|
Speaking as someone who has run Exchange since 1994, i can tell you it is a pretty complex subject. It's a whole science. The technology is always changing, the criminals are finding new ways to try and exploit people. It's a war.
It's a war I mean to win.
But you have to keep on top of your edge firewalls, examine logs daily. DKIM and SPF are critical. Careful configuration of DNS based blacklists are critical.
99.99% of spam is dropped by simply blocking non-conforming inbound messages. I then have my firewall block their subnets for a year to cut the noise traffic.
Right this minute I have over 1/2 million subnets blocked on an edge firewall... All of that is totally automated but I have to keep on top of it to make sure nothing gets through.
On our entire infrastructure, I can remember getting 1 spam email in the last 2 months. (the firewall drops about 1 a second).
|
|
|
|
|
This is my GMail account, don't think I have all those options (or want to get that deep into it)
|
|
|
|
|
Hi Sander,
That is really odd. I have had a Gmail account from more or less when they became available ( 15 odd years ago or so ) and I have to say Gmail has always been quite good at blocking spam etc... Something slips through every now and again bit it is very rare. I wonder why yours might be doing so much worse.
Every now and again I have look at the spam folder just to see how many Nigerian princes are willing to share hidden funds with me, after paying a certain amount of money to get access to them of course.
|
|
|
|
|
Yeah, me too.
GMail is pretty good, but since a while, about four a day slip through.
It happens more often, but never more than a few days so this has been going on far longer than usual.
There's still a good chance it will just stop at some time though.
|
|
|
|
|
The other problem is, GMail blocks emails that aren't spam. I used to get 40-50 spam emails a day although it's dropped to 20-30 in CoViD-19. (Why?)
Maybe 4 or 5 a week would be emails which should have got through.
So I check my GMail spam folder every day.
|
|
|
|
|
I read ALL my mail, so if I get a spam message my spam folder will go to the top and show (x) unread emails.
For some reason, almost all my Microsoft/Azure/DevOps newsletters are spam so I whitelisted the Microsoft domain.
Other than that it rarely happens though.
Four to five a week sounds like a lot, are they from the same person/company?
If so, consider whitelisting them.
|
|
|
|
|
All I can say is don't bother setting up rules if you're using Windows 10's built-in email client. I don't know how Microsoft can claim it works at all.
|
|
|
|
|
I have the same experience. Windows 10 Outlook NEVER properly handles spam. It allows dumb stuff through and filters out emails from people's email addresses that I've authorized/white listed. Fairly worthless spam filtering!
|
|
|
|
|
I would be curious what the domain was for your spam you are talking about.
I've gotten to the point where I can recognize a "NameCheap.com" spam without even doing a Whois on it.
Did it come from a .info, .xyz, .pw domain for example?
You need to 100% block ALL of those - permanently. They are 100% spam.
|
|
|
|
|
Haven't checked, I just had one from .us.
I don't doubt that it is spam, even without looking at the domain.
It gets in my spam folder, but I really just don't want it at all.
|
|
|
|
|
Oh oh oh oh!!!!
Please do a whois lookup on that .us domain. Or just give me the full domain name I will do it.
PLEASE
I want to hear.
|
|
|
|
|
V683V6PKG.us, no data / failed to get data.
This is the first time I looked at the domain name.
Tomorrow I'll probably get it again, but with another generated code.
|
|
|
|
|
Thanks for posting that.
I'll bet if you look deeper at the headers you will find the TLD that points to Namecheap.com as the registrar.
I've been fighting this war with them for 10 years now.
I will bet my left nut it's Namecheap.
|
|
|
|
|
I already deleted the email.
I'll keep an eye on it when I get new ones.
|
|
|
|
|
Sander,
Outlook client lets you view the email source and the Internet headers so you can see where the email actually came from (see sample below). I do not use Gmail I do not know if it has the same capability.
_________________________
Return-Path: mail02-ca244-44788-jamacdonald=erols.com@d24.tplusmail.com
Received: from mx01.rcn.cmh.synacor.com (LHLO mx.rcn.com) (10.33.3.179) by
md01.rcn.cmh.synacor.com with LMTP; Mon, 15 Jun 2020 09:08:45 -0400 (EDT)
Return-Path: <mail02-ca244-44788-jamacdonald=erols.com@d24.tplusmail.com>
X_CMAE_Category: , ,
X-CNFS-Analysis: v=2.3 cv=CsXBjUwD c=1 sm=1 tr=0 b=1 cx=a_idp_c a=HnCwvRV+xY/I/cxHJFt8Kg==:117 a=HnCwvRV+xY/I/cxHJFt8Kg==:17 a=KGjhK52YXX0A:10 a=nTHF0DUjJn0A:10 a=5KLPUuaC_9wA:10 a=M51BFTxLslgA:10 a=LhVmGQxXAAAA:8 a=bMKPYyKNAAAA:8 a=yoDDcn9cAAAA:20 a=kkeZQVVqAAAA:20 a=OwaX6NWWEkG79epqXcAA:9 a=QEXdDO2ut3YA:10 a=77R4OUVoh7cA:10 a=YdeoRYLMNAkA:10 a=SSmOFEACAAAA:8 a=9XAAIRTlAAAA:20 a=nX4LI99Z6BcihDCH5lcA:9 a=i5lCgKgHOGmsqgGR:21 a=frz4AuCg-hUA:10 a=_W_S_7VecoQA:10 a=Tc6xnW_7GzRn6Cje9123:22 a=W3F0SFC1vDmyWr4U9_Ew:22
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
X-Received-HELO: from [74.118.107.109] (helo=smtp1-39.mail02.topicaplus.com)
