Messages are being flagged as [...]

Email setup and troubleshooting
lordvader
Posts: 46
Joined: Mon Feb 20, 2006 7:23 pm

Re: Messages are being flagged as [...]

Post by lordvader » Tue Dec 10, 2013 11:05 am

I don't know how things are done there, but usually things are tested before they're pushed out to all users, not the other way round ...

James
Exetel Staff
Posts: 2020
Joined: Mon May 09, 2005 10:27 pm

Re: Messages are being flagged as [...]

Post by James » Tue Dec 10, 2013 1:57 pm

lordvader wrote:I don't know how things are done there, but usually things are tested before they're pushed out to all users, not the other way round ...
It makes no difference to you, it's a tag.

lordvader
Posts: 46
Joined: Mon Feb 20, 2006 7:23 pm

Re: Messages are being flagged as [...]

Post by lordvader » Tue Dec 10, 2013 2:37 pm

Since it makes no difference to me, I would like to help you out with this trail.

How would a test subject go about reporting incorrect tags ?

nerdag
Posts: 5
Joined: Sat Apr 10, 2004 1:36 pm

Re: Messages are being flagged as [...]

Post by nerdag » Tue Dec 10, 2013 10:45 pm

James wrote:I"m sorry for the inconvenience of tags, but I honestly dont' see what the fuss is all about.
I for one rely on email subject lines remaining intact so that they can be tracked in my respective email clients and follow a set number of rules/filters that I have set up in my preferred email client.

The inability to change the subject lines or opt out of this unannounced trial is causing havoc to my email workflow. The lack of consistency, predictability and reliability of the filter makes it impossible to change my filters.

I would appreciate a resolution (or even an announcement of an expected resolution time) ASAP.

n

lordvader
Posts: 46
Joined: Mon Feb 20, 2006 7:23 pm

Re: Messages are being flagged as [...]

Post by lordvader » Thu Dec 12, 2013 11:21 am

So, um ...

Has the trial ended, or have I just been taken off the list ?

lordvader
Posts: 46
Joined: Mon Feb 20, 2006 7:23 pm

Re: Messages are being flagged as [...]

Post by lordvader » Fri Dec 13, 2013 10:58 am

Spoke too soon ...
Still getting some [SUSPECTED SPAM] ...

lordvader
Posts: 46
Joined: Mon Feb 20, 2006 7:23 pm

Re: Messages are being flagged as [...]

Post by lordvader » Tue Dec 17, 2013 9:51 am

Still getting suspected spam ...

What's the process for reporting errors in the system ?

Dazzled
Volunteer Site Admin
Posts: 6008
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Messages are being flagged as [...]

Post by Dazzled » Tue Dec 17, 2013 10:13 am

Here will do. Exetel does read the forum.

I looked at my own trap this morning. Of the last 50 items of garbage only four were flagged as [MARKETING]. True, but not all that efficient. My own filters are apparently better trained. I haven't asked how long this will continue, it doesn't bother me as mentioned before, but in the meanwhile, why don't those who dislike them remove these tags by changing rules or inserting a proxy?

Gidget
Volunteer Site Admin
Posts: 1819
Joined: Wed Jan 28, 2004 4:33 am
Location: Sydney

Re: Messages are being flagged as [...]

Post by Gidget » Tue Dec 17, 2013 5:09 pm

I just received an email to one of my Exetel email accounts from a sender's name "Enlarge with Promo" with the subject of "Progress from love guru to sex magnet" entreating me to "Give her the best of you" and containing a very helpful link inside for me to click on.

In my book, that message should have set off bells in any spam filter - but it didn't, no tag at all was pre-pended to the subject line. There is as yet no way (apart from posting here) for me to report that a spam (or worse) email slipped through the filter.

Yesterday, my regular afternoon email "ABC NewsMail - Afternoon Edition" got tagged as [SUSPECTED SPAM]. This afternoon, the email arrived untagged. The sender address and email format were obviously the same each time, only the content differed. Again, there is no way for this false spam positive to be reported.

As I've said before, if the customers on the receiving end of the filter cannot improve its efficiency by reporting false negatives and false positives, how will Exetel be able to evaluate the effectiveness of the trial? I know Exetel staff can review their own emails, but it is a pity that the trial evaluators are not seeking to benefit from input from your large customer base as well.

Could we also please get two questions answered:
1) Will a facility be put in place for customer input. If so, when?
2) When will the trial end?

