Plusnet
Friday 19th March 2010Login | Register | Help
Home » Forum » Products and Services Discussion » Community Support » Postini Email Security Trial
Pages: 1 ... 76 77 [78] 79 80

Postini Email Security Trial

« Reply #1232 on 16/03/2008, 17:43 »
Quote
Envelope-to: xxxxxxxxx@xxxxxxxxx.plus.com
Delivery-date: Sun, 16 Mar 2008 04:08:24 +0000
Received: from exprod5mx241.postini.com ([64.18.0.161] helo=psmtp.com)
     by pih-sunmxcore09.plus.net with smtp (PlusNet MXCore v2.00) id 1JakAZ-0005EA-Im
     for xxxxxxxxx@xxxxxxxxx.plus.com; Sun, 16 Mar 2008 04:08:24 +0000
Received: from source ([201.240.25.111]) by exprod5mx241.postini.com ([64.18.4.11]) with SMTP;
   Sun, 16 Mar 2008 00:08:14 EDT
Message-ID: <000901c887e4$045afdc8$97008eb2@kalla>
From: "Shawn Swain" <griffiedonald4@progel.ca>
To: <xxxxxxxxx@xxxxxxxxx.plus.com>
Subject: [-SPAM-] RE: beatnik anion

Date: Mon, 17 Mar 2008 02:20:04 +0000

MIME-Version: 1.0
Content-Type: text/plain;
   charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-pstn-levels:     (S: 0.00000/96.85922 CV:99.9000 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c
X-pstn-addresses: from <griffiedonald4@progel.ca> [49/4]
X-pn-pstn: Spam 1
X-PN-VirusFiltered: by PlusNet MXCore (v4.00)
X-Antivirus: AVG for E-mail 7.5.519 [269.21.7/1329

I've highlighted the date that appeared on this email. Who is responsible for adding this? It isn't a bug in my Outlook Express is it? My computer's clock is set right....
Logged
  • jelv
  • Bright Spark
  • *
  • Posts: 10619
  • View Profile
« Reply #1233 on 16/03/2008, 17:47 »
The PC in Peru that sent the email to you is responsible for that date/time.
jelv
12/18 month broadband contracts have been abolished - all Plusnet residential contracts (including for existing users) are now 10 days (however deferred charges such as activation or hardware may have to be paid if you leave within a year)
Plusnet chatroom: /server usertools.plus.net   /join #usertools
Plusnet Unlimited is not without limits
Logged
« Reply #1234 on 18/03/2008, 10:23 »
The below email just received was not rated as Spam of any kind by Plusnet (on its Spam 1 to Spam 5 scale) despite an S score from Postini that should have caused Plusnet to rate it as Spam.  How exactly did the spammers get round the Plusnet filtering.

