cancel
Showing results for 
Search instead for 
Did you mean: 

Postini Email Security Trial

mikeb
Grafter
Posts: 367
Registered: ‎10-06-2007

Re: Postini Email Security Trial

Whilst postini have apparently tweaked their detection algorithms either manually or as part of the natural learning process, there is absolutely no doubt that they are dumping some (but not necessarily all) mail considered as spam rather than refusing/rejecting it.  I consider this to be totally unacceptable practice in general and especially so when the relevant message(s) could and should have been refused/rejected at MX level.
Can PN please provide a definitive statement explaining the postini policy on blackholing .vs. rejecting messages they consider as spam as a matter of urgency.

I have no doubt that postini would argue that blackholing is 'better' than rejection because spammers then have no idea if their messages are being delivered or not.  However, apart from it being technically wrong to accept mail but intentionally not deliver it, given the reported poor performance in respect of the number of false positives apparently being very significantly greater than 0.0003%, it is a pretty 'dangerous' thing to be doing regardless of whatever justification postini may consider as reasonable.
I note that I am currently seeing a previously unseen postini header in some test messages: X-pstn-xfilter: 
Quote
The x-pstn-xfilter header indicates that the message triggered a global pattern rule. The email security service maintains a minimal number of these rules to ensure that certain messages that are quarantined as spam, regardless of the spam score.

which also would appear to be a 'dangerous' and possibly unwarranted thing to be doing.
I also note that the X-pstn-2strike: header continues to be present whenever appropriate and is being used in strict accordance with the postini definition rather than the PN definition.  I see absolutely no evidence to suggest that this header can be anything other than "not present in the message at all" or have the value "clear" despite repeated PN references to other possibilities.
Can PN please provide documentary evidence to substantiate their belief that the X-pstn-2strike: header can and is currently being used by postini in some way other than as described in the published postini data.
Re forum notifications: It is all well and good that PN are attempting to rectify the apparent problem with PN forum topic notifications being classified as spam but what about all the other forums around the world that PN customers may choose to use that are presumably suffering similarly.  Are PN going to invest an appropriate amount of time/effort into resolving all these potential problems as well ?
It is most concerning that even when using the most lenient setting, the postini spam detection algorithms seem to be unreasonably draconian and/or aggressive (for first line filtering) not to mention falling a very long way short of the 0.0003% false positive SLA.  Topic reply notifications are almost by definition NOT spam because they cannot be unsolicited, well, assuming that they are arriving from an authenticated source anyway. In order to receive such messages, a user not only has to (in most if not all cases) register with a particular forum but also has to specifically request that the notifications are sent.  In most (but not necessarily all) cases, the registration process also includes e-mail address verification thereby preventing malicious activity.
Can PN please provide a definitive statement as to why some users are apparently seeing postini performance substantially less than the service level guaranteed by postini and explain what is being done about this problem in general rather than specifically in relation PN's own forum messages.
I also have reason to believe that I may possibly be losing some genuine messages although I cannot provide irrefutable evidence to support that at this time.
Highlighted
Total_Chaos
Dabbler
Posts: 24
Thanks: 2
Registered: ‎30-07-2007

Re: Postini Email Security Trial

Since just after the start of Postin Trial when the spam dropped considerably,  it subsequently increased significantly.  At present I am getting about 200 per day marked as spam, and possibly a further 50 or so being picked up by Mailwasher and Thunderbird. 
Sometime prior to Christmas I checked several headers and they all had passed through Postini and were not being detected as spam.  I have, in the last half hour, checked four e-mails marked as Spam using the postini analyser.  Two had never passed through Postini, another had passed through and had been declared as not spam, and another was detected as not blatant spam, but the same e-mail had been seen from several different IP addresses and had been quarantined.  This I assume does not happen as if it had I would not seen it marked as spam.
I also noted that the Financial and Legal Filters are turned off, but none of these e-mails fell into those categories.  What is interesting is the spam not passing through Postini. I assume that this must be coming from users/computers on one of the PN brands.
Community Veteran
Posts: 3,366
Thanks: 15
Registered: ‎06-04-2007

Re: Postini Email Security Trial

Quote from: mikeb

I have no doubt that postini would argue that blackholing is 'better' than rejection because spammers then have no idea if their messages are being delivered or not.  However, ...  it is a pretty 'dangerous' thing to be doing regardless of whatever justification postini may consider as reasonable.

So is this behaviour going to be changed at the Postini end before the mass migration of all e-mail to Postini so that we will get the same functionality as we current do with PN. i.e. any suspect messages just go to inbox.spam ... so what 'logic' is used by postini to silently blackhole messages?
SW.
--
3Mb FTTC
https://portal.plus.net/my.html?action=data_transfer_speed
Superuser
Superuser
Posts: 9,926
Thanks: 1,265
Fixes: 71
Registered: ‎06-04-2007

Re: Postini Email Security Trial

Quote from: Total
… I have, in the last half hour, checked four e-mails marked as Spam using the postini analyser.  Two had never passed through Postini, another had passed through and had been declared as not spam, and another was detected as not blatant spam, but the same e-mail had been seen from several different IP addresses and had been quarantined.

Messages currently tagged as [-SPAM-] in the subject line get that from DSPAM, not Postini. Sadly DSPAM is struggling with recent changes in spam characteristics and not doing too well as a result. For those on the Postini trial, Postini is adding its headers to the message but [-SPAM-] tagging of the subject line based on Postini scoring is yet to be implemented. This should happen in the new year when PN staffing levels return to normal so any required support will be available.
With regard to "quarantining", that header does not mean that Postini quarantined it. For Plusnet users it represents Postini's opinion on what action should be taken by PN's mail servers (but as just stated that has yet to be implemented).
Quote
What is interesting is the spam not passing through Postini. I assume that this must be coming from users/computers on one of the PN brands.

Not so. What this means is the spammers are not playing by the rules, they are targeting messages at specific mail servers rather than the generic "pool" that would go through Postini. Rather than repeating myself please refer to this post which explains more about this. Early in the new year I expect this bypass route will be blocked for all users on the Postini trial (and everyone once all users are on the system).
David
Community Veteran
Posts: 26,746
Thanks: 959
Fixes: 10
Registered: ‎10-04-2007

Re: Postini Email Security Trial

Quote from: godsell4
Quote from: mikeb

I have no doubt that postini would argue that blackholing is 'better' than rejection because spammers then have no idea if their messages are being delivered or not.  However, ...  it is a pretty 'dangerous' thing to be doing regardless of whatever justification postini may consider as reasonable.

So is this behaviour going to be changed at the Postini end before the mass migration of all e-mail to Postini so that we will get the same functionality as we current do with PN. i.e. any suspect messages just go to inbox.spam ... so what 'logic' is used by postini to silently blackhole messages?

It has been pointed out many, many times that Plusnet reject a significant number of email addresses at the perimeter - this is something they may done for a long time (over 5 years to my certain knowledge) and is not something that has just been introduced by Postini.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
Community Veteran
Posts: 26,746
Thanks: 959
Fixes: 10
Registered: ‎10-04-2007

Re: Postini Email Security Trial

Quote from: spraxyt

Quote
What is interesting is the spam not passing through Postini. I assume that this must be coming from users/computers on one of the PN brands.

Not so. What this means is the spammers are not playing by the rules, they are targeting messages at specific mail servers rather than the generic "pool" that would go through Postini. Rather than repeating myself please refer to this post which explains more about this. Early in the new year I expect this bypass route will be blocked for all users on the Postini trial (and everyone once all users are on the system).

I was seeing spam sent direct to mx.last particularly two weeks after my MX records were amended to point only at Postini. Having the block applied to my account made an improvement for me.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
mgillespie
Grafter
Posts: 222
Registered: ‎08-04-2007

Re: Postini Email Security Trial

Well, Postini did a pretty poor job today.  Every single bit of email was tagged as spam, including a test email sent from myself.  The ONLY item that was not tagged as spam, was the Plusnet Newsletter  (borderline spam, as I certainly never asked for this...).
Community Gaffer
Community Gaffer
Posts: 17,682
Thanks: 665
Fixes: 167
Registered: ‎05-04-2007

Re: Postini Email Security Trial

Quote
Every single bit of email was tagged as spam, including a test email sent from myself.

Where was this tagging? In the subject line or in the Postini headers?
If this post resolved your issue please click the 'This fixed my problem' button
 Chris Parr
 Plusnet Staff
mgillespie
Grafter
Posts: 222
Registered: ‎08-04-2007

Re: Postini Email Security Trial

Subject line
Community Veteran
Posts: 26,746
Thanks: 959
Fixes: 10
Registered: ‎10-04-2007

Re: Postini Email Security Trial

Postini doesn't tag the subject line (yet). After incoming mail has been through Postini it goes through the old spam detection system which applies the subject tagging.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
peterp
Dabbler
Posts: 23
Registered: ‎01-12-2007

Re: Postini Email Security Trial

Quote from: mgillespie
Well, Postini did a pretty poor job today.  Every single bit of email was tagged as spam, ...).

