cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Postini Email Security Trial

Capvermell
Rising Star
Posts: 481
Thanks: 12
Fixes: 1
Registered: ‎16-12-2007

Re: Postini Email Security Trial

‎20-02-2008 11:41 PM

Quote from: ChrisL
I agree that postini should have caught ^^this with BSB. What it did instead was catch it for breach of a Global Rule -- hence X-pstn-xfilter:    y -- but PlusNet are not checking for that header so it didn't get quarantined.
Would tagging mails with that header add to our problem with false positives? I don't think so from what I've seen. Perhaps PN could look at this next time they visit the [-SPAM-] tagging scripts?

Seconded.
Message 1216 of 1,275
(1,052 Views)
0 Thanks
Capvermell
Rising Star
Posts: 481
Thanks: 12
Fixes: 1
Registered: ‎16-12-2007

Re: Postini Email Security Trial

‎23-02-2008 12:21 AM

No reply in this thread after 2 days!
What happened.  Do you all suddenly have no problems with receiving any spam on your Plusnet account??!!!
Message 1217 of 1,275
(1,052 Views)
0 Thanks
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Postini Email Security Trial

‎12-03-2008 2:48 PM

Just seen a post on Usenet made by Bob on 10/03/08:
Quote
The following additions to the Manage My Mail tool are currently in development (should go to QA testing next week at the earliest):
  • Ability to switch off Blatant Spam Blocking
  • Ability to whitelist/blacklist domains/email addys
  • Ability to tweak the sensitivity of the spam tagging filter
  • Ability to switch on Postini's quarantine service and have a daily quarantine report emailed to you
  • Ability to move mail to the Spam folder without marking the subject line with [-SPAM-]
    I think this level of control should keep everybody happy. What do people think?
    Rgds,
    --
    |Bob Pullen
    • jelv (a.k.a Spoon Whittler)
       Why I have left Plusnet (warning: long post!)   
    Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
    Line rental: Pulse 8 Home Line Rental (£14.40/month)
    Mobile: iD mobile (£4/month)
    Message 1218 of 1,275
    (1,052 Views)
    0 Thanks
    ChrisL
    Rising Star
    Posts: 760
    Thanks: 4
    Fixes: 1
    Registered: ‎13-12-2007

    Re: Postini Email Security Trial

    ‎12-03-2008 9:11 PM

    Thanks for the heads-up jelv. I think it will be good to see whether the postini quarantine service works any better than plusnet's implementation.... All good news, in fact!
    Message 1219 of 1,275
    (1,052 Views)
    0 Thanks
    jelv
    Seasoned Hero
    Posts: 26,785
    Thanks: 971
    Fixes: 10
    Registered: ‎10-04-2007

    Re: Postini Email Security Trial

    ‎12-03-2008 11:09 PM

    The most significant item for me is the daily quarantine report.
    What I would also have liked is a daily BSB report (with BSB left on). That way I get to know if emails have been rejected and can take steps to (a) whitelist and (b) get them re-sent. I suspect this is something Postini don't offer.
    jelv (a.k.a Spoon Whittler)
       Why I have left Plusnet (warning: long post!)   
    Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
    Line rental: Pulse 8 Home Line Rental (£14.40/month)
    Mobile: iD mobile (£4/month)
    Message 1220 of 1,275
    (1,052 Views)
    0 Thanks
    ChrisL
    Rising Star
    Posts: 760
    Thanks: 4
    Fixes: 1
    Registered: ‎13-12-2007

    Re: Postini Email Security Trial

    ‎13-03-2008 12:07 AM

    Yes, they seem more interested in things that get past BSB when perhaps they shouldn't -- a lot of their own-use headers seem geared to analysing this. I was impressed with Bob Pullen's stats showing the sheer volume of stuff stopped by BSB.... I don't suppose postini could cope with analysing all this by destination-address....
    Message 1221 of 1,275
    (1,052 Views)
    0 Thanks
    Capvermell
    Rising Star
    Posts: 481
    Thanks: 12
    Fixes: 1
    Registered: ‎16-12-2007