Quote
------- Original Message --------
From:    - Tue Mar 18 10:15:11 2008
X-Account-Key:    account5
X-UIDL:    UID6430-1130190325
X-Mozilla-Status:    0001
X-Mozilla-Status2:    00000000
X-Mozilla-Keys:    
Envelope-to:    xxxx@xxxx.plus.com
Delivery-date:    Tue, 18 Mar 2008 10:04:19 +0000
Received:    from exprod5mx250.postini.com ([64.18.0.170] helo=psmtp.com) by pih-sunmxcore16.plus.net with smtp (PlusNet MXCore v2.00) id 1JbYg5-0003Vb-HP for xxxx@xxxx.plus.com; Tue, 18 Mar 2008 10:04:18 +0000
Received:    from source ([69.147.64.132]) by exprod5mx250.postini.com ([64.18.4.14]) with SMTP; Tue, 18 Mar 2008 05:04:16 CDT
Comment:    DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature:    a=rsa-sha1; q=dns; c=nofws; s=lima; d=yahoogroups.com; b=Gq0vDnEtcqrsHyPvj3Ac45gTlEdNOuzdY4hPUEeMJX5QbWTriHgycI+3ZO6SllNnS08cKm4cNXstRVDRPWNELpFIw8cUtbUGPj9L0O5xGcq/ABx0Zr6JC/xJAh+hXaOM;
Received:    from [216.252.122.216] by n19.bullet.sp1.yahoo.com with NNFMP; 18 Mar 2008 10:04:16 -0000
Received:    from [66.218.69.6] by t1.bullet.sp1.yahoo.com with NNFMP; 18 Mar 2008 10:04:16 -0000
Received:    from [66.218.67.109] by t6.bullet.scd.yahoo.com with NNFMP; 18 Mar 2008 10:04:16 -0000
X-Yahoo-Newman-Id:    10014854-m150
X-Sender:    girltbrider@yahoo.com
X-Apparently-To:    i-player@yahoogroups.com
X-Received:    (qmail 36124 invoked from network); 18 Mar 2008 10:04:12 -0000
X-Received:    from unknown (66.218.67.95) by m45.grp.scd.yahoo.com with QMQP; 18 Mar 2008 10:04:12 -0000
X-Received:    from unknown (HELO n18.bullet.mail.re1.yahoo.com) (69.147.102.101) by mta16.grp.scd.yahoo.com with SMTP; 18 Mar 2008 10:04:12 -0000
X-Received:    from [68.142.237.90] by n18.bullet.mail.re1.yahoo.com with NNFMP; 18 Mar 2008 10:04:11 -0000
X-Received:    from [66.218.69.5] by t6.bullet.re3.yahoo.com with NNFMP; 18 Mar 2008 10:04:11 -0000
X-Received:    from [66.218.66.91] by t5.bullet.scd.yahoo.com with NNFMP; 18 Mar 2008 10:04:11 -0000
To:    i-player@yahoogroups.com
Message-ID:    <fro42p+nhij@eGroups.com>
User-Agent:    eGroups-EW/0.82
X-Mailer:    Yahoo Groups Message Poster
X-Originating-IP:    69.147.102.101
X-eGroups-Msg-Info:    1:6:0:0:0
X-Yahoo-Post-IP:    222.211.136.81
From:    girltbrider <girltbrider@yahoo.com>
X-Yahoo-Profile:    girltbrider
Sender:    i-player@yahoogroups.com
MIME-Version:    1.0
Mailing-List:    list i-player@yahoogroups.com; contact i-player-owner@yahoogroups.com
Delivered-To:    mailing list i-player@yahoogroups.com
List-Id:    <i-player.yahoogroups.com>
Precedence:    bulk
List-Unsubscribe:    <mailto:i-player-unsubscribe@yahoogroups.com>
Date:    Tue, 18 Mar 2008 10:04:09 -0000
Subject:    [i-player] I have added you to my friends network today!
Reply-To:    i-player@yahoogroups.com
X-Yahoo-Newman-Property:    groups-email-ff-u
Content-Type:    multipart/alternative; boundary="M1nz8HuXaiobLkZCCSMa1vav4Gp4nW9L3lQrlys"
X-pstn-neptune:    0/0/0.00/0
X-pstn-levels:    (S:77.69700/99.90000 CV:99.9000 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings:    1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c
X-pstn-addresses:    from <girltbrider@yahoo.com> [52/4]
X-PN-Spam-Filtered:    by PlusNet MXCore (v4.00)
X-Antivirus:    avast! (VPS 080318-0, 18/03/2008), Inbound message
X-Antivirus-Status:    Clean


I created this cool friends network and added you to my friends network. Hit-up now:
http://dhayess.tripod.com/girlfriend.htm

__._,_.___
Messages in this topic (4) Reply (via web post) | Start a new topic
Messages | Files | Photos | Links | Database | Polls | Members | Calendar
Yahoo! Groups
Change settings via the Web (Yahoo! ID required)
Change settings via email: Switch delivery to Daily Digest | Switch format to Traditional
Visit Your Group | Yahoo! Groups Terms of Use | Unsubscribe
Visit Your Group
Star Wars on Y!

Discover new content

Connect with other

fans & upload video.
Yahoo! Search

Start Searching

Find exactly

what you want.
Y! Groups blog

the best source

for the latest

scoop on Groups.
.

