CNN Spam
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
CNN Spam - 11.Aug.2008 6:49:08 AM
|
|
|
protechonline
Posts: 1
Joined: 11.Aug.2008
Status: offline
|
Hi
We are currently experiencing a high volume of the ‘CNN’ spam which is passing through our GFI Exchange email filter. Is there anything we can do to address this problem?
Kind regards
Sue
|
|
|
|
|
RE: CNN Spam - 11.Aug.2008 11:20:54 AM
|
|
|
wjhaase
Posts: 21
Joined: 11.Aug.2008
Status: offline
|
I have the same problem. It started about a week ago.
-Wyatt
|
|
|
|
|
RE: CNN Spam - 11.Aug.2008 11:26:05 AM
|
|
|
jeffbyvelds
Posts: 8
Joined: 21.Jan.2008
Status: offline
|
Hi, If you are using Mail Security, you can set up a content checking rule. I used the subject area and entered the phrase CNN Alerts and now this are being quarantined.
|
|
|
|
|
RE: CNN Spam - 11.Aug.2008 11:30:27 AM
|
|
|
wjhaase
Posts: 21
Joined: 11.Aug.2008
Status: offline
|
I am just using MailEssentials. Several users have dragged a very large number of CNN emails to the "This is spam email" public folder. Why wouldn't this cause the CNN email to be recognized as spam?
|
|
|
|
|
RE: CNN Spam - 11.Aug.2008 11:58:42 AM
|
|
|
jpod1976
Posts: 6
Joined: 8.Sep.2004
Status: offline
|
I am getting this also, i have tried keyword checking, public folder "this is spam", etc... Why can't i stop this and the Internet Explorer 7 upgrade spam. same thing and like others have said, my boss is getting furious.
|
|
|
|
|
RE: CNN Spam - 11.Aug.2008 3:32:02 PM
|
|
|
Ytsejamer1
Posts: 69
Joined: 7.Mar.2006
Status: offline
|
Just a thought here... i don't know what each of your organization's setups are like in terms of mail servers and antispam products you have available to you (GFI ME alone, ME and Mail Security, etc)... I've been seeing a lot... "MY BOSS IS FURIOUS AND WILL SWITCH!!!" messages on here. I don't doubt that you're taking lots of flak from higher ups, but these IE7, CNN.COM, and other emails can be blocked easily in multiple ways, just by tweaking your GFI configuration.
If you've got Mail Security, set up a content checker and delete the email even before it hits the antispam modules which may or may not forward to a particular junk mail folder in user's mailbox or in a general spam collecting mailbox. Also...can you move your antispam modules around in a different order? I've seen that email/domain whitelists either too high in the module order or allowing entire domains of email in, or worse - both can cause this issue. Of course moving them around arbitarily may be dangerous and cause normal emails to be picked up...but if your set up allows you for some flexability here, use it. My module order is different based on what we receive from contacts than yours is. I may not have it set up the right way either, but there are PLENTY of options between both products to block what you need to. Spammers are changing...it's up to us to keep up with this cat and mouse game.
I'm far from any expert on this, but hopefully we can all help each other out if we have the information we need about your configs, not threats about your bosses being upset and switching antispam vendors.
All that said, and no offense to GFI here, but I kind of wish I could buy Google's gmail spam filter!! :)
|
|
|
|
|
RE: CNN Spam - 11.Aug.2008 5:30:15 PM
|
|
|
wjhaase
Posts: 21
Joined: 11.Aug.2008
Status: offline
|
Thanks for your help; however, I pay for updates so that my filter doesn't need constant manual tweaking. The default order of the modules should be the optimal order. There is clearly something new about this CNN spam that tricks the GFI filter.
I share your sentiment regarding the Google filter.
|
|
|
|
|
RE: CNN Spam - 12.Aug.2008 8:10:26 AM
|
|
|
yokleyb
Posts: 8
Joined: 7.Oct.2003
Status: offline
|
I'm not certain about anyone else, but ME's blocking the CNN emails on this end but tons of the IE7 ones were getting through.
After a check of the whitelist, I deleted *@microsoft.com and it seems to have taken care of those.
