cancel
Showing results for 
Search instead for 
Did you mean: 

Postini Email Security Trial

mikeb
Rising Star
Posts: 463
Thanks: 15
Registered: ‎10-06-2007

Re: Postini Email Security Trial

Quote from: Capvermell
Its obvious there is a problem but Plusnet seems to have lost all interest in trying to deal with this new spam outbreak

Whilst it's quite obvious that there is a problem, in fact there are a number of apparent problems, in all fairness to PN, there is nothing much if anything that they can do directly to resolve them.  The service is run and to all intents and purposes controlled entirely by a 3rd party - postini.  If postini screw up then the best that PN can do is whine at them.  If postini don't react to new threats in a timely manner then the best PN can do is whine at them.  If postini don't meet their own SLAs then the best PN can do is whine at them.  That's how it is when you out-source or otherwise sub-contract any manufacture or service to a 3rd party never mind something as fundamental and notoriously difficult to deal with as email.  After all, one man's spam is another man's Sunday roast so keeping everyone happy is always going to be next to impossible.
PN are no doubt having to jump through a very similar set of hoops that PN users generally tend to have to do whenever they raise a ticket if they're experiencing some problem or other.  The first hurdle being getting anyone to listen because "no one else is having problems so it must be at your end" or "yes, we know and our network engineers are looking into it" or "it's only affecting a very small number of users but we're working on it" or "have you tried rebooting all your routers" or "what about reinstalling your OS" and so on  Tongue
Having said that, there is a lot that PN could be doing to mitigate a fair few of the apparent problems but don't appear to be and yes, I would agree that it's all gone *very* quiet on the postini front for reason or reasons unknown.
However, any development work that is ongoing is unlikely to resolve some/most/all of the apparent problems in any case - it will simply hand some control of the postini system back to individual users so that they too can mess around with all the various configuration options in the same way that PN no doubt are at the mo.  If you think postini is 'broken' or doesn't quite do what you want in some way then that's just tough I'm afraid.  It's a proprietary system - take it or leave it and all that !  If you're expecting major changes or improvements then the most helpful configuration option of all will be the "OFF" button when it appears because expecting postini to resolve false negatives/positives in any way other than they currently are doing is a complete non-starter IMHO.  I can't see how there could possibly be anything in the PN implementation or controls that could help in any way in this respect ... other than the off button if you don't like how postini normally does it's stuff.  The ability to white/black list as/when required is obviously a very useful facility when used with care but has it's own set of associated potential problems of course. 
The postini service as-is is the most lenient it can be without turning fundamental bits off. The sensitivity can only be tweaked in an upwards direction.  If you choose to make it more aggressive (when that facility exists) then that also comes with it's own set of associated potential problems. You cannot make it less aggressive (in general) without turning certain aspects off although you will presumably be able to whitelist ALL your legitimate senders and blacklist ALL your spammy senders (subject to the max number of list entries being sufficient).  Which kinda begs the question why postini the service when comprehensive white/black lists could have been relatively easily implemented by PN without postini's 'help' and without the no doubt shedloads of do$h heading in a postini direction !
Edited to add: BTW, just had a quicky look and the spam detection rate on my postinied A/C so far today is down to around 80% with the total volume heading off the scale once again.  Expect some well stuffed mboxes today chaps Sad


B T Plusnet, a bit kinda like P T Barnum ...

... but quite often appears to feature more clowns Tongue
Strat
Community Veteran
Posts: 31,320
Thanks: 1,609
Fixes: 565
Registered: ‎14-04-2007

Re: Postini Email Security Trial

I'm back up to 700+ in my work Spam folder over a weekend from around a couple of dozen.
Looks like the spammers have found Postini's weaknesses. Sad
Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Postini Email Security Trial

I should probably mention that this is a lengthy post. Having said that I think I've answered most of the questions posed since I last had the chance to direct any attention at this thread.
Quote from: Capvermell
The below email was not classified as Spam 2, Spam 3, Spam 4 or Spam 5 by Plusnet's header adding algorithm.  This despite it being an obvious Google search link Spam that Postini ought to be edge filtering anyway if they weren't so woefully slow to respond to this kind of new spam email threat.
Any suggestions as to why Plusnet did not classify it as being Spam?

