Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15
1101
3054 posts

Uber Geek


  #2233008 8-May-2019 14:14
Send private message

I have to ask, why cant SMX filter out spoofed email claiming to be from @xtra.co.nz

 

 

Surely to god that would be the easiest thing to filter/block ?

 

Please , can we get that implemented ?

Affiliate link
 
 
 

Affiliate link: You will find anything you want at MightyApe.
cheshirecat
36 posts

Geek


#2233146 8-May-2019 17:12
Send private message

1101: I have to ask, why cant SMX filter out spoofed email claiming to be from @xtra.co.nz Surely to god that would be the easiest thing to filter/block ?

 

You would think so, but actually it's not so simple (nothing ever is). 

 

I assume you're referring to the case where the Envelope sender is for a valid external domain that passes SPF, but the From header has been set to an @xtra address?  The problem with this is that, if all incoming mails of this sort were dropped, you'd break many mailing lists.  There are valid scenari where the From header holds a different address to the sending domain - the RFC states that in this case, the Sender header should be set appropriately, but many mailing lists do not do this. In any case, DMARC gets broken whichever way you do it.  Dropping legitimate messages for false-positive is seen as worse than accidentally letting some spam through, and so the rule err on the side of caution.

 

If you want, you could set up your own filter rule (do this via webmail) to delete or quarantine messages with '@xtra.co.nz' in the From header and 'mx.xtra.co.nz' in the Received header (this excludes direct messages form other Xtra users).  This should catch all the messages with spoofed From headers, but be warned that it will also potentially catch mailing list messages and other bulk or automated messages that you may want.  Consider adding a test that the Header 'Sender' does not exist as well, and excluding any other special cases.  Initially you'd want to just flag the messages rather than delete until you're sure you have a working rule.

 

 

 

 

 

 

 

 

 

 

 

 

 

 


lisati
62 posts

Master Geek


  #2233203 8-May-2019 18:09
Send private message

Hammerer:
cheshirecat:

 

Making value judgements (e.g. "is this spam?") is notoriously difficult for AI to do accurately, the Xtra filters are actually catching a huge amount that you don't see and only a small fraction are getting through.

 



Xtra mail also bounces most of my emails from gmail/hotmail so that I now don't bother responding to email from xtra addresses - mainly elderly relatives.

 

One answer I got from Spark a few months back was to have the Xtra customer log in to webmail, and add your email address to their Xtra address book. This also sometimes seems to work if you're running into problems forwarding mail to the DIA or spamcop from your Xtra account.




lisati
62 posts

Master Geek


  #2233204 8-May-2019 18:12
Send private message

It's been a while since I've checked in. Here's a tip or two for filters (e.g. move to a folder, reject with reason):

 

  • Uncheck the "Process subsequent rules" checkbox when creating the rule
  • Move the rule so it gets processed before any rules that have the "process subsequent rules" checked

 


1101
3054 posts

Uber Geek


  #2233475 9-May-2019 09:02
Send private message

cheshirecat: If you want, you could set up your own filter rule (do this via webmail)

 

 

 

 

Im not worried about a few spams getting through :-)

 

You could argue (I would), since this @xtra is really for personal , NOT business email, it shouldnt be used for bulk emails sent via a 3rd party system. And so email spoofing should be blocked .

cheshirecat
36 posts

Geek


  #2233866 9-May-2019 17:09
Send private message

lisati:

 

One answer I got from Spark a few months back was to have the Xtra customer log in to webmail, and add your email address to their Xtra address book. This also sometimes seems to work if you're running into problems forwarding mail to the DIA or spamcop from your Xtra account.

 

 

This is correct; addresses in your address book are given a positive score when calculating the chance of the message being spam.

 

1101:

 

You could argue (I would), since this @xtra is really for personal , NOT business email, it shouldnt be used for bulk emails sent via a 3rd party system. And so email spoofing should be blocked .

 

 

Unfortunately there is a huge range of subscribers to Xtramail, spanning home users, hobbyists, and businesses.  Some use mailing lists and subscribe to bulk notifications from various businesses.  It is impossible to make any useful generalisation about Xtramail users as they span all of the different groups in our population; you can't even say they live in New Zealand as some live overseas for parts of the year, and many go on holiday all over the world.

