Postini Email Security Trial
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Postini Email Security Trial
Re: Postini Email Security Trial
26-12-2007 11:32 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Can PN please provide a definitive statement explaining the postini policy on blackholing .vs. rejecting messages they consider as spam as a matter of urgency.
I have no doubt that postini would argue that blackholing is 'better' than rejection because spammers then have no idea if their messages are being delivered or not. However, apart from it being technically wrong to accept mail but intentionally not deliver it, given the reported poor performance in respect of the number of false positives apparently being very significantly greater than 0.0003%, it is a pretty 'dangerous' thing to be doing regardless of whatever justification postini may consider as reasonable.
I note that I am currently seeing a previously unseen postini header in some test messages: X-pstn-xfilter:
Quote The x-pstn-xfilter header indicates that the message triggered a global pattern rule. The email security service maintains a minimal number of these rules to ensure that certain messages that are quarantined as spam, regardless of the spam score.
which also would appear to be a 'dangerous' and possibly unwarranted thing to be doing.
I also note that the X-pstn-2strike: header continues to be present whenever appropriate and is being used in strict accordance with the postini definition rather than the PN definition. I see absolutely no evidence to suggest that this header can be anything other than "not present in the message at all" or have the value "clear" despite repeated PN references to other possibilities.
Can PN please provide documentary evidence to substantiate their belief that the X-pstn-2strike: header can and is currently being used by postini in some way other than as described in the published postini data.
Re forum notifications: It is all well and good that PN are attempting to rectify the apparent problem with PN forum topic notifications being classified as spam but what about all the other forums around the world that PN customers may choose to use that are presumably suffering similarly. Are PN going to invest an appropriate amount of time/effort into resolving all these potential problems as well ?
It is most concerning that even when using the most lenient setting, the postini spam detection algorithms seem to be unreasonably draconian and/or aggressive (for first line filtering) not to mention falling a very long way short of the 0.0003% false positive SLA. Topic reply notifications are almost by definition NOT spam because they cannot be unsolicited, well, assuming that they are arriving from an authenticated source anyway. In order to receive such messages, a user not only has to (in most if not all cases) register with a particular forum but also has to specifically request that the notifications are sent. In most (but not necessarily all) cases, the registration process also includes e-mail address verification thereby preventing malicious activity.
Can PN please provide a definitive statement as to why some users are apparently seeing postini performance substantially less than the service level guaranteed by postini and explain what is being done about this problem in general rather than specifically in relation PN's own forum messages.
I also have reason to believe that I may possibly be losing some genuine messages although I cannot provide irrefutable evidence to support that at this time.
B T Plusnet, a bit kinda like P T Barnum ...
... but quite often appears to feature more clowns
Re: Postini Email Security Trial
27-12-2007 8:38 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Sometime prior to Christmas I checked several headers and they all had passed through Postini and were not being detected as spam. I have, in the last half hour, checked four e-mails marked as Spam using the postini analyser. Two had never passed through Postini, another had passed through and had been declared as not spam, and another was detected as not blatant spam, but the same e-mail had been seen from several different IP addresses and had been quarantined. This I assume does not happen as if it had I would not seen it marked as spam.
I also noted that the Financial and Legal Filters are turned off, but none of these e-mails fell into those categories. What is interesting is the spam not passing through Postini. I assume that this must be coming from users/computers on one of the PN brands.
Re: Postini Email Security Trial
27-12-2007 10:01 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: mikeb
I have no doubt that postini would argue that blackholing is 'better' than rejection because spammers then have no idea if their messages are being delivered or not. However, ... it is a pretty 'dangerous' thing to be doing regardless of whatever justification postini may consider as reasonable.
So is this behaviour going to be changed at the Postini end before the mass migration of all e-mail to Postini so that we will get the same functionality as we current do with PN. i.e. any suspect messages just go to inbox.spam ... so what 'logic' is used by postini to silently blackhole messages?
SW.
3Mb FTTC
https://portal.plus.net/my.html?action=data_transfer_speed
Re: Postini Email Security Trial
28-12-2007 12:14 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Total I have, in the last half hour, checked four e-mails marked as Spam using the postini analyser. Two had never passed through Postini, another had passed through and had been declared as not spam, and another was detected as not blatant spam, but the same e-mail had been seen from several different IP addresses and had been quarantined.
Messages currently tagged as [-SPAM-] in the subject line get that from DSPAM, not Postini. Sadly DSPAM is struggling with recent changes in spam characteristics and not doing too well as a result. For those on the Postini trial, Postini is adding its headers to the message but [-SPAM-] tagging of the subject line based on Postini scoring is yet to be implemented. This should happen in the new year when PN staffing levels return to normal so any required support will be available.
With regard to "quarantining", that header does not mean that Postini quarantined it. For Plusnet users it represents Postini's opinion on what action should be taken by PN's mail servers (but as just stated that has yet to be implemented).
Quote What is interesting is the spam not passing through Postini. I assume that this must be coming from users/computers on one of the PN brands.
Not so. What this means is the spammers are not playing by the rules, they are targeting messages at specific mail servers rather than the generic "pool" that would go through Postini. Rather than repeating myself please refer to this post which explains more about this. Early in the new year I expect this bypass route will be blocked for all users on the Postini trial (and everyone once all users are on the system).