Because it's hasn't been assigned a spam score low enough to trigger the filter. See here for more detail.
Quote from: jelv
The most significant item for me is the daily quarantine report.
What I would also have liked is a daily BSB report (with BSB left on). That way I get to know if emails have been rejected and can take steps to (a) whitelist and (b) get them re-sent. I suspect this is something Postini don't offer.

No they don't unfortunately.
Quote from: ChrisL
Postini/neptune would have caught it and dumped it in quarantine because of its sending behaviour. But AFAIK Plusnet are not using the neptune headers to tag these as spam.

We were incrementing the spam score where the X-pstn-neptune: qtine header was present as per the details here.
This would seem to have been replaced by X-pstn-neptune-cave-rslt: qtine. It's a 5 minute job to update the config but we need to be sure both headers serve the same purpose.
Quote from: Capvermell
I find it rather hard to account for the sudden apparent total loss of interest in this thread by Bob Pullen, OldJim and the many other previous regular participants as some spam emails that clearly could be easily edge filtered by Postini is still reaching us.

It's no so much a lack of interest rather a lack of time Capvermell. I spent two weeks over in South Africa towards the end of February/beginning of March and since then have unfortunately not had as much time as I would have liked for the forums.
Quote from: Capvermell
My biggest concern is about the Google search links which almost no one sending legitimate email ever includes in an email (they instead provide the URL of the actual website they are referring to).  So isn't it possible to either edge filter all emails containing a Google search link in the body or at the very least to classify them as Spam1?

I'm not sure that would be a very good idea. You mention that nobody would ever email a link to a Google search but I've done this myself in the past! Wink
Quote from: Capvermell
The below email just received was not rated as Spam of any kind by Plusnet (on its Spam 1 to Spam 5 scale) despite an S score from Postini that should have caused Plusnet to rate it as Spam.  How exactly did the spammers get round the Plusnet filtering.

It shouldn't have been marked as spam as the S score was way above the thresholds used for marking.
Quote from: andyrogers
I have been getting some SPAM through where In the header I have got the subject line in twice but slightly different, with the message SPAM marked, see below:- (These have apparently come from myself to myself but my address has been spoofed).

That is odd, is anybody else seeing this?
Quote from: jelv
90 relates to the individual filters - I've highlighted those scores:
S:77.69700/99.90000 CV:99.9000 R:95.9108 P:95.9108 M:97.0282 C:98.6951

We've actually disabled this rule Jelv.
Quote from: Capvermell
I suspect that is because www.saynoto0870.com hurts various ripoff commercial call centre operator's interests so they have misreported messages from this group as spam to try to make life difficult for it.

*grabs tinfoil hat*
Quote from: geezer
Why is marketing email being marked as [SPAM] even when it has been flagged as not spam and sent to the notspam address????

Sending to the notspam@ address is *not* an immediate solution. These messages are simply made available for Postini to use for training/refinement purposes. The introduction of the up-and-coming Manage My Mail improvements will no doubt help you address this issue.
Quote from: Capvermell
Today I have started getting several Spam emails masquerading as being bounce backs from the Postmaster at various websites and using my email address as the apparent original sending email address.  The main purpose of this new spam format seems to be to circumvent spam blocking filters.  Either that or my email address is now being widely used to originate large quantities of spam using my sending email addres that is nothing at all to do with me.
See below for an example.
Does anyone at Plusnet have a thought as to how this new spamming technique is going to be blocked?

This is far from a new technique. Spammers have been spoofing addresses for years.
Quote from: Capvermell
Supporting Chris's comment why are emails marked with a blatant "x-pstn-xfilter:  y" spam rating by Postini not being marked as Spam 1 (thus being detained in my online IMAP spam folder and not deposited in my Thunderbird Inbox) by Plusnet?

