cancel
Showing results for 
Search instead for 
Did you mean: 

Moved Across to Ironport & Blatant Spam Immediately Arrives

Capvermell
Grafter
Posts: 417
Registered: 16-12-2007

Moved Across to Ironport & Blatant Spam Immediately Arrives

So I finally got the message from Plusnet telling me that the spam filtering on my Plusnet account had been changed over to Ironport at 2.06pm today (Tuesday 9th December 200Cool and telling me how great that was all going to be.  However there was no clarity at all about what was happening for those of using Postini Quarantine and I note that I have in fact just been able to still log in to my Postini Quarantine account showing messages Quarantined over the last few days.  But what will happen to any new messages classified as spam by Ironport?  Will I find them on Postini Quarantine or somewhere else?
I also logged in to my email account control settings with Plusnet and on checking the spam tab I notice that I can now modify the "Aggressiveness of the spam filter" settings between 1 and 5, even though I still have Quarantine enabled.  However no level of aggressiveness is shown as existing by default (none of the 1, 2, 3, 4 or 5 buttons are toggled when I first look at the SPAM tab settings).
However at 4.57pm I then received the below blatant spam email in my Inbox clearly showing that it had gone through the Ironport and not the Postini spam filters.  Bizarrely enough in the last two or three weeks Postini's spam filtering had been 100% perfect with not one actual spam getting through,  even though I have just had to whitelist another false positive sitting in my Quarantine folder from Shell Driver's Club.  But that was the first false positive for at least two or three months.
Here is the obvious spam message that Ironport just let through to my account.  Can Bob or whoever else also explain why I have not yet received any information about the Ironport equivalent to Quarantine that is being put in place and why I can now select numbers on the "aggressiveness of the spam filter" options in my email account settings even though I am still meant to be using Quarantine.
Quote
-------- Original Message --------
From: - Tue Dec 09 17:08:45 2008
X-Account-Key: account4
X-UIDL: UID19157-1149066516
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path: <gbhacxo@mail2world.com>
Envelope-to: xxxx@xxxxxx.plus.com
Delivery-date: Tue, 09 Dec 2008 16:58:03 +0000
Received: from [212.159.7.33] (helo=mx.ptn-ipin01.plus.net) by fhw-sunmxcore04.plus.net with esmtp (PlusNet MXCore v2.00) id 1LA5uN-0006Ep-Jh for xxxx@xxxxxx.plus.com; Tue, 09 Dec 2008 16:58:03 +0000
Authentication-Results: mx.ptn-ipin01.plus.net; dkim=neutral (message not signed) header.i=none
Received-SPF: None identity=pra; client-ip=87.240.2.134; receiver=mx.ptn-ipin01.plus.net; envelope-from="gbhacxo@mail2world.com"; x-sender="gbhacxo@mail2world.com"; x-conformance=sidf_compatible
Received-SPF: SoftFail identity=mailfrom; client-ip=87.240.2.134; receiver=mx.ptn-ipin01.plus.net; envelope-from="gbhacxo@mail2world.com"; x-sender="gbhacxo@mail2world.com"; x-conformance=sidf_compatible
Received-SPF: None identity=helo; client-ip=87.240.2.134; receiver=mx.ptn-ipin01.plus.net; envelope-from="gbhacxo@mail2world.com"; x-sender="postmaster@smtp.qwerty.ru"; x-conformance=sidf_compatible
X-SBRS: -0.9
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhppAN8yPklX8AKGW2dsb2JhbACBNzWIKoIyAYcLFwgLBxAthX62dYMH
X-IronPort-AV: E=McAfee;i="5300,2777,5458"; a="6738798"
X-IronPort-AV: E=Sophos;i="4.33,741,1220223600"; d="scan'208";a="6738798"
Received: from smtp.qwerty.ru ([87.240.2.134]) by mx.ptn-ipin01.plus.net with ESMTP; 09 Dec 2008 16:58:03 +0000
X-ASG-Debug-ID: 1228841834-41110041000e-Pkqs9k
X-Barracuda-URL: http://87.240.2.134:8000/cgi-bin/mark.cgi
Received: from wildmail.com (localhost [127.0.0.1]) by smtp.qwerty.ru (Spam Firewall) with SMTP id 4976123227E6; Tue, 9 Dec 2008 19:57:37 +0300 (MSK)
Received: from wildmail.com (host-79-164-105-238.qwerty.ru [79.164.105.238]) by smtp.qwerty.ru with SMTP id o8MdMjR3Ov5AzEYi; Tue, 09 Dec 2008 19:57:37 +0300 (MSK)
To: <Undisclosed Recipients>
From: Bianca Wood <gbhacxo@mail2world.com>
X-ASG-Orig-Subj: Free W/ Rabbit Purchase - Pocket Rocket & 6 More Hot Freebies - Great Sexy Xmas Gifts!
Date: Tue, 09 Dec 2008 11:57:40 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Barracuda-Connect: host-79-164-105-238.qwerty.ru[79.164.105.238]
X-Barracuda-Start-Time: 1228841858
Message-Id: <20081209165737.4976123227E6@smtp.qwerty.ru>
X-Barracuda-Virus-Scanned: by Barracuda Spam Firewall at qwerty.ru
X-pn-pstn: Spam 0
Subject: Free W/ Rabbit Purchase - Pocket Rocket & 6 More Hot Freebies - Great Sexy Xmas Gifts!
X-Antivirus: avast! (VPS 081208-0, 08/12/200Cool, Inbound message
X-Antivirus-Status: Clean