__,_._,___
Logged
  • Oldjim
  • Forum Moderator
  • Posts: 10001
  • View Profile
« Reply #1235 on 18/03/2008, 10:31 »
as far as I can tell the Postini spam score is 77.697 - totally legitimate even though it probably is spam
Jurassic Coast
Dorset Area Ramblers
Jim
Logged
« Reply #1236 on 18/03/2008, 10:41 »
I have been getting some SPAM through where In the header I have got the subject line in twice but slightly different, with the message SPAM marked, see below:- (These have apparently come from myself to myself but my address has been spoofed).

     by pih-sunmxcore16.plus.net with smtp (PlusNet MXCore v2.00) id 1JYHQY-00022X-7u
     for name@mysubdomain.force9.co.uk; Sun, 09 Mar 2008 09:02:42 +0000
Received: from source ([125.33.65.65]) by exprod5mx208.postini.com ([64.18.4.11]) with SMTP;
     Sun, 09 Mar 2008 01:02:39 PST
Content-Return: allowed
X-Mailer: CME-V6.5.4.3; MSN
Received: (qmail 19434 by uid 669); Sun, 9 Mar 2008 05:02:38 +0800
Message-Id: <20080309130238.19436.qmail@205751>
To: <name@mysubdomain.force9.co.uk>
Subject: [-SPAM-] Pharmacy Online March 70% OFF
Subject:P[-SPAM-] harmacy Online March 70% OFF
From: <name@mysubdomain.force9.co.uk>
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-pstn-neptune: 103/84/0.82/81
X-pstn-levels: (S: 0.07176/99.06969 CV:99.9000 R:95.9108 P:95.9108 M:95.5423 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c
X-pstn-addresses: from <name@mysubdomain.force9.co.uk> forward (user good) [55/4]
X-pn-pstn: Spam 1
X-PN-VirusFiltered: by PlusNet MXCore (v4.00)


Envelope-to: name@mysubdomain.f9.co.uk
Delivery-date: Sun, 16 Mar 2008 07:46:48 +0000
Received: from exprod5mx235.postini.com ([64.18.0.121] helo=psmtp.com)
     by pih-sunmxcore15.plus.net with smtp (PlusNet MXCore v2.00) id 1JanZv-00038t-8z
     for name@mysubdomain.f9.co.uk; Sun, 16 Mar 2008 07:46:47 +0000
Received: from source ([124.106.208.104]) by exprod5mx235.postini.com ([64.18.4.11]) with SMTP;
     Sun, 16 Mar 2008 00:46:44 PDT
Content-Return: allowed
X-Mailer: CME-V6.5.4.3; MSN
Received: (qmail 12249 by uid 533); Sun, 16 Mar 2008 03:46:43 +0800
Message-Id: <20080316114643.12251.qmail@william-e0344bc>
To: <name@mysubdomain.f9.co.uk>
Subject: [-SPAM-] Discount: March 70% OFF!
Subject:D[-SPAM-] iscount: March 70% OFF!
From: <name@mysubdomain.f9.co.uk>
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-pstn-neptune: 500/95/0.19/48
X-pstn-levels: (S: 0.01374/98.33223 CV:99.9000 R:95.9108 P:95.9108 M:95.5423 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c
X-pstn-addresses: from <name@mysubdomain.f9.co.uk> forward (user good) [51/4]
X-pn-pstn: Spam 1
X-PN-VirusFiltered: by PlusNet MXCore (v4.00)

Andy
Logged
« Reply #1237 on 18/03/2008, 11:51 »
Quote from: Oldjim on 18/03/2008, 10:31
as far as I can tell the Postini spam score is 77.697 - totally legitimate even though it probably is spam

I thought any score under 90 counted as Spam?  It is then just a question of what grade of Spam.  That is from 1 to 5......
Logged
  • jelv
  • Bright Spark
  • *
  • Posts: 10619
  • View Profile
« Reply #1238 on 18/03/2008, 12:18 »
90 relates to the individual filters - I've highlighted those scores:

S:77.69700/99.90000 CV:99.9000 R:95.9108 P:95.9108 M:97.0282 C:98.6951


Spam 5 kicks in I think with S: below 8.00000
jelv
12/18 month broadband contracts have been abolished - all Plusnet residential contracts (including for existing users) are now 10 days (however deferred charges such as activation or hardware may have to be paid if you leave within a year)
Plusnet chatroom: /server usertools.plus.net   /join #usertools
Plusnet Unlimited is not without limits
Logged
« Reply #1239 on 18/03/2008, 12:29 »
So how does this blatant Spam avoid tripping Postini's spam filters.

It is not even a new kind of spam.  I have seen this kind of thing in Yahoo groups for a long time now.