I have a theory about this and it may explain some of the disparity between headers as reported by mikeb. Bear in mind this is a theory, so it will be interesting to see how things pan out. Whilst investigating this problem we discovered that an error had led to a number of domains being present without many of the mail filtering options enabled. This seems to have been accounts added *since*1st February. It could be that these accounts did not have BSB switched on. I'm wondering whether or not some of the unusual headers people have been seeing are those that are present in mail that's normally blocked as Blatant Spam?
Quote from: Capvermell
I see this one was classified as Spam 3 rather than Spam 4.
But Postini have rated it:-
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c

Capvermell, as mikeb has said, I think you're confusing our use of the x-pstn-settings and the x-pstn-levels headers.
Quote from: mikeb
However, PN did say they were going to be acting on the "neptune" results as well and if this was "quarantine" then I think they said they were going to be tagging the message "SPAM1" regardless of the spam score.

That info is here. The quarantine header was being used to increment the spam score by one eg. change it from Spam 2 to Spam 1.
Quote from: mikeb
Unfortunately, it would appear that the particular neptune header that PN were (and probably still are) checking for is no longer being used by postini. I haven't seen the original and postini documented "X-pstn-neptune-rslt: qtine" header since mid January, I have only seen the completely undocumented "X-pstn-neptune-cave-rslt: qtine" header appearing in my messages. 

As mentioned elsewhere Mike, this is easy enough to fix. We just need to be sure before we change anything.
Quote from: Capvermell
Although various Plusnet staff who sometimes post in this thread have alleged that they are still taking an active interest in the evolution of the Spam tagging project the recent evidence is in fact to the contrary.
Bob has been assigned to other matters by the management of the company and in his absence there have since been no significant developments in the implementation of the rollout of the promised further spam tagging features by Plusnet. Lips_are_sealed

The features are on our Gamma platform undergoing testing as we speak.
Quote from: mikeb
Whilst it's quite obvious that there is a problem, in fact there are a number of apparent problems, in all fairness to PN, there is nothing much if anything that they can do directly to resolve them.  The service is run and to all intents and purposes controlled entirely by a 3rd party - postini.  If postini screw up then the best that PN can do is whine at them.  If postini don't react to new threats in a timely manner then the best PN can do is whine at them.  If postini don't meet their own SLAs then the best PN can do is whine at them.  That's how it is when you out-source or otherwise sub-contract any manufacture or service to a 3rd party never mind something as fundamental and notoriously difficult to deal with as email.  After all, one man's spam is another man's Sunday roast so keeping everyone happy is always going to be next to impossible.

That's a relatively fair summary Mike.
Quote from: mikeb
Edited to add: BTW, just had a quicky look and the spam detection rate on my postinied A/C so far today is down to around 80% with the total volume heading off the scale once again.  Expect some well stuffed mboxes today chaps Sad

What account Mike?
Quote from: Strat
I'm back up to 700+ in my work Spam folder over a weekend from around a couple of dozen.
Looks like the spammers have found Postini's weaknesses. Sad

I'll take a quick look at your account to make sure there's nothing untoward.
On a final note, I think I'm going to work on a blog update about the proposed changes and when we expect them to be launched. Once published, I'm going to start a new thread with a link to this and some other helpful articles/FAQ's etc. As soon as this is done I'm going to ask the mods to lock this thread as it's almost impossible to follow from start to finish now and is most probably deterring others from contributing to the discussion.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Strat
Community Veteran
Posts: 31,320
Thanks: 1,609
Fixes: 565
Registered: ‎14-04-2007

Re: Postini Email Security Trial

I fully agree this thread has become somewhat lengthy.
I switched the spam on my work account (fceluk) to Inbox but found it too much work. Also my various customers on our network complained so I switched it back to Spam Folder.
Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
ChrisL
Rising Star
Posts: 760
Thanks: 4
Fixes: 1
Registered: ‎13-12-2007

Re: Postini Email Security Trial

Quote from: Bob
Quote from: ChrisL
Postini/neptune would have caught it and dumped it in quarantine because of its sending behaviour. But AFAIK Plusnet are not using the neptune headers to tag these as spam.

