, another "Kiwibank Alert- Unlock your access" yesterday, and another "Access blocked" on the 6th. All have been reported via Spamcop and assorted other reporting agencies (including Kiwibank), and moved to the Spam folder.

 

I haven't looked for a pattern in the source of the last lot yet.

 

I receive genuine emails from Kiwibank with the kiwibank.co.nz domain, but to an email address other than the one receiving the phishing attempts. The handful of phishing attempts I've actually looked at have been done in a way so it appears like the emails are coming from kiwibank.co.nz when viewed in Thunderbird or Webmail, but the (probably faked) "From" address is actually another domain.

 

Update (Correction): the latest phishing attempts I've received use a (probably faked) communication.co.nz email address, disguised to display as a kiwibank.co.nz address.

 

 


3170 posts

Uber Geek
+1 received by user: 412


  # 1953575 8-Feb-2018 11:58
One person supports this post
Send private message

Sounds very much like nearly every address is getting the same one then.

 

And yes, although from a NZ source (display as kiwibank) the messages themselves are originating from Brazil VPS server via Germany - same as I earlier indicated with the Blackhat SEO guys too. Fire up free trail VPS, spam to your hearts content. Fall off the face of the earth.

 

If anything protection should be starting even at that level..

 

 

 

Received: from excmbx-22......de ([134.76.....] helo=email.gwdg.de)
by mailer.gwdg.de with esmtp (Exim 4.80)
(envelope-from <.communication.co.nz>)
id 1ejXAD-0006a1-SP; Wed, 07 Feb 2018 22:21:57 +0100
Received: from .virtua.com.br (179.218...) by EXCMBX-22.um.gwdg.de

 

Spamcop filters the same info, MX makes it look better

 

https://mxtoolbox.com/EmailHeaders.aspx 


1728 posts

Uber Geek
+1 received by user: 416


  # 1953726 8-Feb-2018 16:37
One person supports this post
Send private message

Oblivian:

 

Sounds very much like nearly every address is getting the same one then.

 

And yes, although from a NZ source (display as kiwibank) the messages themselves are originating from Brazil VPS server via Germany

 

 

Isnt this the sort of thing any commercial spam filtering service should block?
greylisting, spf & ptr checks ...... Nope

Its like they arnt really trying to block OBVIOUS spam & scams .


3170 posts

Uber Geek
+1 received by user: 412


  # 1953734 8-Feb-2018 16:50
One person supports this post
Send private message

1101:

 

Oblivian:

 

Sounds very much like nearly every address is getting the same one then.

 

And yes, although from a NZ source (display as kiwibank) the messages themselves are originating from Brazil VPS server via Germany

 

 

Isnt this the sort of thing any commercial spam filtering service should block?
greylisting, spf & ptr checks ...... Nope

Its like they arnt really trying to block OBVIOUS spam & scams .

 

 

Now you see why for entertainment factor I have such persistence rather than ignoring the inbox and moving on ;)

 

Fun to pick holes at how slap-in-the-face some of the technical checks are failing.

 

/edit.. I thought the .br domain was familiar looking from other messages..

 

https://isc.sans.edu/forums/diary/Is+a+telco+in+Brazil+hosting+an+epidemic+of+open+SOCKS+proxies/22956/ 


60 posts

Master Geek
+1 received by user: 3


  # 1956471 13-Feb-2018 17:13
One person supports this post
Send private message

Just a friendly reminder, don't blindly reply to spam requesting unsubscription from the mailing list. I've had a couple of unsubscribe requests come my way via mailing lists used by spammers. Off to Spamcop go the copies of the offending spam message, and the unsubscribe requests too.


'That VDSL Cat'
10207 posts

Uber Geek
+1 received by user: 2450

Trusted
Spark
Subscriber

  # 1956478 13-Feb-2018 17:21
Send private message

1101:

 

Oblivian:

 

Sounds very much like nearly every address is getting the same one then.

 

And yes, although from a NZ source (display as kiwibank) the messages themselves are originating from Brazil VPS server via Germany

 

 

Isnt this the sort of thing any commercial spam filtering service should block?
greylisting, spf & ptr checks ...... Nope

Its like they arnt really trying to block OBVIOUS spam & scams .

 

 

if examples of this are here, Please pass to me and i'll get them through to the guys..

 

 

 

Will need the details including Headers, Example emails, Target email etc.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


3170 posts

Uber Geek
+1 received by user: 412


  # 1956590 13-Feb-2018 20:44
Send private message

hio77:

 

1101:

 

Oblivian:

 

Sounds very much like nearly every address is getting the same one then.