    Re: Postini Email Security Trial

    ‎14-03-2008 9:56 AM

    How did this one avoid being classified as Spam 1 or better still completely edge filtered when it is showing blank Subject and To and From fields in Thunderbird 2 when Message Header info is not displayed?  Thunderbird 2 also failed to classify it as Spam.
    Quote
    -------- Original Message --------
    From: - Fri Mar 14 09:44:57 2008
    X-Account-Key: account4
    X-UIDL: UID13959-1149066516
    X-Mozilla-Status: 0001
    X-Mozilla-Status2: 00000000
    X-Mozilla-Keys:
    Envelope-to: xxxxx@xxxxx.plus.com, xxxxx@xxxxx.plus.com
    Delivery-date: Fri, 14 Mar 2008 09:41:24 +0000
    Received: from exprod5mx229.postini.com ([64.18.0.115] helo=psmtp.com) by pih-sunmxcore09.plus.net with smtp (PlusNet MXCore v2.00) id 1Ja6Pi-0000jv-Ra ; Fri, 14 Mar 2008 09:41:23 +0000
    Received: from source ([85.75.195.74]) by exprod5mx229.postini.com ([64.18.4.10]) with SMTP; Fri, 14 Mar 2008 02:41:20 PDT
    Received: from 11249479087099745.15496377166122559.18389290309703974.14605946968434302 (HELO localhost.localdomain) (10756287201663786.14879309288144070.12089683828233471.14740124481428027) by 16039850186795887.14929519133916842.16806051310263158.10855176238696196 with SMTP; Fri, 14 Mar 2008 11:40:46 -0200
    Date: Fri, 14 Mar 2008 11:40:46 -0200
    Message-Id: <6IX182EJXVWDA936@acne-treatment-answers.com>
    X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01)
    X-Header-CompanyDBUserName: hpccm
    X-Header-MasterId: 029891
    X-Header-Versions: Hewlett-Packard.4t2bn2nd4.fk@us.newsgram.hp.com
    X-FID: 44E96DBC-7315-47AF-B9E3-83CDEA75DCB9
    Content-Type: text/plain;
    X-pstn-neptune: 18/18/1.00/86
    X-pstn-levels: (S: 3.38304/99.90000 CV:99.9000 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
    X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c
    X-pstn-addresses: from <BerrysyrupyClements@acne-treatment-answers.com> [52/4]
    X-pstn-neptune-cave-rslt: qtine
    To:
    X-pn-pstn: Spam 5
    X-PN-Spam-Filtered: by PlusNet MXCore (v4.00)
    X-Antivirus: avast! (VPS 080313-0, 13/03/2008), Inbound message
    X-Antivirus-Status: Clean

    charset="us-ascii"
    Content-Transfer-Encoding: 7bit
    To: <xxxxx@xxxxx.plus.com>
    Cc: <xxxxx@xxxxx.plus.com>
    From: "Claudio Kinney" <BerrysyrupyClements@acne-treatment-answers.com>
    Subject: USA players too! Download and GO!
    We're serious about fun.
    http:///
    Message 1222 of 1,275
    (1,052 Views)
    0 Thanks
    jnwright
    Grafter
    Posts: 281
    Thanks: 1
    Registered: ‎05-04-2007

    Re: Postini Email Security Trial

    ‎14-03-2008 12:28 PM

    @Capvermell
    This seems to be a malformed email of the type being discussed here.  The subject line has been moved to the body of the email because of the addition of the blank line rather than appearing in the header so [-SPAM-] tagging doesn't take place.  The from and subject lines are no longer in the header so are not picked up by webmail, Outlook Express, Thunderbird, etc. and appear empty.
    Message 1223 of 1,275
    (1,052 Views)
    0 Thanks
    Capvermell
    Rising Star
    Posts: 481
    Thanks: 12
    Fixes: 1
    Registered: ‎16-12-2007

    Re: Postini Email Security Trial

    ‎14-03-2008 3:01 PM

    OK thanks for the info but what soution are Plusnet and Postini working on to overcome the use of this obvious loophole by the spammers?
    [Moderators Note by Daniel (Assos) Full quote of preceeding post removed, as it is not needed and contravenes the link:rules.]
    Message 1224 of 1,275
    (1,052 Views)
    0 Thanks
    ChrisL
    Rising Star
    Posts: 760
    Thanks: 4
    Fixes: 1
    Registered: ‎13-12-2007

    Re: Postini Email Security Trial

    ‎14-03-2008 6:13 PM

    Well, jnwright, it is malformed in that way, but it also escaped being scored as spam 1 for some reason....
    Postini/neptune would have caught it and dumped it in quarantine because of its sending behaviour. But AFAIK Plusnet are not using the neptune headers to tag these as spam.
    This is another spam that is being sent out with a garbage date-time group in the headers:
    Quote
    10756287201663786.14879309288144070.12089683828233471.14740124481428027) by 16039850186795887.14929519133916842.16806051310263158.10855176238696196 with SMTP; Fri, 14 Mar 2008 11:40:46 -0200
    Date:    Fri, 14 Mar 2008 11:40:46 -0200

    The time zone -0200 should be +0200 for this to make sense -- probably one reason why neptune didn't like it...?
    I'm afraid this doesn't help you, Capvermell, but it might help Plusnet/Postini to help us....
    Message 1225 of 1,275
    (1,052 Views)
    0 Thanks
    Capvermell
    Rising Star
    Posts: 481
    Thanks: 12
    Fixes: 1
    Registered: ‎16-12-2007

    Re: Postini Email Security Trial

    ‎15-03-2008 9:18 AM

    I find it rather hard to account for the sudden apparent total loss of interest in this thread by Bob Pullen, OldJim and the many other previous regular participants as some spam emails that clearly could be easily edge filtered by Postini is still reaching us.  The number of spam emails not now being edge filtered or classed as Spam1 is small but they do still exist.  Spam 2 to Spam 5 is little use as a classification by Plusnet as it also contains quite a few legitimate emails.
    My biggest concern is about the Google search links which almost no one sending legitimate email ever includes in an email (they instead provide the URL of the actual website they are referring to).  So isn't it possible to either edge filter all emails containing a Google search link in the body or at the very least to classify them as Spam1?
    Below is the latest example of such an email.  However I have seen web search engines other than Google used in this way lately ,presumably because at least some Spam blocking programs are now blocking emails containing Google links.  However Plusnet merrily continues to allow the Google search link emails to arrive in my Inbox, despite having Spam filtering to my IMAP spam folder enabled.
    Quote
    -------- Original Message --------
    From: - Sat Mar 15 08:59:21 2008
    X-Account-Key: account4
    X-UIDL: UID13977-1149066516
    X-Mozilla-Status: 0001
    X-Mozilla-Status2: 00000000
    X-Mozilla-Keys:
    Envelope-to: xx@xxxx.plus.com
    Delivery-date: Sat, 15 Mar 2008 07:04:37 +0000
    Received: from exprod5mx247.postini.com ([64.18.0.167] helo=psmtp.com) by pih-sunmxcore14.plus.net with smtp (PlusNet MXCore v2.00) id 1JaQRY-0005SZ-Br for xx@xxxx.plus.com; Sat, 15 Mar 2008 07:04:37 +0000
    Received: from source ([121.63.251.246]) by exprod5mx247.postini.com ([64.18.4.14]) with SMTP; Fri, 14 Mar 2008 23:04:30 PST
    Received: from [192.168.1.1] ([]) by parch.com (Sendmail 8.7.1) with ESMTP (SSL) id IYT24475 for <xx@xxxx.plus.com>; Sat, 15 Mar 2008 15:03:26 -0500
    Date: Sat, 15 Mar 2008 15:03:26 -0500
    Message-id: <MAILSENDERNG3GKeD271410c0e6@64.18.4.14>
    X-Mailer: ColdFusion MX Application Server
    X-PGP-Key: PAHvkuLT0TkQCqLOKqdZ8nxOD91P1a6==
    Organization: wasRND_WORD
    Content-Type: text/plain; charset="us-ascii"
    Content-Transfer-Encoding: 7bit
    To: xx@xxxx.plus.com
    From: Rickie Overton <Barlowj69@openworld.co.uk>
    Subject: A Larger Male Organ
    X-pstn-neptune: 59/21/0.36/49
    X-pstn-levels: (S: 0.60755/99.78231 CV:99.9000 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
    X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c
    X-pstn-addresses: from <Barlowj69@openworld.co.uk> [52/4]
    X-pstn-xfilter: y
    X-pn-pstn: Spam 3
    X-PN-Spam-Filtered: by PlusNet MXCore (v4.00)
    X-Antivirus: avast! (VPS 080314-0, 14/03/2008), Inbound message
    X-Antivirus-Status: Clean

    http://google.co.uk/pagead/iclk?sa=l&ai=maintain&num=408760580&adurl=http://jopies.com?8
    Message 1226 of 1,275
    (1,052 Views)
    0 Thanks
    Mand
    Grafter
    Posts: 5,560
    Thanks: 2
    Registered: ‎05-04-2007