Thanks
Log a fault ticket here
or call Exetel VOIP numbers (02) 8030 1000 or 1300 788 141 (log faults 24x7)
Exetel Support Portal

glend
Exetel Staff
Posts: 30
Joined: Thu Oct 11, 2012 5:22 pm
Location: Exetel Sydney

Re: Messages are being flagged as [...]

Post by glend » Tue Dec 17, 2013 5:09 pm

The Spam and Anti-Virus technical trial is now complete. Thank you for your patience. If you would like to subscribe to this service, please do so in your Exetel Members Facilty.

Gidget
Volunteer Site Admin
Posts: 1819
Joined: Wed Jan 28, 2004 4:33 am
Location: Sydney

Re: Messages are being flagged as [...]

Post by Gidget » Tue Dec 17, 2013 5:19 pm

Well, it appears that my previous post and that from glend crossed, so my second question has already been answered :-).

Some questions remain ... I just checked my User Facilities and I see no difference in the spam filter from the setup (or cost) for the original IronPort filtering service. Is there a difference? Can we report false positives and false negatives?
Log a fault ticket here
or call Exetel VOIP numbers (02) 8030 1000 or 1300 788 141 (log faults 24x7)
Exetel Support Portal

mayday175
Posts: 23
Joined: Thu May 14, 2009 4:14 pm
Location: Bunyip

Re: Messages are being flagged as [...]

Post by mayday175 » Tue Dec 24, 2013 12:38 pm

Gidget wrote:I just received an email to one of my Exetel email accounts from a sender's name "Enlarge with Promo" with the subject of "Progress from love guru to sex magnet" entreating me to "Give her the best of you" and containing a very helpful link inside for me to click on.
I have received several such emails (and similar variations) over the last few weeks too. NONE of them were "tagged"; they were all delivered to my inbox completely untouched. This does not bode well for the quality of this email filter.

Looking at the headers for some of these spam emails, they have been sent from IP addresses like :
186.101.149.71 = host-186-101-149-71.uio.netlife.ec = Ecuador
91.151.58.57 = 57.58.151.91.in-addr.arpa = France
And many more IPs that do not have a reverse DNS name (I looked up a few and their source country varied from China to Korea to Russia). These are probably consumer/home user type addresses which should not be sending email directly (I assume these are just home computers that have been infected by a bot and are spewing spam as instructed by the bot owner). Any reputable email filter should be doing a reverse DNS lookup on all SMTP connections and dropping any which to not have a matching MX and/or SPF record. Doing this before accepting any SMTP data saves bandwidth (ie. the connection is rejected before receiving the email itself) and saves CPU cycles because the email's body text does not need to be examined. Again, this does not bode well for the success of this email filter if it is not performing this type of filtering.

I suspect this filter "trial" is not using an Ironport; in my experience (as an IT Administrator), using Ironports with Cisco's SenderBase reputation service is an extremely reliable method of filtering spam. So reliable, in fact, that most email which gets fully scanned ends up being clean because most of the spam gets blocked before it's even received.

If this was intended to be a trial of a service that I could eventually opt-in to, I would not opt-in because:
1 - it incorrectly tagged some my normal newsletters, eBay emails, and others as [SUSPECTED SPAM].
2 - it dot NOT tag a single spam email.

I don't know why the existing Ironport service is not applied to everyone by default. I believe we should opt-in (pay for) advanced anti-spam/anti-virus filtering, but the basic reputation filter (or similar) should be applied to everyone by default. Surely this would save a bandwidth (by rejecting SMTP senders with poor reputation) and save disk space on Exetel's mail servers... both of which would save Exetel money. Ok, maybe it wouldn't save a lot of money, but any savings are good in a competitive commercial world.

That's my 2 cents worth...

Dazzled
Volunteer Site Admin
Posts: 6008
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Messages are being flagged as [...]

Post by Dazzled » Tue Dec 24, 2013 7:04 pm

Mayday175, re SMTP, you almost certainly received email sent by infected home machines, but Exetel's SMTP server allows a connection only from a customer's IP address. That is the authentication. If you use telnet to do some old-fashioned emailing you'll see the pretty conventional server in action. dig your own IP for MX info.

My own home machines are set up for email notifications, by themselves unattended, in standard Linux fashion, so we can't assume home machines shouldn't email unless someone's at the keyboard. It sounds extreme to some, but my tuppence worth is that as long as we have Windows releases backward compatible with earlier versions, we will have mass infections and the consequent spamming.

If the filter didn't spot your "enhancement" mail, I agree, it needs to be returned to Kindergarten.

Post Reply