Authentication-Results: mx01.rcn.cmh.synacor.com header.DKIM-Signature=@d24.tplusmail.com; dkim=pass
Authentication-Results: mx01.rcn.cmh.synacor.com smtp.mail=mail02-ca244-44788-jamacdonald=erols.com@d24.tplusmail.com; spf=pass; sender-id=pass
Authentication-Results: mx01.rcn.cmh.synacor.com header.from=info@d24.tplusmail.com; sender-id=pass
Received-SPF: pass (mx01.rcn.cmh.synacor.com: domain d24.tplusmail.com designates 74.118.107.109 as permitted sender)
Received: from [74.118.107.109] ([74.118.107.109:51217] helo=smtp1-39.mail02.topicaplus.com)
by mx.rcn.com (envelope-from <mail02-ca244-44788-jamacdonald=erols.com@d24.tplusmail.com>)
(ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTPS (cipher=AES128-GCM-SHA256)
id 8E/8A-40876-CD277EE5; Mon, 15 Jun 2020 09:08:44 -0400
Received: (GreenArrow 98530 invoked by uid 1003); 15 Jun 2020 13:08:44 -0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;
d=d24.tplusmail.com; s=default; h=Date:Message-ID:
List-Unsubscribe:To:From:Subject:Sender:Reply-To:Content-Type:
MIME-Version; bh=S+dpslEdxwy6RYDXX+x2NvtebVs=; b=gUgv64WGU6pd2Bf
gVoj4+AG+njw5mo/6ExPKapSWXGsvvJ4Kzhwnz41HtrE3U+lKTUoP+eztc8NNBVM
EUT6z7WhiKPmpSncUZR6YkBQ2BtuIW7LM7pMayVijfW8tIfDnAFTmqkqtegl6YFx
RQWD83qe0xEY+6GA5JrQcGefKH6A=
Date: 15 Jun 2020 13:08:44 -0000
Message-ID: <20200615130844.98524.qmail@mail02.topicaplus.com>
X-Mailer-Info: BQt3AQDfrzWjYzM5LzIlDUS5ozSvpKOhrz53YQD0Zz5j
List-Unsubscribe: <mailto:unsubscribe-BQt3AQDfrzWjYzM5LzIlDUS5ozSvpKOhrz53YQD0Zz5j@mail02.topicaplus.com>, <http:
To: jamacdonald@erols.com
From: =?UTF-8?Q?RosettaStone_Associate?= <info@lurqly.com>
Subject: =?UTF-8?Q?Learn_to_Speak_a_New_Language_with_Rosetta_Stone!?=
Sender: =?UTF-8?Q?RosettaStone_Associate?= <info@d24.tplusmail.com>
Reply-To: =?UTF-8?Q?RosettaStone_Associate?= <info@lurqly.com>
Content-Type: multipart/alternative; boundary="----=_Part_8144_2700543.1116436017268"
MIME-Version: 1.0
|
|
|
|
|
Oh the irony - this was caught by the spam filter
|
|
|
|
|
Yeah, every time I reply to a message it gets flagged as spam at least for a period of time.
|
|
|
|
|
You are absolutely wrong - fortunately (for both of us?) I never have or will need to send you email.
I have used, for over a decade, a .info domain as one of my personal domains.
From this and another of your emails in the thread, I can assure you that you've already lost the war as they keep you busy trying to keep on top of them. How much are you paid for your time?
Or, how much broad-spectrum blocking, the good with the bad, are you willing to accept? Again, they win! You will not receive email that wasn't spam because you blocked it.
Or even more maintenance to unblock those blocked by your bulk practices.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
Sander Rossel wrote: How can I find out where they come from and how can I stop them, if this is at all possible?
I have an email for registering things.
I've found that the biggest place that SPAM comes from is a DOMAIN registration.
Do you have a web domain registered somewhere? Check and see if the admin email address is the same as the one you are getting the spam at.
|
|
|
|
|
raddevus wrote: I've found that the biggest place that SPAM comes from is a DOMAIN registration.
Blame yourself if you chose GoDaddy just because it's (you're) cheap...
Anything that is unrelated to elephants is irrelephant Anonymous
- The problem with quotes on the internet is that you can never tell if they're genuine Winston Churchill, 1944
- Never argue with a fool. Onlookers may not be able to tell the difference. Mark Twain
|
|
|
|
|
No, mine are registered via google domains. Google is inexpensive and great and easy to use.
Also, I moved away from GoDaddy a few years ago now. It's a trash-hole.
|
|
|
|
|
I moved domains, websites, everything from that arrogant SOB at GoDaddy. Since I wanted the (free) email forwards (and the charitable group I manage a website for, free, is not exactly wealthy) I got the best deals at NameCheap.com .
Unlike GoDaddy, you do need a brain to get by. On the other hand, they don't low-ball you in and then gouge you on renewals. Actually, they have some pretty consistent monthly specials to cut things down a bit more - but even without them they're (another) good deal.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
Yes I do, multiple.
That could very well be the source, but that information is public I think (which I think is criminal and the complete opposite of GDPR).
I should look into that.
It's like when I registered my company at the CoC and it turned out that they do not only display my data in public, but also sell it.
I've been getting daily to weekly phone calls about gas and electricity since then and it's mandatory by law
Luckily the CoC is not allowed to do that anymore, but all these companies still have my number, got five phone calls this week alone
|
|
|
|
|
There was a point where one of my registered domains had my _main_ email address and I was getting 5 spam email a day. Then I changed the domain registration to my _dumping-ground-email-address_ and the spam started going to the dumping ground the next day. Instantly cleaned up the problem on my _main_ email.
|
|
|
|
|