We were incrementing the spam score where the X-pstn-neptune: qtine header was present as per the details here.
This would seem to have been replaced by X-pstn-neptune-cave-rslt: qtine. It's a 5 minute job to update the config but we need to be sure both headers serve the same purpose.

I don't think this is doing what's needed, Bob. Postini will send to quarantine any email that gets this result from neptune, however non-spammy it looks to the bulk filter. I think the neptune header(s) and the S: score are given for completely different reasons and shouldn't be mixed up in deciding whether an email is spam.
btw -- I've seen the old X-pstn-neptune-rslt: qtine header since we started getting the new X-pstn-neptune-cave-rslt: qtine headers -- but I can't find any documentation about the latter either....
Quote from: Bob
Quote from: andyrogers
I have been getting some SPAM through where In the header I have got the subject line in twice but slightly different, with the message SPAM marked, see below:- (These have apparently come from myself to myself but my address has been spoofed).

That is odd, is anybody else seeing this?

Yes, I've seen one or two of these. Unfortunately, I deleted them, but the style was like this:

Subject:    [-SPAM-]Some obnoxious medical piffle
Subject:S [-SPAM-]ome obnoxious medical piffle

Quote from: Bob
Quote from: Capvermell
Supporting Chris's comment why are emails marked with a blatant "x-pstn-xfilter:   y" spam rating by Postini not being marked as Spam 1 (thus being detained in my online IMAP spam folder and not deposited in my Thunderbird Inbox) by Plusnet?

I have a theory about this and it may explain some of the disparity between headers as reported by mikeb. Bear in mind this is a theory, so it will be interesting to see how things pan out. Whilst investigating this problem we discovered that an error had led to a number of domains being present without many of the mail filtering options enabled. This seems to have been accounts added *since*1st February. It could be that these accounts did not have BSB switched on. I'm wondering whether or not some of the unusual headers people have been seeing are those that are present in mail that's normally blocked as Blatant Spam.

I wonder if you're right, Bob, about headers that include X-pstn-status: off and have other headers very abbreviated? BUT I don't think your theory holds up with the perfectly well-documented X-pstn-xfilter:  y header! Postini say these are in breach of what they call a Global Rule, but I can't remember why they get past the BSB....
I've been on the Postini Trial since before Christmas, and I'm getting some of these.
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Postini Email Security Trial

Hasn't it been established that the duffed subject was something to do with a blank line in the middle of the headers?
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
ChrisL
Rising Star
Posts: 760
Thanks: 4
Fixes: 1
Registered: ‎13-12-2007

Re: Postini Email Security Trial

I think that was a different problem. The blank line was causing the subject line to appear in the body of the email, and so it wasn't being tagged as [-SPAM-] when it should have been.  Here the emails *are* being tagged (twice!). As far as I can remember, the one I had on Tuesday didn't have anything else wrong with it and was handled correctly (which is why I didn't mention it at the time).
cuke2u
Grafter
Posts: 88
Registered: ‎15-11-2007

Re: Postini Email Security Trial

Hi, is there anyway I can tell if Postini is bouncing legitamite mail and if it is who they are from?
Chris
ChrisL
Rising Star
Posts: 760
Thanks: 4
Fixes: 1
Registered: ‎13-12-2007

Re: Postini Email Security Trial

There are two things to consider. Postini will refuse what it thinks is blatant spam, with a bounce message to the sender. As far as I know, there is no way to find out about this without the sender making contact.
Presumably you know how your spam-handling is set up with Plusnet? You will need to have spam kept in a webmail folder, or delivered to your inbox, if you want to check for legitimate emails wrongly tagged as spam....
cuke2u
Grafter
Posts: 88
Registered: ‎15-11-2007

Re: Postini Email Security Trial

Hi, thanks, yes I get loads of legitimate mail marked as spam in my outlook folders. Lets hope that the legimate mail sender that may/may not, be bounced by postini, has the forsight to contact me by phone, otherwise I might be out of pocket. It seems strange that we need to use a system where we have little control over..
Chris
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Postini Email Security Trial

@cuke2u,
The level of control you have is soon to be greatly increased. Watch this space for an imminent blog post!
Quote from: ChrisL
Quote from: Bob
Quote from: ChrisL
Postini/neptune would have caught it and dumped it in quarantine because of its sending behaviour. But AFAIK Plusnet are not using the neptune headers to tag these as spam.