 

 

 

 

 

 

 

 

 

 

 

 

 

 


  #2261479 20-Jun-2019 12:58
Send private message

@hio77 , Had this come through today.

 

 

 

 

 

 

 

Return-Path: <rfcouch@xtra.co.nz>
Received: from 10.23.40.101 ([10.23.30.21])
by 10.23.40.245 with LMTP id uNsdJhqzCl1WLwAADFX+yw
; Wed, 19 Jun 2019 22:11:38 +0000
Received: from 10.23.30.43 ([10.23.30.21])
by 10.23.40.101 with LMTP id 4MDUJRqzCl2XFwAAq/qbSg
; Wed, 19 Jun 2019 22:11:38 +0000
Received: from xtra.co.nz ([10.23.30.21])
by 10.23.30.43 with LMTP id 2EY0JRqzCl3RFAAAu83VPg
; Wed, 19 Jun 2019 22:11:38 +0000
Received: from internal ([10.23.30.56]) by xtra.co.nz with ESMTP
id 5D0AB313-8CEA1DA5@mta2306; Wed, 19 Jun 2019 22:11:34 +0000
DKIM-Signature: v=1; a=rsa-sha256; d=xtra.co.nz; s=alpha; c=relaxed/relaxed;
q=dns/txt; i=@xtra.co.nz; t=1560982288;
h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc;
bh=pJqqTZAys3OTIWrN4tdGDOxbCvmJqUQJhgRhUJmeZqY=;
b=HR6WSo2gcP5FtAKUu+pObTXVvD1CjzI+r7WCD9Lg1NwxNvRakGJG8+N/BaCOgDqk
v7K5kYB5rXnxjPmxiQDRLAEEg6XvkXAYiDJ2S5/iKWK7VkUckFQ8CvMqxBl5o2H1
VeOt48G+PiYLZJ1UkuKxE8aP+0UIVh2myAaEFHoaymU=;
SMX-S1C:
SMX-S1V:
SMX-S1S:
Received: from [10.23.30.21] by shared.xtra.co.nz with ESMTP
id 5D0AB30D-E35B0D6D@mta2306.omr;
Wed, 19 Jun 2019 22:11:28 +0000
Date: Thu, 20 Jun 2019 10:11:23 +1200 (NZST)
From: SparkTM <rfcouch@xtra.co.nz>
Message-ID: <290413481.1543424.1560982283925@webmail.xtra.co.nz>
Subject: Re :
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_1543422_1342856324.1560982283897"
X-Priority: 3
Importance: Medium
X-Mailer: Open-Xchange Mailer v7.8.4-Rev41
X-Originating-Client: open-xchange-appsuite

 

------=_Part_1543422_1342856324.1560982283897
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit 

 

Dear Customer,
Important notification available on your SparkEmail .

 

To view it please click on the link below .

 

Acces to your account https://qhsb.com.my/zab.html

 

Sincerely,
SparkTM

 

 





Ding Ding Ding Ding Ding : Ice cream man , Ice cream man




hio77
'That VDSL Cat'
12970 posts

Uber Geek

ID Verified
Trusted
Voyager
Subscriber

  #2261489 20-Jun-2019 14:02
Send private message

The other cat will likely see this :)

 

 

 

Just another phishing attempt. Hit the report spam button





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 


eracode
Smpl Mnmlst
6382 posts

Uber Geek

Subscriber

  #2261501 20-Jun-2019 14:28
Send private message

hio77:

The other cat will likely see this :)


 


Just another phishing attempt. Hit the report spam button



I received it too. Reported as spam and blacklisted.

Had a similar one yesterday purporting to be from Apple.




Sometimes I just sit and think. Other times I just sit.


eracode
Smpl Mnmlst
6382 posts

Uber Geek

Subscriber

  #2261505 20-Jun-2019 14:39
Send private message

hio77:

The other cat will likely see this :)


 


Just another phishing attempt. Hit the report spam button



Does marking as spam get noticed &/or actioned by xtra - or just at the user’s device end? Sorry have no idea how these things work.