Our Christmas present to you: a Pocket Rocket Jr. Vibe and 6 other super hot and erotic goodies with the purchase of the magically orgasmic JackRabbit Vibe.
What can we say, Santa Claus came early this year!
http://pleasingsensations.cn/



To usubscribe, just put
purge.html
at the end of the link above and hit enter and you will be taken to the page where you can enter your address.
19 REPLIES
Capvermell
Grafter
Posts: 417
Registered: 16-12-2007

Re: Moved Across to Ironport & Blatant Spam Immediately Arrives

duplicate post - deleted
Capvermell
Grafter
Posts: 417
Registered: 16-12-2007

Re: Moved Across to Ironport & Blatant Spam Immediately Arrives

Thanks Bob for deleting my previous post complaining that Ironport had let a blatant spam through to me within hours of being switched over to them. Roll eyes Angry
I see the email telling me I was switched over to Ironport also didn't tell me how to log in to the Ironport Quarantine system but having found the link in the FAQs for the new Ironport Quarantine platform I find my login id and password are being refused.
So it doesn't looks as though Ironport Quarantine has been set up for me?
Also what about the email filtering severity options now being accessible in my Plusnet Spam email account settings, even though I am using Quarantine?  Is this an additional feature of Ironport compared to Postini Quarantine?
Moderator's Note: This post has been moved from an inappropriate thread to this one to keep all the discussion in one place. David (spraxyt)
Community Gaffer
Community Gaffer
Posts: 12,799
Thanks: 630
Fixes: 62
Registered: 04-04-2007

Re: Moved Across to Ironport & Blatant Spam Immediately Arrives

Quote from: Capvermell
Thanks Bob for deleting my previous post complaining that Ironport had let a blatant spam through to me within hours of being switched over to them. Roll eyes Angry

Not sure what you mean? I've only just this second read this thread? Undecided I'm assuming you're referring to David's moving of your original post to a separate thread?
Quote
I see the email telling me I was switched over to Ironport also didn't tell me how to log in to the Ironport Quarantine system but having found the link in the FAQs for the new Ironport Quarantine platform I find my login id and password are being refused.

That's because you have a none subscription account. Access to Quarantine under IronPort is tied into your ability to use SMTP authentication. We don't want to allow this on free accounts else it would leave us open to abuse from spammers. Instead, you will get a daily notification that tells you what's been Quarantined (unless nothing's been quarantined in which case you won't get a message) . There are links in this email that allow you to release the messages from the Quarantine and deliver them to your Inbox if they're not spam. Subscription accounts get this notification too but they can also log into Quarantine independently.
Quote
Also what about the email filtering severity options now being accessible in my Plusnet Spam email account settings, even though I am using Quarantine?  Is this an additional feature of Ironport compared to Postini Quarantine?

