cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

convincing spam from CNN

godsell4
Rising Star
Posts: 3,366
Thanks: 15
Registered: ‎06-04-2007

Re: new convincing spam from CNN

‎05-08-2008 9:44 PM


See headers below, 1st is from a message delivered to my PN account, 2nd is a message blocked by postini on my corporate account.
Return-path: <vaavaava_1956@3dfa.com>
Envelope-to: XXX@YYY.COM
Delivery-date: Tue, 05 Aug 2008 15:06:38 +0100
Received: from exprod5mx253.postini.com ([64.18.0.48] helo=psmtp.com)
     by pih-sunmxcore19.plus.net with smtp (PlusNet MXCore v2.00) id 1KQNBM-0000AZ-3B
     for XXX@YYY.COM; Tue, 05 Aug 2008 15:06:36 +0100
Received: from source ([68.163.225.52]) by exprod5mx253.postini.com ([64.18.4.14]) with SMTP;
     Tue, 05 Aug 2008 09:06:33 CDT
X-mailed-to: XXX@YYY.COM
X-To: cnn-dailytop10#*#XXX@YYY.COM
X-job: 20080801155902.cnn-dailytop10.5299
Message-Id: <20080801155902.cnn-dailytop10@mail.cnn.com>
From: "Daily Top 10" <vaavaava_1956@3dfa.com>
To: XXX@YYY.COM
Date: Tue, 5 Aug 2008 10:06:27 -0400
Content-type: multipart/alternative; boundary="053vmiiwg741"
MIME-version: 1.0
X-pstn-neptune: 233/226/0.97/86
X-pstn-levels: (S:79.83032/99.90000 CV:99.0000 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c
X-pstn-addresses: from <vaavaava_1956@3dfa.com> [255/11]
X-pstn-xfilter: y
X-PN-Virus-Filtered: by PlusNet MXCore (v4.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v4.00)
Subject: CNN.com Daily Top 10

Received: from source ([200.100.91.137]) by exprod6mx229.postini.com ([64.18.5.11]) with SMTP;
	Tue, 05 Aug 2008 14:39:31 EDT
X-mailed-to: AAA@BBB.COM
X-To: cnn-dailytop10#*#AAA@BBB.COM
X-job: 20080801155902.cnn-dailytop10.6504
Message-Id: <20080801155902.cnn-dailytop10@mail.cnn.com>
From: "Daily Top 10" <Dmitri-giretnel@mediateca2000.it>
To: AAA@BBB.COM
Date: Tue, 5 Aug 2008 15:39:42 -0300
Subject: CNN.com Daily Top 10
Content-type: multipart/alternative; boundary="043jkuuex633"
MIME-version: 1.0
X-pstn-neptune: 500/494/0.99/86
X-pstn-levels:     (S:85.91170/99.90000 CV:99.0000 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 4 (1.5000:1.5000) s cv gt3 gt2 gt1 r p m c 
X-pstn-addresses: from <Dmitri-giretnel@mediateca2000.it> [341/15] 
X-pstn-xfilter: y
X-pstn-disposition: quarantine

Answers anyone?
SW.
--
3Mb FTTC
https://portal.plus.net/my.html?action=data_transfer_speed
Message 16 of 283
(734 Views)
0 Thanks
Saturn
Grafter
Posts: 742
Thanks: 2
Registered: ‎30-07-2007

Re: new convincing spam from CNN

‎05-08-2008 11:02 PM

Why can't PN block them all?  It's not as thought they're difficult to identify.
Message 17 of 283
(734 Views)
0 Thanks
spraxyt
Resting Legend
Posts: 10,063
Thanks: 674
Fixes: 75
Registered: ‎06-04-2007

Re: new convincing spam from CNN

‎05-08-2008 11:19 PM

I think Postini are using a temporary Global Pattern matching rule to add the X-pstn-xfilter: y header to these emails while they sort out spam filter scoring (S:79.83032 and S:85.91170 on the examples) which currently does not regard these messages as spam.
Postini unconditionally designate any message with that header as spam and quarantine it. Currently the Plusnet tagging rules do not.
If Plusnet change their rules there is a risk that genuine messages could get incorrectly tagged as spam. I have one example where that header is included in a genuine message, 3 with it that are spam (2 being the CNN Top 10 spoof).
Does anyone else have *genuine* messages where that header is incorrectly included?
David
David
Message 18 of 283
(734 Views)
0 Thanks
Tigger
Rising Star
Posts: 219
Thanks: 11
Registered: ‎12-06-2007

Re: new convincing spam from CNN

‎05-08-2008 11:58 PM

Tell me something, if we are (religiously) reporting Spam to Plusnet, is it really worth doing so if something that is known Spam like this CNN e-mail cannot be blocked?
I've just received another one, so clearly, even if Postini have been informed, they haven't done anything.
Message 19 of 283
(734 Views)
0 Thanks
Saturn
Grafter
Posts: 742
Thanks: 2
Registered: ‎30-07-2007