Sometimes I just sit and think. Other times I just sit.


cheshirecat
36 posts

Geek


  #2261651 20-Jun-2019 20:55
Send private message

eracode: Does marking as spam get noticed &/or actioned by xtra - or just at the user’s device end? Sorry have no idea how these things work.

 

If you 'Mark as Spam' then the notification will automatically feed back into the Spam analysis system and help detect future spams.  So don't do it as a replacement for the delete button, only if it is really UCE

 

Specifically Spark-targetted phishing emails can be reported to the Spark service desk as they might originate from compromised Xtra accounts, and Spark should probably know about any attacks targetting their customers.

 

I believe that there are other processes in action that are working to target and prevent this sort of phishing spam in the future, though it would be hard with emails like the one above that appears to have originated on webmail from a compromised account, but sadly I am not able to go into details here

 

 

  #2261721 21-Jun-2019 05:07
Send private message

so what do you do about emails that end up in your spam folder, you cant report them as spam and they just keep coming.....

 

 


cheshirecat
36 posts

Geek


  #2261723 21-Jun-2019 05:16
Send private message

Jase2985:

 

so what do you do about emails that end up in your spam folder, you cant report them as spam and they just keep coming.....

 

 

Mails in your spam folder have already been identified as spam, though they are in the 'probably spam' category rather than the 'definitely spam' category (which are already discarded).  The spam folder is intended to help you identify false-positives, just in case there is an error.  If you're confident (or reckless) like I am, you'll just ignore the spam folder entirely.

 

False-negatives are when the spam ends up in your Inbox - these, you use the Spam button to report, so that the algorithms can be improved.

 

I know the spam just keeps coming.  At least almost all of it is filtered out by the system before hitting the inbox.  If you know any way to stop them sending it, please let us all know :(

 

 

1101
3054 posts

Uber Geek


  #2261831 21-Jun-2019 10:35
Send private message

For those of us not using webmail

 

Is there anyway to stop email going into the spam filter ?
Those using POP3, dont get to see whats in the spam folder

Id rather get a few more spams than have legit email go to the unseen(POP3) spam folder .
Or do I just need to use IMAP instead & also sync the (webmails)spam folder ?

 

 


cheshirecat
36 posts

Geek


  #2262202 21-Jun-2019 20:17
Send private message

1101:

 

Is there anyway to stop email going into the spam filter ?
Those using POP3, dont get to see whats in the spam folder

 

 

The system sends "probable spam" into the Spam folder by default.  This is email that previously would have been dropped, but now is put into the Spam folder for you to optionally review, before it is autodeleted after a couple of weeks.

 

Of course, only webmail and IMAP users can see the spam folder as POP3 does not have the concept of folders.  So, if you're using POP3 but want to see these mails, you have a problem.

 

Options -

 

  • Just forget about them.  They are probably spam anyway.
  • Switch to using IMAP - its a better protocol anyway
  • Use POP3 normally, but every so often (weekly?) go onto webmail to review the spam folder content
  • Set up a custom filter (using webmail) to catch messages with the spam flag, and then move them into the INBOX (and probably tag them in some way else you'll be getting lots of spam in your inbox).  This is a bit awkward as they are hard to identify.

 

 

 

 

 

1 | ... | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Belkin Screenforce Tempered Glass Screen Protector and Bumper - Apple Watch
Posted 15-Aug-2022 17:20


Samsung Introducing Galaxy Z Flip4 and Galaxy Z Fold4
Posted 11-Aug-2022 01:00


Samsung Unveils Health Innovations with Galaxy Watch5 and Galaxy Watch5 Pro
Posted 11-Aug-2022 01:00


Google Bringing First Cloud Region to Aotearoa New Zealand
Posted 10-Aug-2022 08:51


ANZ To Move to FIS Modern Banking Platform
Posted 10-Aug-2022 08:28


GoPro Hero10 Black Review
Posted 8-Aug-2022 17:41


Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41


Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04


Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50


Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54


Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50


Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48


NCR Delivers Services to Run Bank of New Zealand ATM Network
Posted 30-Jul-2022 11:06


New HP Portfolio Supports New Era of Hybrid Work
Posted 28-Jul-2022 17:14


Harman Kardon Launches Citation MultiBeam 1100 Soundbar
Posted 28-Jul-2022 17:10









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac