Plusnet
Saturday 21st November 2009Login | Register | Help
Home » Forum » Products and Services Discussion » Community Support » Postini Email Security Trial
Pages: 1 ... 75 76 [77] 78 79 80

Postini Email Security Trial

« Reply #1216 on 23/02/2008, 00:21 »
No reply in this thread after 2 days!

What happened.  Do you all suddenly have no problems with receiving any spam on your Plusnet account??!!!

« Last Edit: 24/02/2008, 11:22 by Capvermell »

Logged
  • jelv
  • Bright Spark
  • *
  • Posts: 9327
  • View Profile
« Reply #1217 on 12/03/2008, 14:48 »
Just seen a post on Usenet made by Bob on 10/03/08:

Quote
The following additions to the Manage My Mail tool are currently in development (should go to QA testing next week at the earliest):

  • Ability to switch off Blatant Spam Blocking
  • Ability to whitelist/blacklist domains/email addys
  • Ability to tweak the sensitivity of the spam tagging filter
  • Ability to switch on Postini's quarantine service and have a daily quarantine report emailed to you
  • Ability to move mail to the Spam folder without marking the subject line with [-SPAM-]

I think this level of control should keep everybody happy. What do people think?

Rgds,

--
|Bob Pullen
jelv

Plusnet chatroom: /server usertools.plus.net   /join #usertools
Plusnet Unlimited is not without limits
Logged
« Reply #1218 on 12/03/2008, 21:11 »
Thanks for the heads-up jelv. I think it will be good to see whether the postini quarantine service works any better than plusnet's implementation.... All good news, in fact!
Logged
  • jelv
  • Bright Spark
  • *
  • Posts: 9327
  • View Profile
« Reply #1219 on 12/03/2008, 23:09 »
The most significant item for me is the daily quarantine report.

What I would also have liked is a daily BSB report (with BSB left on). That way I get to know if emails have been rejected and can take steps to (a) whitelist and (b) get them re-sent. I suspect this is something Postini don't offer.
jelv

Plusnet chatroom: /server usertools.plus.net   /join #usertools
Plusnet Unlimited is not without limits
Logged
« Reply #1220 on 13/03/2008, 00:07 »
Yes, they seem more interested in things that get past BSB when perhaps they shouldn't -- a lot of their own-use headers seem geared to analysing this. I was impressed with Bob Pullen's stats showing the sheer volume of stuff stopped by BSB.... I don't suppose postini could cope with analysing all this by destination-address....
Logged
« Reply #1221 on 14/03/2008, 09:56 »
How did this one avoid being classified as Spam 1 or better still completely edge filtered when it is showing blank Subject and To and From fields in Thunderbird 2 when Message Header info is not displayed?  Thunderbird 2 also failed to classify it as Spam.
Quote
-------- Original Message --------
From:    - Fri Mar 14 09:44:57 2008
X-Account-Key:    account4
X-UIDL:    UID13959-1149066516
X-Mozilla-Status:    0001
X-Mozilla-Status2:    00000000
X-Mozilla-Keys:    
Envelope-to:    xxxxx@xxxxx.plus.com, xxxxx@xxxxx.plus.com
Delivery-date:    Fri, 14 Mar 2008 09:41:24 +0000
Received:    from exprod5mx229.postini.com ([64.18.0.115] helo=psmtp.com) by pih-sunmxcore09.plus.net with smtp (PlusNet MXCore v2.00) id 1Ja6Pi-0000jv-Ra ; Fri, 14 Mar 2008 09:41:23 +0000
Received:    from source ([85.75.195.74]) by exprod5mx229.postini.com ([64.18.4.10]) with SMTP; Fri, 14 Mar 2008 02:41:20 PDT
Received:    from 11249479087099745.15496377166122559.18389290309703974.14605946968434302 (HELO localhost.localdomain) (10756287201663786.14879309288144070.12089683828233471.14740124481428027) by 16039850186795887.14929519133916842.16806051310263158.10855176238696196 with SMTP; Fri, 14 Mar 2008 11:40:46 -0200
Date:    Fri, 14 Mar 2008 11:40:46 -0200
Message-Id:    <6IX182EJXVWDA936@acne-treatment-answers.com>
X-Mailer:    MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01)
X-Header-CompanyDBUserName:    hpccm
X-Header-MasterId:    029891
X-Header-Versions:    Hewlett-Packard.4t2bn2nd4.fk@us.newsgram.hp.com
X-FID:    44E96DBC-7315-47AF-B9E3-83CDEA75DCB9
Content-Type:    text/plain;
X-pstn-neptune:    18/18/1.00/86
X-pstn-levels:    (S: 3.38304/99.90000 CV:99.9000 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings:    1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c
X-pstn-addresses:    from <BerrysyrupyClements@acne-treatment-answers.com> [52/4]
X-pstn-neptune-cave-rslt:    qtine
To:    
X-pn-pstn:    Spam 5
X-PN-Spam-Filtered:    by PlusNet MXCore (v4.00)
X-Antivirus:    avast! (VPS 080313-0, 13/03/2008), Inbound message
X-Antivirus-Status:    Clean


charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: <xxxxx@xxxxx.plus.com>
Cc: <xxxxx@xxxxx.plus.com>
From: "Claudio Kinney" <BerrysyrupyClements@acne-treatment-answers.com>
Subject: USA players too! Download and GO!

We're serious about fun.

http:///
Logged
« Reply #1222 on 14/03/2008, 12:28 »
@Capvermell

This seems to be a malformed email of the type being discussed here.  The subject line has been moved to the body of the email because of the addition of the blank line rather than appearing in the header so [-SPAM-] tagging doesn't take place.  The from and subject lines are no longer in the header so are not picked up by webmail, Outlook Express, Thunderbird, etc. and appear empty.
Logged
« Reply #1223 on 14/03/2008, 15:01 »
OK thanks for the info but what soution are Plusnet and Postini working on to overcome the use of this obvious loophole by the spammers?

[Moderators Note by Daniel (Assos) Full quote of preceeding post removed, as it is not needed and contravenes the Forum Rules.]

« Last Edit: 14/03/2008, 17:03 by Assos »

Logged
« Reply #1224 on 14/03/2008, 18:13 »
Well, jnwright, it is malformed in that way, but it also escaped being scored as spam 1 for some reason....

Postini/neptune would have caught it and dumped it in quarantine because of its sending behaviour. But AFAIK Plusnet are not using the neptune headers to tag these as spam.

This is another spam that is being sent out with a garbage date-time group in the headers:
Quote
10756287201663786.14879309288144070.12089683828233471.14740124481428027) by 16039850186795887.14929519133916842.16806051310263158.10855176238696196 with SMTP; Fri, 14 Mar 2008 11:40:46 -0200
Date:    Fri, 14 Mar 2008 11:40:46 -0200
The time zone -0200 should be +0200 for this to make sense -- probably one reason why neptune didn't like it...?

I'm afraid this doesn't help you, Capvermell, but it might help Plusnet/Postini to help us....
Logged
« Reply #1225 on 15/03/2008, 09:18 »
I find it rather hard to account for the sudden apparent total loss of interest in this thread by Bob Pullen, OldJim and the many other previous regular participants as some spam emails that clearly could be easily edge filtered by Postini is still reaching us.  The number of spam emails not now being edge filtered or classed as Spam1 is small but they do still exist.  Spam 2 to Spam 5 is little use as a classification by Plusnet as it also contains quite a few legitimate emails.

My biggest concern is about the Google search links which almost no one sending legitimate email ever includes in an email (they instead provide the URL of the actual website they are referring to).  So isn't it possible to either edge filter all emails containing a Google search link in the body or at the very least to classify them as Spam1?

Below is the latest example of such an email.  However I have seen web search engines other than Google used in this way lately ,presumably because at least some Spam blocking programs are now blocking emails containing Google links.  However Plusnet merrily continues to allow the Google search link emails to arrive in my Inbox, despite having Spam filtering to my IMAP spam folder enabled.

Quote
-------- Original Message --------
From:    - Sat Mar 15 08:59:21 2008
X-Account-Key:    account4
X-UIDL:    UID13977-1149066516
X-Mozilla-Status:    0001
X-Mozilla-Status2:    00000000
X-Mozilla-Keys:    
Envelope-to:    xx@xxxx.plus.com
Delivery-date:    Sat, 15 Mar 2008 07:04:37 +0000
Received:    from exprod5mx247.postini.com ([64.18.0.167] helo=psmtp.com) by pih-sunmxcore14.plus.net with smtp (PlusNet MXCore v2.00) id 1JaQRY-0005SZ-Br for xx@xxxx.plus.com; Sat, 15 Mar 2008 07:04:37 +0000
Received:    from source ([121.63.251.246]) by exprod5mx247.postini.com ([64.18.4.14]) with SMTP; Fri, 14 Mar 2008 23:04:30 PST
Received:    from [192.168.1.1] ([]) by parch.com (Sendmail 8.7.1) with ESMTP (SSL) id IYT24475 for <xx@xxxx.plus.com>; Sat, 15 Mar 2008 15:03:26 -0500
Date:    Sat, 15 Mar 2008 15:03:26 -0500
Message-id:    <MAILSENDERNG3GKeD271410c0e6@64.18.4.14>
X-Mailer:    ColdFusion MX Application Server
X-PGP-Key:    PAHvkuLT0TkQCqLOKqdZ8nxOD91P1a6==
Organization:    wasRND_WORD
Content-Type:    text/plain; charset="us-ascii"
Content-Transfer-Encoding:    7bit
To:    xx@xxxx.plus.com
From:    Rickie Overton <Barlowj69@openworld.co.uk>
Subject:    A Larger Male Organ
X-pstn-neptune:    59/21/0.36/49
X-pstn-levels:    (S: 0.60755/99.78231 CV:99.9000 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings:    1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c
X-pstn-addresses:    from <Barlowj69@openworld.co.uk> [52/4]
X-pstn-xfilter:    y
X-pn-pstn:    Spam 3
X-PN-Spam-Filtered:    by PlusNet MXCore (v4.00)
X-Antivirus:    avast! (VPS 080314-0, 14/03/2008), Inbound message
X-Antivirus-Status:    Clean


http://google.co.uk/pagea...adurl=http://jopies.com?8
Logged
  • Mand
  • Plusnet Staff
  • *
  • Posts: 3327
  • You live and learn. At any rate, you live.
  • View Profile
« Reply #1226 on 15/03/2008, 09:29 »
Hi Capvermell,

I can assure you that we haven't lost interest in feedback regarding Postini, and will pick up these questions with my networks colleagues on Monday morning and report back.

Bob has not spent much time in the forums recently, due to other duties. We are still reading and reporting issues back though.
Regards, Mand Beckett
Plusnet Comms Team
The UserGroup Forums
Got a fault? This may help to explain.
Logged
« Reply #1227 on 15/03/2008, 09:53 »
Quote from: Mand on 15/03/2008, 09:29
I can assure you that we haven't lost interest in feedback regarding Postini, and will pick up these questions with my networks colleagues on Monday morning and report back.

Bob has not spent much time in the forums recently, due to other duties. We are still reading and reporting issues back though.
That's certainly good to hear Mand.  Also I'm impressed that you are giving up your time to read this thread on a Saturday.

As to the sudden quietness in the thread I suppose either other participants now feel most of their spam is being successfully filtered or that they have nothing further to learn as Plusnet has not recently changed any of the spam filtering configuration options (even though it will do shortly).
Logged
« Reply #1228 on 15/03/2008, 20:16 »
Your latest example, Capvermell, also shows this peculiar dating behaviour
Quote
Received:    from source ([121.63.251.246]) by exprod5mx247.postini.com ([64.18.4.14]) with SMTP; Fri, 14 Mar 2008 23:04:30 PST
Received:    from [192.168.1.1] ([]) by parch.com (Sendmail 8.7.1) with ESMTP (SSL) id IYT24475 for <xx@xxxx.plus.com>; Sat, 15 Mar 2008 15:03:26 -0500
Date:    Sat, 15 Mar 2008 15:03:26 -0500
Postini has date-stamped it with Pacific Standard Time, whereas yesterday's was stamped with Pacific Daylight Time -- what's that about?  But the relevant thing is that it was received by "parch.com" just ten minutes ago! Even changing the time zone from -0500 to +0500 wouldn't make sense of this....  The headers are a blatant (and very bad) forgery.

Either this or something else has led postini to give this the header "X-pstn-xfilter:  y" -- ie. the mail is in breach of a global rule. Unlike Plusnet, Postini would have dumped this in quarantine -- I think they only let them past the BSB for analysis purposes(?).
Logged
« Reply #1229 on 15/03/2008, 20:30 »
Quote from: ChrisL on 15/03/2008, 20:16
Either this or something else has led postini to give this the header "X-pstn-xfilter:  y" -- ie. the mail is in breach of a global rule. Unlike Plusnet, Postini would have dumped this in quarantine -- I think they only let them past the BSB for analysis purposes(?).

So Postini is getting it right but Plusnet is making a mess of interpretation by failing to class this blatant Spam under its Spam 1 heading.  Spam 2 to 5 look as though they will never be much use as quite a fair bit of legitimate email is also caught by these Plusnet spam classifications.  Why does Plusnet think it can do a better job than Postini of deciding what are actually Spam emails?  Huh? Undecided
Logged
« Reply #1230 on 15/03/2008, 23:04 »
Well, Plusnet concentrates on the score given by postini's basic spam filter. My guess is they want some control over how the system works so they can respond to their own clients' needs. Fair enough, except that postini seems to use a complicated system of other checks to back up its basic filter....

For what it's worth, we are told that we are soon to get an option to use the Postini quarantine service instead of the current Manage My Mail options. (See Reply #1229 on this thread). I'm looking forward to seeing if this does a better job.
Logged
« Reply #1231 on 16/03/2008, 00:53 »
OK thanks for those further thoughts Chris.

Let us hope that Plusnet give us the ability to use these other Postini spam checks in due course.
Logged
Pages: 1 ... 75 76 [77] 78 79 80
Home » Forum » Products and Services Discussion » Community Support » Postini Email Security Trial
Jump to:  

Related Sites

Community Apps

Here at Plusnet we're always trying to use clever open source things to make our lives easier. Sometimes we write our own and make other people's lives easier too!

View the Plusnet Open Source applications page

About Plusnet

We sell broadband, phone, VoIP and more to homes and businesses in the UK. Winner of 9 out of 11 Categories in the 2008 USwitch survey. Winner of "Best Consumer ISP" at 2008 ISPA awards. Voted number 1 in the Broadband Choices 2008 survey.

© Plusnet plc All Rights Reserved. E&OE

Powered by SMF | SMF © 2006-2008, Simple Machines LLC

Add to Technorati Favourites