[Moderator's Note by Daniel (Assos) full quote of previous post removed, as it is not needed. See Forum Rules.]

« Last Edit: 18/03/2008, 12:37 by Assos »

Logged
« Reply #1240 on 18/03/2008, 15:39 »
Strictly speaking, this is an abuse of a Yahoo group -- notice that you can unsubscribe from the Group if you want to. If you want to stay a member of the Group but regard this particular email as spam, the thing to do is report it to your group administrator. There should be an address somewhere in the mail or with your original registration.
Logged
« Reply #1241 on 18/03/2008, 16:07 »
Quote from: ChrisL on 18/03/2008, 15:39
Strictly speaking, this is an abuse of a Yahoo group -- notice that you can unsubscribe from the Group if you want to. If you want to stay a member of the Group but regard this particular email as spam, the thing to do is report it to your group administrator.

Every Yahoo group is now spammed in this way, although the group in question has more problems because the original moderator went awol and new group members do not have their posts moderated.

But the content of this message contains various longstanding stock phrases that along with the URL given should make it easy to classify it as Spam.

If one of these Yahoo spammers has their ID withdrawn they simply start a new one so the only solution is to monitor and block the content of posts that are spam.  Ironically Postini classifies all posts in the www.saynoto0870.com discussion forum as spam, even though none of the posts there are spam.  I suspect that is because www.saynoto0870.com hurts various ripoff commercial call centre operator's interests so they have misreported messages from this group as spam to try to make life difficult for it.  Having said that my Orange freemail account does not block any messages from www.saynoto0870.com as spam.  This is where I switched those emails after the problems with Plusnet.
Logged
  • The 10th
  • Posts: 803
  • BBYW - Option 2 (15GB)
  • View Profile
« Reply #1242 on 18/03/2008, 17:35 »
Why is marketing email being marked as [SPAM] even when it has been flagged as not spam and sent to the notspam address?Huh?

Getting a little fed up with this now.  Sad
Netgear DG834 -|- BBYW 2 - webspace, domain hosting, voice over IP, static IP...
Contact Plusnet on:  0114 296 5198 (Cust Sup) or 0114 296 5188 (Faults)
Logged
« Reply #1243 on 20/03/2008, 12:36 »
Surely there is no excuse for the below blatant spam email not being classified as Spam 1 (where it would then fall in to my IMAP Spam folder) rather than as Spam 3, a rating which still includes quite a few legitimate marketing emails from normal UK organisations.

There is no listed sender and no visible content but presumably there is something malicious or nasty embedded in it that the latest updated version of Thunderbird 2 is hopefully protecting me against?

Can anyone else shed some more light on this and why Plusnet and Postini are failing to classify it as Spam 1?

-------- Original Message --------
From:    - Thu Mar 20 05:33:31 2008
X-Account-Key:    account4
X-UIDL:    UID14107-1149066516
X-Mozilla-Status:    0001
X-Mozilla-Status2:    00000000
X-Mozilla-Keys:    
Envelope-to:    xxxx@xxxx.plus.com
Delivery-date:    Thu, 20 Mar 2008 05:19:38 +0000
Received:    from exprod5mx221.postini.com ([64.18.0.80] helo=psmtp.com) by pih-sunmxcore12.plus.net with smtp (PlusNet MXCore v2.00) id 1JcDBh-0002DX-6i for xxxx@xxxx.plus.com; Thu, 20 Mar 2008 05:19:37 +0000
Received:    from source ([124.99.108.244]) by exprod5mx221.postini.com ([64.18.4.14]) with SMTP; Wed, 19 Mar 2008 21:19:35 PST
X-pstn-neptune:    271/121/0.45/65
X-pstn-levels:    (S: 0.53429/99.75983 CV:99.9000 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings:    1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c
X-pstn-addresses:    from <westhamcasino.com@gmeas.com> [52/4]
Message-ID:    <E1JcDBh-0002DX-6i@pih-sunmxcore12.plus.net>
To:    
X-pn-pstn:    Spam 3
X-PN-Spam-Filtered:    by PlusNet MXCore (v4.00)
X-Antivirus:    avast! (VPS 080320-0, 20/03/2008), Inbound message
X-Antivirus-Status:    Clean
Logged
« Reply #1244 on 25/03/2008, 00:17 »
Today I have started getting several Spam emails masquerading as being bounce backs from the Postmaster at various websites and using my email address as the apparent original sending email address.  The main purpose of this new spam format seems to be to circumvent spam blocking filters.  Either that or my email address is now being widely used to originate large quantities of spam using my sending email addres that is nothing at all to do with me.