 

And yes, although from a NZ source (display as kiwibank) the messages themselves are originating from Brazil VPS server via Germany

 

 

Isnt this the sort of thing any commercial spam filtering service should block?
greylisting, spf & ptr checks ...... Nope

Its like they arnt really trying to block OBVIOUS spam & scams .

 

 

if examples of this are here, Please pass to me and i'll get them through to the guys..

 

 

 

Will need the details including Headers, Example emails, Target email etc.

 

 

 

 

Been using the web-flag option/drag to spam from SMTP if it makes a difference already..

 

But the one in particular we mentioned here which stood out to multiples.. (hopefully noone is silly enough to click and it doesn't breach anything...)

 

 

Return-Path: <alerts@communication.co.nz>
Received: from 10.23.40.103 ([10.23.30.4])
by 10.23.40.246 with LMTP id EDZAKfxte1rHUAAAOkX3FQ
; Wed, 07 Feb 2018 21:22:04 +0000
Received: from 10.23.30.46 ([10.23.30.4])
by 10.23.40.103 with LMTP id qOQDKfxte1rVbgAARqWCkg
; Wed, 07 Feb 2018 21:22:04 +0000
Received: from xtra.co.nz ([10.23.30.4])
by 10.23.30.46 with LMTP id uMfBJ/xte1reYQAA/dMj0w
; Wed, 07 Feb 2018 21:22:04 +0000
Received: from mailer.gwdg.de ([134.76.10.26]) by mx.xtra.co.nz with ESMTP
(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384
(256/256 bits)) id 5A7B6DFA-6047011D@mta2308;
Wed, 07 Feb 2018 21:22:03 +0000
Received: from excmbx-22.um.gwdg.de ([134.76.9.232] helo=email.gwdg.de)
by mailer.gwdg.de with esmtp (Exim 4.80)
(envelope-from <alerts@communication.co.nz>)
id 1ejXAD-0006a1-SP; Wed, 07 Feb 2018 22:21:57 +0100
Received: from b3dac851.virtua.com.br (179.218.200.81) by EXCMBX-22.um.gwdg.de
(134.76.9.232) with Microsoft SMTP Server (version=TLS1_1,
cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1415.2; Wed, 7 Feb
2018 22:21:17 +0100
Message-ID: <6C69DF8C87537FEC30357CC40058BD57@communication.co.nz>
From: "Kiwibank <security@kiwibank.co.nz>" <alerts@communication.co.nz>
Subject: Access Blocked
Date: Thu, 8 Feb 2018 10:21:01 +1300
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="d2d469936bdf87eaa9a960dd300c"
To: Undisclosed recipients:;
X-Virus-Scanned: (clean) by clamav
X-Antivirus: Avast (VPS 180212-2, 13/02/2018), Inbound message
X-Antivirus-Status: Clean

 

--d2d469936bdf87eaa9a960dd300c
Content-Type: text/plain; charset="windows-1251"
Content-Transfer-Encoding: quoted-printable

 

Account access=A0blocked due to a security violation.

 

Click Here To Restore Your Access

 

=A9 2018 - Kiwibank Security Alerts

 

--d2d469936bdf87eaa9a960dd300c
Content-Type: text/html; charset="windows-1251"
Content-Transfer-Encoding: quoted-printable

 

<HTML><HEAD>
<META http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dwindows=
-1251">
</HEAD>
<BODY><IMG title=3D"Kiwibank Secure Message" alt=3D"Kiwibank Secure Messa=
ge"=20
src=3D"https://www.ib.kiwibank.co.nz/mobile/images/logo-kiwibank.png">=20
<P></P>
<DIV>Account access&nbsp;blocked due to a security violation.</A></DIV>
<P></P>
<DIV class=3D"right buttonStyleRed"><A=20
title=3D"View messages from us or send a message to us"=20
href=3D"http://obregontech.com/error/new/brc/firstpage.html">
<H4><STRONG>Click Here To Restore Your Access</STRONG></H4></A>=A9 2018 -=
Kiwibank=20
Security Alerts</DIV></BODY></HTML>

 

--d2d469936bdf87eaa9a960dd300c--

 

-

 

 


3170 posts

Uber Geek
+1 received by user: 412


  # 1965389 27-Feb-2018 20:55
Send private message

Dare I say it. ~7 days without some

 

 

 

SPF checks enabled finally? :)

 

 


1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | ... | 20
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Video game market in New Zealand passes half billion dollar mark
Posted 24-May-2019 16:15


WLG-X festival to celebrate creativity and innovation
Posted 22-May-2019 17:53


HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.