We were incrementing the spam score where the X-pstn-neptune: qtine header was present as per the details here.
This would seem to have been replaced by X-pstn-neptune-cave-rslt: qtine. It's a 5 minute job to update the config but we need to be sure both headers serve the same purpose.

I don't think this is doing what's needed, Bob. Postini will send to quarantine any email that gets this result from neptune, however non-spammy it looks to the bulk filter. I think the neptune header(s) and the S: score are given for completely different reasons and shouldn't be mixed up in deciding whether an email is spam.

You will be able to choose to rely on Postini's quarantining as opposed to our filters if you prefer once the new Manage My Mail tools are available. This will be down to user preference.
Quote
btw -- I've seen the old X-pstn-neptune-rslt: qtine header since we started getting the new X-pstn-neptune-cave-rslt: qtine headers -- but I can't find any documentation about the latter either....

That's useful to know.
Quote
I wonder if you're right, Bob, about headers that include X-pstn-status: off and have other headers very abbreviated? BUT I don't think your theory holds up with the perfectly well-documented X-pstn-xfilter:  y header! Postini say these are in breach of what they call a Global Rule, but I can't remember why they get past the BSB....

OK, thanks for the clarificaiton.
If you come across any more examples with the double subject line then give me a shout and i'll get a problem raised to investigate why it's happening.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

mikeb
Rising Star
Posts: 463
Thanks: 15
Registered: ‎10-06-2007

Re: Postini Email Security Trial

Quote from: Bob
Quote
btw -- I've seen the old X-pstn-neptune-rslt: qtine header since we started getting the new X-pstn-neptune-cave-rslt: qtine headers -- but I can't find any documentation about the latter either....

That's useful to know.

I tend to get several dozen messages a week containing the neptune header(s).  For instance, in the last week of Jan or thereabouts, I received 67 messages with the OLD flavour of neptune header.  Since then, I have received a not dissimilar quantity of messages with the neptune header each and every week but they have ALL been the NEW flavour neptune header. For instance, in the last 3 weeks, I have received 26, 31 and 33 messages with the NEW flavour neptune header.
YMMV and all that but show me a message with a recent date that contains the OLD style neptune header and I'll go and make some custard to pour over an appropriately sized slice of humble pie before consumption of same Tongue 
Mmmmmm, pie

What an absolute farce that we continue having to keep playing guessing games rather than being given clear and definitive information with all customers receiving a consistent and uniform service from what is supposed to be 2 professional companies providing a so-called state-of-the-art and reputable/reliable service. I take it there are still no definite answers from postini regarding the various undocumented features and apparent changes various then ?


B T Plusnet, a bit kinda like P T Barnum ...

... but quite often appears to feature more clowns Tongue
ChrisL
Rising Star
Posts: 760
Thanks: 4
Fixes: 1
Registered: ‎13-12-2007

Re: Postini Email Security Trial

I can't be bothered to google for "YMMV"  Cheesy but I'm going to be doubly sure to check for neptune headers in my mail in the hope of serving some custard  Cheesy
pierre_pierre
Grafter
Posts: 19,757
Thanks: 3
Registered: ‎30-07-2007

Re: Postini Email Security Trial

oh yeh   
Your Mileage May Vary
    Your Mileage May Vary (exclusion clause)
zubel
Community Veteran
Posts: 3,793
Thanks: 4
Registered: ‎08-06-2007

Re: Postini Email Security Trial

Moderators Note
Thread has been locked in favour of this one which will focus on the Plusnet portal integration via the Manage my Mail tool.
B.