See below for an example.

Does anyone at Plusnet have a thought as to how this new spamming technique is going to be blocked?  Spam 4 doesn't cut it as that category also contains legitimate emails.  You will note each of the four individual spam rating scores by Postini are in excess of 95.

Quote
-------- Original Message --------
From:    - Mon Mar 24 21:04:39 2008
X-Account-Key:    account4
X-UIDL:    UID14155-1149066516
X-Mozilla-Status:    0001
X-Mozilla-Status2:    10000000
X-Mozilla-Keys:    
Envelope-to:    xxxx@xxxx.plus.com
Delivery-date:    Mon, 24 Mar 2008 20:56:27 +0000
Received:    from exprod5mx211.postini.com ([64.18.0.70] helo=psmtp.com) by pih-sunmxcore13.plus.net with smtp (PlusNet MXCore v2.00) id 1JdtiT-0007Ck-Il for xxxx@xxxx.plus.com; Mon, 24 Mar 2008 20:56:26 +0000
Received:    from source ([216.180.135.146]) by exprod5mx211.postini.com ([64.18.4.14]) with SMTP; Mon, 24 Mar 2008 16:56:24 EDT
From:    postmaster@erp3
To:    xxxx@xxxx.plus.com
Date:    Mon, 24 Mar 2008 15:56:15 -0500
MIME-Version:    1.0
Content-Type:    multipart/report; report-type=delivery-status; boundary="9B095B5ADSN=_01C884E0C8BB377400484219emmausroadproduc"
X-DSNContext:    7ce717b1 - 1160 - 00000002 - 00000000
Message-ID:    <pr73j6xpZ0026723c@emmausroadproductions.com>
Subject:    Delivery Status Notification (Failure)
X-pstn-neptune:    216/201/0.93/72
X-pstn-levels:    (S: 2.29723/99.90000 CV:99.9000 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings:    1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c
X-pstn-addresses:    from <postmaster@erp3> [52/4]
X-pstn-xfilter:    y
X-pn-pstn:    Spam 4
X-PN-Spam-Filtered:    by PlusNet MXCore (v4.00)
X-Antivirus:    avast! (VPS 080324-0, 24/03/2008), Inbound message
X-Antivirus-Status:    Clean

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

       dewittd@tatrack.com
Logged
« Reply #1245 on 25/03/2008, 00:27 »
This is known as Backscatter

It's a common phenomena, but suffice to say that your email address has ben used as the return address for a set of spam that has been sent out.

Misconfigured mail servers or badly educated/stubborn users who bounce spam cause this.

You should notice the effect subside within 24 hours.

B.
Barry Zubel : plusnet Community Site Forum Moderator
I'm a customer, not an employee
100x Core i7-980x, 12GB DDR3, ATI FirePro v8750 (realtime stats)
Logged
« Reply #1246 on 25/03/2008, 00:35 »
Time we started tagging stuff that postini catches for breaching sending protocols:
Quote
X-pstn-xfilter:    y
It might not catch all of this kind of nonsense, but I reckon it would help....
Logged
« Reply #1247 on 25/03/2008, 00:43 »
Barry, are you sure this is backscatter?  It looks wrong, more like as Capvermell says, a spoof of a bounce back Undecided
Logged
Pages: 1 ... 76 77 [78] 79 80
Home » Forum » Products and Services Discussion » Community Support » Postini Email Security Trial
Jump to:  

Related Sites

Community Apps

Here at Plusnet we're always trying to use clever open source things to make our lives easier. Sometimes we write our own and make other people's lives easier too!

View the Plusnet Open Source applications page

About Plusnet

We sell broadband, phone, VoIP and more to homes and businesses in the UK. Winner of 9 out of 11 Categories in the 2008 USwitch survey. Winner of "Best Consumer ISP" at 2008 ISPA awards. Voted number 1 in the Broadband Choices 2008 survey.

© Plusnet plc All Rights Reserved. E&OE

Powered by SMF | SMF © 2006-2008, Simple Machines LLC

Add to Technorati Favourites