I had 0% of my email labelled [-SPAM-] this morning!  Yesterday I reported the 80% which had been labelled [-SPAM-] - each reported by clicking the "Not Spam" button on SquirrelMail, then reported again by clicking the "Not Spam" FastForward v1.1.8  button on my Outlook Express!  Maybe this brute force method helps?
One of the problems is that DSPAM marks several completely innocent postini factors as very likely to be Spam.  After all my teaching, it is now adding (for me at least!) a few more postini factors (e.g. X-pstn-addresses*plus.net>, 0.01000,) marked as unlikely to be Spam.  See sample below.
Quote
X-Daemon-Classification: INNOCENT
....
X-Reported By: FastForward v1.1.8 (Outlook Express)
....
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S: 0.31169/99.43398 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
....
X-DSPAM-Factors: 27,
Received*www, 0.00110,
Received*(using, 0.00328,
Subject*Topic, 0.00377,
X-Mailer*SMF, 0.00520,
Received*TLSv1), 0.00802,
net/forum/index, 0.01000,
net/forum/index, 0.01000,
Received*([64.18.4.13]), 0.99000,
X-pstn-settings*1, 0.99000,
Received*peter, 0.99000,
Received*peter, 0.99000,
mgillespie, 0.01000,
mgillespie, 0.01000,
X-pstn-settings*0.1500), 0.99000,
X-pstn-settings*(0.1500, 0.99000,
Envelope-to*peter, 0.99000,
Received*exprod5mx202.postini.com, 0.99000,
Received*exprod5mx202.postini.com, 0.99000,
From*<community, 0.01000,
X-pstn-addresses*plus.net>, 0.01000,
X-pstn-addresses*<community, 0.01000,
From*plus.net>, 0.01131,
Received*(helo=fhw, 0.01837,
Message-ID*plus.net>, 0.01950,
Received*data, 0.02267,
Received*data, 0.02267,
notifications, 0.03137
....

Happy New Year - when PN makes all work well for everyone!
Dev
Grafter
Posts: 202
Thanks: 1
Registered: ‎01-08-2007

Re: Postini Email Security Trial

I am considering turning off PN's spam filters and using outlook's filter or forward to Gmail. I am tired of having 90% of my mail between user1@mydomain.co.uk and user2@mydomain.co.uk of my hosted PN domain being labelled as spam while legit spam gets through.
Community Veteran
Posts: 26,746
Thanks: 959
Fixes: 10
Registered: ‎10-04-2007

Re: Postini Email Security Trial

I've turned off the DSPAM checking and am now relying on the Postini added headers - they are proving far more reliable.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
Community Veteran
Posts: 38,460
Thanks: 1,031
Fixes: 62
Registered: ‎15-06-2007

Re: Postini Email Security Trial

Jelv,
Using either Outlook 2003 or Outlook Express I can't see how to write a rule based on the header information.
Is this something you can only do with Thunderbird
Community Veteran
Posts: 38,460
Thanks: 1,031
Fixes: 62
Registered: ‎15-06-2007

Re: Postini Email Security Trial

Just found a spam message - Postini result 99.9 - how did DSPAM get it so wrong.
This is the relevant part
Quote
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S:99.90000/99.90000 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1 r p m c
X-pstn-addresses: from <******> [db-null]
X-PN-VirusFiltered: by PlusNet MXCore (v4.00)
X-DSPAM-Result: Spam
X-DSPAM-Processed: Thu Dec 27 17:33:23 2007
X-DSPAM-Confidence: 0.4453
X-DSPAM-Improbability: 1 in 81 chance of being ham
X-DSPAM-Probability: 0.9467
X-DSPAM-Factors: 15,
    Received*(modem, 0.99000,
    X-pstn-levels*99.90000/99.90000, 0.01000,
    X-pstn-settings*1, 0.99000,
    ramblers, 0.99000,
    X-pstn-settings*0.1500), 0.99000,
    X-pstn-settings*(0.1500, 0.99000,
    From*"Stanley, 0.99000,
    Received*([64.18.4.14]), 0.99000,
    size=2>Thanks, 0.01234,
    Subject*Group, 0.01491,
    holtlane, 0.02858,
    size=2><SPAN, 0.03567,
    Dorset, 0.03677,
    Received*helo=psmtp.com), 0.04420,
    Description, 0.04938