Re: new convincing spam from CNN

‎06-08-2008 12:00 AM

That was my point
Message 20 of 283
(734 Views)
0 Thanks
ChrisL
Rising Star
Posts: 760
Thanks: 4
Fixes: 1
Registered: ‎13-12-2007

Re: new convincing spam from CNN

‎06-08-2008 12:06 AM

Hi David, this is another case where we would have to check all our genuine messages to find any wrongly given X-pstn-xfilter: y.  What we need, again, is help from those using Postini quarantine. Have they had any messages wrongly quarantined because of the presence of this header?
Rgds
Chris
Message 21 of 283
(734 Views)
0 Thanks
spraxyt
Resting Legend
Posts: 10,063
Thanks: 674
Fixes: 75
Registered: ‎06-04-2007

Re: new convincing spam from CNN

‎06-08-2008 1:05 AM

Thanks for mentioning that Chris.
Users of Outlook (not Outlook Express) and (I think) Thunderbird could also help by setting up a mail filter rule to move messages containing the X-pstn-xfilter: header to a specially created folder. The rule could be run retrospectively on existing Inbox contents to check past history.
Unfortunately I don't think Outlook Express allows mail filters to be based on the presence of a specific header.
David
David
Message 22 of 283
(734 Views)
0 Thanks
VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: new convincing spam from CNN

‎06-08-2008 1:05 AM

I have received two warning messages from Plusnet.
But zero from CNN.

"In The Beginning Was The Word, And The Word Was Aardvark."

Message 23 of 283
(734 Views)
0 Thanks
spraxyt
Resting Legend
Posts: 10,063
Thanks: 674
Fixes: 75
Registered: ‎06-04-2007

Re: new convincing spam from CNN

‎06-08-2008 1:11 AM

They are obviously still coming, I've got three of them now.
David
Message 24 of 283
(734 Views)
0 Thanks
Mad_Moggies
Rising Star
Posts: 1,285
Thanks: 43
Registered: ‎01-08-2007

Re: new convincing spam from CNN

‎06-08-2008 8:47 AM

Several more yesterday evening and overnight.
I'll try the filter thing with my Mac's Mail program, which can filter on headers. I'll pick up the ones sent to me and to our joint address and anything else that gets marked in the same way (just continuing monitoring and deleting those in webmail for my husband's address and the catch-all).
Plusnet user since November 2003
Full Fibre since September 2023
Mac OS14 and Firefox user with latest versions of both
Message 25 of 283
(734 Views)
0 Thanks
Bookman
Grafter
Posts: 269
Thanks: 1
Registered: ‎02-08-2007

Re: new convincing spam from CNN

‎06-08-2008 9:49 AM

Like Tigger and Saturn, I wonder why the CNN and Angelina Jolie and similar spam keeps on coming although I (and presumably others too) are sending PN examples of the messages. The CNN spam messages all seem to have the same text, but different To and From addresses. Can Postini not pick up the text in the messages?
Message 26 of 283
(734 Views)
0 Thanks
zubel
Community Veteran
Posts: 3,793
Thanks: 4
Registered: ‎08-06-2007

Re: new convincing spam from CNN

‎06-08-2008 9:51 AM

Short answer:  It is.
Unfortunately, it's using a Global Pattern Match rule to flag it, which the Plusnet system's aren't (yet) matching Spam on
This means it's slipping through the PN mail servers at this end. 
B.
Message 27 of 283
(734 Views)
0 Thanks
Bookman
Grafter
Posts: 269
Thanks: 1
Registered: ‎02-08-2007

Re: new convincing spam from CNN

‎06-08-2008 9:59 AM

In very, very, very simple terms how does the Postini thingy work? I'd thought of it as Postini filtering out bad stuff before it got to PN, but obviously from what you say, that's wrong.
Message 28 of 283
(734 Views)
0 Thanks
zubel
Community Veteran
Posts: 3,793
Thanks: 4
Registered: ‎08-06-2007

Re: new convincing spam from CNN

‎06-08-2008 10:16 AM

Essentially, Postini flag items as spam, but the Plusnet inbound mail servers actually deal with it (except Blatant spam which is blocked)
Postini use a couple of different methods of flagging the spam, and the Plusnet mail servers haven't been configured to act on all of those.  Particularly the X-pstn-filter: header which is used to handle exactly this situation.
There is current discussion ongoing about the best way to handle items that are flagged using the X-pstn-filter header.
B.
Message 29 of 283
(734 Views)
0 Thanks
Bookman
Grafter
Posts: 269
Thanks: 1
Registered: ‎02-08-2007

Re: new convincing spam from CNN

‎06-08-2008 10:27 AM

Ah, thanks for clarifying that Barry. Sometimes these new things get established so fast, and the technically-minded are all aware of how it works, that folks like me miss the simple version!
Message 30 of 283
(734 Views)
0 Thanks