Yes it is although the fact that you have nothing at all selected might explain why that blatant spam got through to you. Try selecting '1' (least severe), select the option to apply the settings to all domains and click 'update settings'.

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

ChrisL
Grafter
Posts: 733
Thanks: 2
Registered: 13-12-2007

Re: Moved Across to Ironport & Blatant Spam Immediately Arrives

It strikes me as odd that your message was given a spammy score  "X-SBRS:    -0.9" and still got Spam 0 -- ie cleared for delivery.  Are you sure you have spam filtering turned on?
Chris
edit:  sorry to have cross-posted with Bob!
Capvermell
Grafter
Posts: 417
Registered: 16-12-2007

Re: Moved Across to Ironport & Blatant Spam Immediately Arrives

Quote from: Bob
Not sure what you mean? I've only just this second read this thread? Undecided I'm assuming you're referring to David's moving of your original post to a separate thread?

Yes that was your colleague David it now appears.  My misunderstanding, although it does seem frustrating that as a consequence of David wanting to keep the Ironport timeline thread lean and clean that there is now no one thread discussing all the main issues affecting most users on the new Ironport spam fltering system in the Community forum.
Quote
That's because you have a none subscription account. Access to Quarantine under IronPort is tied into your ability to use SMTP authentication. We don't want to allow this on free accounts else it would leave us open to abuse from spammers. Instead, you will get a daily notification that tells you what's been Quarantined (unless nothing's been quarantined in which case you won't get a message) . There are links in this email that allow you to release the messages from the Quarantine and deliver them to your Inbox if they're not spam. Subscription accounts get this notification too but they can also log into Quarantine independently.

I suppose that should work OK but is there therefore a limit to how much mail can be stored in Ironport Quarantine before it is auto deleted as being too old or too much etc?  What happens if I go off up the Amazon for three months for instance and can't check my daily Quarantine emails in the interim?  Also only being able to view the Ironport Quarantine daily may make it less easy to spot trends in spam messages being filtered.  Perhaps I should just go back to the ordinary spam folder option if the 1 to 5 system now also applies to Ironport Quarantine.  At least in the Plusnet Spam folder I can sort the whole lot globally on any sub heading over any time period.
Quote
Yes it is although the fact that you have nothing at all selected might explain why that blatant spam got through to you. Try selecting '1' (least severe), select the option to apply the settings to all domains and click 'update settings'.

I thought I would set it at 5 initially to see how good Ironport's claims of no false positives are and then try and whitelist anything I should be getting it catches.  Or do you think I won't like the outcome from doing this?  Also that provides another reason for changing to the Plusnet IMAP Spam folder instead of Quarantine options as I wouldn't want to wait up to 24 hours to get access to a critical message that Ironport has classified as spam.
Capvermell
Grafter
Posts: 417
Registered: 16-12-2007

Re: Moved Across to Ironport & Blatant Spam Immediately Arrives

Quote from: ChrisL
It strikes me as odd that your message was given a spammy score  "X-SBRS:    -0.9" and still got Spam 0 -- ie cleared for delivery.  Are you sure you have spam filtering turned on?

Yes I have spam filtering turned on but the filtering severity toggle wasn't set as I previously didn't have the option under Postini Quarantine.
This appears to possibly be a bug and may explain why this message got through.  However I haven't had any other spams since this message and that would be rather unusual for my email account, although of course there is much less spam being sent just at the moment.
I have now set spam filtering severity to 5 and will see what consequences that has in conjunction with my whitelist.
Community Veteran
Posts: 26,338
Thanks: 595
Fixes: 8
Registered: 10-04-2007

Re: Moved Across to Ironport & Blatant Spam Immediately Arrives

Quote from: Capvermell
Yes that was your colleague David it now appears.