    Re: Postini Email Security Trial

    ‎15-03-2008 9:29 AM

    Hi Capvermell,
    I can assure you that we haven't lost interest in feedback regarding Postini, and will pick up these questions with my networks colleagues on Monday morning and report back.
    Bob has not spent much time in the forums recently, due to other duties. We are still reading and reporting issues back though.
    Message 1227 of 1,275
    (1,052 Views)
    0 Thanks
    Capvermell
    Rising Star
    Posts: 481
    Thanks: 12
    Fixes: 1
    Registered: ‎16-12-2007

    Re: Postini Email Security Trial

    ‎15-03-2008 9:53 AM

    Quote from: Mand
    I can assure you that we haven't lost interest in feedback regarding Postini, and will pick up these questions with my networks colleagues on Monday morning and report back.
    Bob has not spent much time in the forums recently, due to other duties. We are still reading and reporting issues back though.

    That's certainly good to hear Mand.  Also I'm impressed that you are giving up your time to read this thread on a Saturday.
    As to the sudden quietness in the thread I suppose either other participants now feel most of their spam is being successfully filtered or that they have nothing further to learn as Plusnet has not recently changed any of the spam filtering configuration options (even though it will do shortly).
    Message 1228 of 1,275
    (1,052 Views)
    0 Thanks
    ChrisL
    Rising Star
    Posts: 760
    Thanks: 4
    Fixes: 1
    Registered: ‎13-12-2007

    Re: Postini Email Security Trial

    ‎15-03-2008 8:16 PM

    Your latest example, Capvermell, also shows this peculiar dating behaviour
    Quote
    Received:    from source ([121.63.251.246]) by exprod5mx247.postini.com ([64.18.4.14]) with SMTP; Fri, 14 Mar 2008 23:04:30 PST
    Received:    from [192.168.1.1] ([]) by parch.com (Sendmail 8.7.1) with ESMTP (SSL) id IYT24475 for <xx@xxxx.plus.com>; Sat, 15 Mar 2008 15:03:26 -0500
    Date:    Sat, 15 Mar 2008 15:03:26 -0500

    Postini has date-stamped it with Pacific Standard Time, whereas yesterday's was stamped with Pacific Daylight Time -- what's that about?  But the relevant thing is that it was received by "parch.com" just ten minutes ago! Even changing the time zone from -0500 to +0500 wouldn't make sense of this....  The headers are a blatant (and very bad) forgery.
    Either this or something else has led postini to give this the header "X-pstn-xfilter:  y" -- ie. the mail is in breach of a global rule. Unlike Plusnet, Postini would have dumped this in quarantine -- I think they only let them past the BSB for analysis purposes(?).
    Message 1229 of 1,275
    (1,052 Views)
    0 Thanks
    Capvermell
    Rising Star
    Posts: 481
    Thanks: 12
    Fixes: 1
    Registered: ‎16-12-2007

    Re: Postini Email Security Trial

    ‎15-03-2008 8:30 PM

    Quote from: ChrisL
    Either this or something else has led postini to give this the header "X-pstn-xfilter:  y" -- ie. the mail is in breach of a global rule. Unlike Plusnet, Postini would have dumped this in quarantine -- I think they only let them past the BSB for analysis purposes(?).

    So Postini is getting it right but Plusnet is making a mess of interpretation by failing to class this blatant Spam under its Spam 1 heading.  Spam 2 to 5 look as though they will never be much use as quite a fair bit of legitimate email is also caught by these Plusnet spam classifications.  Why does Plusnet think it can do a better job than Postini of deciding what are actually Spam emails?  Huh Undecided
    Message 1230 of 1,275
    (1,052 Views)
    0 Thanks