Re: Postini Email Security Trial
28-12-2007 12:40 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: godsell4
Quote from: mikeb
I have no doubt that postini would argue that blackholing is 'better' than rejection because spammers then have no idea if their messages are being delivered or not. However, ... it is a pretty 'dangerous' thing to be doing regardless of whatever justification postini may consider as reasonable.
So is this behaviour going to be changed at the Postini end before the mass migration of all e-mail to Postini so that we will get the same functionality as we current do with PN. i.e. any suspect messages just go to inbox.spam ... so what 'logic' is used by postini to silently blackhole messages?
It has been pointed out many, many times that Plusnet reject a significant number of email addresses at the perimeter - this is something they may done for a long time (over 5 years to my certain knowledge) and is not something that has just been introduced by Postini.
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Re: Postini Email Security Trial
28-12-2007 12:45 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: spraxyt
Quote What is interesting is the spam not passing through Postini. I assume that this must be coming from users/computers on one of the PN brands.
Not so. What this means is the spammers are not playing by the rules, they are targeting messages at specific mail servers rather than the generic "pool" that would go through Postini. Rather than repeating myself please refer to this post which explains more about this. Early in the new year I expect this bypass route will be blocked for all users on the Postini trial (and everyone once all users are on the system).
I was seeing spam sent direct to mx.last particularly two weeks after my MX records were amended to point only at Postini. Having the block applied to my account made an improvement for me.
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Re: Postini Email Security Trial
28-12-2007 10:22 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Postini Email Security Trial
28-12-2007 10:23 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote Every single bit of email was tagged as spam, including a test email sent from myself.
Where was this tagging? In the subject line or in the Postini headers?
Re: Postini Email Security Trial
28-12-2007 11:43 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Postini Email Security Trial
28-12-2007 11:57 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Re: Postini Email Security Trial
28-12-2007 1:32 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: mgillespie Well, Postini did a pretty poor job today. Every single bit of email was tagged as spam, ...).
I had 0% of my email labelled [-SPAM-] this morning! Yesterday I reported the 80% which had been labelled [-SPAM-] - each reported by clicking the "Not Spam" button on SquirrelMail, then reported again by clicking the "Not Spam" FastForward v1.1.8 button on my Outlook Express! Maybe this brute force method helps?
One of the problems is that DSPAM marks several completely innocent postini factors as very likely to be Spam. After all my teaching, it is now adding (for me at least!) a few more postini factors (e.g. X-pstn-addresses*plus.net>, 0.01000,) marked as unlikely to be Spam. See sample below.
Quote X-Daemon-Classification: INNOCENT
....
X-Reported By: FastForward v1.1.8 (Outlook Express)
....
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S: 0.31169/99.43398 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
....
X-DSPAM-Factors: 27,
Received*www, 0.00110,
Received*(using, 0.00328,
Subject*Topic, 0.00377,
X-Mailer*SMF, 0.00520,
Received*TLSv1), 0.00802,
net/forum/index, 0.01000,
net/forum/index, 0.01000,
Received*([64.18.4.13]), 0.99000,
X-pstn-settings*1, 0.99000,
Received*peter, 0.99000,
Received*peter, 0.99000,
mgillespie, 0.01000,
mgillespie, 0.01000,
X-pstn-settings*0.1500), 0.99000,
X-pstn-settings*(0.1500, 0.99000,
Envelope-to*peter, 0.99000,
Received*exprod5mx202.postini.com, 0.99000,
Received*exprod5mx202.postini.com, 0.99000,
From*<community, 0.01000,
X-pstn-addresses*plus.net>, 0.01000,
X-pstn-addresses*<community, 0.01000,
From*plus.net>, 0.01131,
Received*(helo=fhw, 0.01837,
Message-ID*plus.net>, 0.01950,
Received*data, 0.02267,
Received*data, 0.02267,
notifications, 0.03137
....
Happy New Year - when PN makes all work well for everyone!
Re: Postini Email Security Trial
28-12-2007 3:25 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Postini Email Security Trial
28-12-2007 4:54 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Re: Postini Email Security Trial
28-12-2007 5:06 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Using either Outlook 2003 or Outlook Express I can't see how to write a rule based on the header information.
Is this something you can only do with Thunderbird
Re: Postini Email Security Trial
28-12-2007 5:14 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
This is the relevant part
Quote X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S:99.90000/99.90000 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1 r p m c
X-pstn-addresses: from <******> [db-null]
X-PN-VirusFiltered: by PlusNet MXCore (v4.00)
X-DSPAM-Result: Spam
X-DSPAM-Processed: Thu Dec 27 17:33:23 2007
X-DSPAM-Confidence: 0.4453
X-DSPAM-Improbability: 1 in 81 chance of being ham
X-DSPAM-Probability: 0.9467
X-DSPAM-Factors: 15,
Received*(modem, 0.99000,
X-pstn-levels*99.90000/99.90000, 0.01000,
X-pstn-settings*1, 0.99000,
ramblers, 0.99000,
X-pstn-settings*0.1500), 0.99000,
X-pstn-settings*(0.1500, 0.99000,
From*"Stanley, 0.99000,
Received*([64.18.4.14]), 0.99000,
size=2>Thanks, 0.01234,
Subject*Group, 0.01491,
holtlane, 0.02858,
size=2><SPAN, 0.03567,
Dorset, 0.03677,
Received*helo=psmtp.com), 0.04420,
Description, 0.04938
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Postini Email Security Trial