David is not one of Bob's colleagues - he's a moderator.
Quote from: Capvermell
My misunderstanding, although it does seem frustrating that as a consequence of David wanting to keep the Ironport timeline thread lean and clean that there is now no one thread discussing all the main issues affecting most users on the new Ironport spam fltering system in the Community forum.

We have a dedicated forum which means that we can have multiple topics all about Ironport, each topic about a different aspect of Ironport. (or are you suggesting that the 56 topics in this forum should all be merged in to one?)
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
Capvermell
Grafter
Posts: 417
Registered: 16-12-2007

Re: Moved Across to Ironport & Blatant Spam Immediately Arrives

Well despite changing to a Spam strength filtering level of 5 last night I still just received the following absolutely blatant spam message in my Inbox.  So Ironport may be hot on no false positives but they don't seem to be so hot on actually stopping unwanted spam reaching customer Inboxes. Shocked Angry
Is anyone else noticing various stupid spams being let through by the Ironport servers:-
Quote
-------- Original Message --------
From: - Wed Dec 10 13:36:30 2008
X-Account-Key: account4
X-UIDL: UID19182-1149066516
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path: <ravined3@proteinon.com>
Envelope-to: xxxx@xxxx.plus.com
Delivery-date: Wed, 10 Dec 2008 13:35:26 +0000
Received: from [212.159.7.97] (helo=mx.pcl-ipin01.plus.net) by fhw-sunmxcore03.plus.net with esmtp (PlusNet MXCore v2.00) id 1LAPDp-0004yA-S1 for xxxx@xxxx.plus.com; Wed, 10 Dec 2008 13:35:25 +0000
Authentication-Results: mx.pcl-ipin01.plus.net; dkim=neutral (message not signed) header.i=none
Received-SPF: None identity=pra; client-ip=114.105.35.99; receiver=mx.pcl-ipin01.plus.net; envelope-from="ravined3@proteinon.com"; x-sender="ravined3@proteinon.com"; x-conformance=sidf_compatible
Received-SPF: None identity=mailfrom; client-ip=114.105.35.99; receiver=mx.pcl-ipin01.plus.net; envelope-from="ravined3@proteinon.com"; x-sender="ravined3@proteinon.com"; x-conformance=sidf_compatible
Received-SPF: None identity=helo; client-ip=114.105.35.99; receiver=mx.pcl-ipin01.plus.net; envelope-from="ravined3@proteinon.com"; x-sender="postmaster@IWKBARXB"; x-conformance=sidf_compatible
X-SBRS: -1.0
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AsV8AKJUP0lyaSNjWmdsb2JhbAASBAEugiqBXYJWg2kGiC0BISKccoMogRBEmjWDBw
X-IronPort-AV: E=McAfee;i="5300,2777,5459"; a="4806500"
X-IronPort-AV: E=Sophos;i="4.33,747,1220223600"; d="scan'208,217";a="4806500"
Received: from unknown (HELO IWKBARXB) ([114.105.35.99]) by mx.pcl-ipin01.plus.net with ESMTP; 10 Dec 2008 13:35:23 +0000
Message-ID: <145401c95acc$1ff44460$0a00080a@ravined3>
From: Lonnie Nicholson <ravined3@proteinon.com>
To: <xxxx@xxxx.plus.com>
Date: Wed, 10 Dec 2008 13:35:12 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C95ACC.1FF46690"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-pn-pstn: Spam 0
Subject: Women will be sleeping at your door to spend a night with you.
X-Antivirus: avast! (VPS 081209-1, 09/12/200Cool, Inbound message
X-Antivirus-Status: Clean

Women will be begging you to stay in your bed for another portion of love.
&nbsp;
Just a click away
Community Gaffer
Community Gaffer
Posts: 12,799
Thanks: 630
Fixes: 62
Registered: 04-04-2007

Re: Moved Across to Ironport & Blatant Spam Immediately Arrives

Presumably some of your messages *are* getting identified as spam? I've checked your database settings and they look OK and are consistent with the settings in Manage My Mail. Quite surprised this one did get through, IronPot must have liked something about it as the sender has a pretty bad reputation.

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

Community Veteran
Posts: 26,338
Thanks: 595
Fixes: 8
Registered: 10-04-2007

Re: Moved Across to Ironport & Blatant Spam Immediately Arrives

I wonder if this name will stick?
Quote from: Bob
Presumably some of your messages *are* getting identified as spam? I've checked your database settings and they look OK and are consistent with the settings in Manage My Mail. Quite surprised this one did get through, IronPot must have liked something about it as the sender has a pretty bad reputation.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
Capvermell
Grafter
Posts: 417
Registered: 16-12-2007

Re: Moved Across to Ironport & Blatant Spam Immediately Arrives

Quote from: Bob
Presumably some of your messages *are* getting identified as spam?

Yes but only the one message has so far been placed in my Spam folder. Although we are only talking 24 hours here and the current level of spam is way down at the moment this would still seem to imply a much higher level of edge filtering by Ironport than by Postini?
As a non subscription customer I have given up on using Quarantine and gone back to the Plusnet  Spam folder option as I know that I am going to hate getting one email a day on both of my mailboxes, especially if I go on holiday and don't have email access for a week or something.
How do I report a Spam email that gets through to my Inbox to Ironport?
ChrisL
Grafter
Posts: 733
Thanks: 2
Registered: 13-12-2007

Re: Moved Across to Ironport & Blatant Spam Immediately Arrives

Quote from: Capvermell

How do I report a Spam email that gets through to my Inbox to Ironport?

I think you just did....
With your aggressiveness set to 5, and a Sender Base Reputation Sensor score of -1.0, I am frankly astonished that this one got X-pn-pstn: Spam 0. Hopefully, someone will give it a long hard look.
Chris
Capvermell
Grafter
Posts: 417
Registered: 16-12-2007

Re: Moved Across to Ironport & Blatant Spam Immediately Arrives

Quote from: ChrisL
With your aggressiveness set to 5, and a Sender Base Reputation Sensor score of -1.0, I am frankly astonished that this one got X-pn-pstn: Spam 0. Hopefully, someone will give it a long hard look.

I think the originally stated idea by Plusnet that Ironport is going to be significantly better at spam filtering than Postini is somewhat illusive and unlikely to prove to actually be the case.  However I suspect that the Ironport server solution provides many other internal advantages in mail handling for Plusnet compared to the old server equipment and those advantages made the replacement of the external Postini spam filtering solution with the internally administered Ironport one compelling as a total business case.
One thing I am concerned about though is that two post update emails that I should have received today from the www.tivocommunity.com discussion forum have not arrived even though tivocommunity.com is in my whitelist and even though there have been update posts in those threads.  Similarly post update messages I should have received from the www.saynoto0870.com discussion forum have not arrived, even though saynoto0870.com is in my whitelist.  Yet by a perverse quirk of fate I am now reliably receiving post update emails from this forum when that used not to be the case two or three months ago.
I do hope that a spam setting of 5 does not increase the severity of the edge filtering by the Ironports for my account but only the percentage of likely spam that is placed in my spam folder instead of in my Inbox?
Capvermell
Grafter
Posts: 417
Registered: 16-12-2007

Re: Moved Across to Ironport & Blatant Spam Immediately Arrives

I turned off Edge Filtering at about 11pm last night but still there is no Spam in my online spam folder this morning.  I used to get 20 to 25 spam emails a day but following the recent reduction after the closure of the spam houses in the USA it was down to 6 or 7 a day.  However with no Edge Filtering now in place too (I always had edge filtering turned on with Postini) the level of spam not arriving in my Spam folder to me suggests that the Ironport servers are not taking any notice at all of the Edge Filter status in my email account settings and are still blocking it all regardless.
I continue to have the feeling that there is email I want to receive that may not now be reaching me and that the Ironport servers are still edge filtering as spam even though it is in fact legitimate email.