Perhaps you've got the CNN ones whitelisted somehow?
|
|
|
|
|
RE: CNN Spam - 12.Aug.2008 8:37:48 AM
|
|
|
rotorblade
Posts: 18
Joined: 7.May2008
Status: offline
|
I would agree with this is a new technique that spammers are using to bypass some of the filters. I have my keyword and blacklist filters at the top that are configured to delete, and the e-mail's are blowing right past. The same goes for the Internet Explorer 7 crap as well. The only filters that are working are SPF and Headerchecking. GFI, What's up?
Dave
|
|
|
|
|
RE: CNN Spam - 12.Aug.2008 10:23:53 AM
|
|
|
rotorblade
Posts: 18
Joined: 7.May2008
Status: offline
|
The information below is from my Antispam8.log (Keyword filter) and is referencing the on off the many thousands CNN alert e-mails that I receive daily. I have the subject and text content listed in my keyword filter but as you can see, it does not even find it.
Do I need to open a case or is GFI aware of this and working on a solution?
Dave
2008-08-12,08:46:56,290,3,"#000000f8","#000002c4","info ","keywordchecking","Message ID: <MAIL2mdmiAwUI9NC10j0001873d@removeddomain.com"
2008-08-12,08:46:56,290,3,"#000000f8","#000002c4","info ","keywordchecking","---------------------------------------------------------"
2008-08-12,08:46:56,290,3,"#000000f8","#000002c4","info ","keywordchecking","ProcessMessage (0xEC54210)"
2008-08-12,08:46:56,290,3,"#000000f8","#000002c4","info ","keywordchecking","Scanning new Message"
2008-08-12,08:46:56,290,3,"#000000f8","#000002c4","info ","keywordchecking","START Subject Scan"
2008-08-12,08:46:56,306,3,"#000000f8","#000002c4","info ","keywordchecking","END Subject Scan"
2008-08-12,08:46:56,306,3,"#000000f8","#000002c4","info ","keywordchecking","No TextBodyPart 0x800CCE05"
2008-08-12,08:46:56,306,3,"#000000f8","#000002c4","info ","keywordchecking","Scanning HTML body stream"
2008-08-12,08:46:56,306,3,"#000000f8","#000002c4","info ","keywordchecking","Reading text"
2008-08-12,08:46:56,306,3,"#000000f8","#000002c4","info ","keywordchecking","Text Read"
2008-08-12,08:46:56,306,3,"#000000f8","#000002c4","info ","keywordchecking","Body size: 6202"
2008-08-12,08:46:56,306,3,"#000000f8","#000002c4","info ","keywordchecking","START Body Scan"
2008-08-12,08:46:56,321,3,"#000000f8","#000002c4","info ","keywordchecking","END Body Scan"
2008-08-12,08:46:56,321,3,"#000000f8","#000002c4","info ","keywordchecking","MESSAGE IS CLEAN"
2008-08-12,08:46:56,321,3,"#000000f8","#000002c4","info ","keywordchecking","UnInitMessage (0xEC54210)"
2008-08-12,08:47:02,775,3,"#000000f8","#00000eec","info ","keywordchecking","InitMessage (0xEC54210)"
2008-08-12,08:47:02,775,3,"#000000f8","#00000eec","info ","keywordchecking","---------------------------------------------------------"
2008-08-12,08:47:02,775,3,"#000000f8","#00000eec","info ","keywordchecking","Message ID: <000801c8fc79$03c5625d$043824be@aveqmmbf>"
2008-08-12,08:47:02,775,3,"#000000f8","#00000eec","info ","keywordchecking","---------------------------------------------------------"
2008-08-12,08:47:02,775,3,"#000000f8","#00000eec"
|
|
|
|
|
RE: CNN Spam - 12.Aug.2008 2:33:43 PM
|
|
|
Rmumpower
Posts: 13
Joined: 23.Jul.2008
Status: offline
|
Our Company has not had ONE CNN alert get through the Filters and the fix we did was added zen.spamhaus.org to the DNS Blacklist.
Every CNN alert I've seen caught in our spamtrap has the reason of "found on zen.spamhaus.org"
Hope this helps
|
|
|
|
|
RE: CNN Spam - 12.Aug.2008 3:48:25 PM
|
|
|
Reemster
Posts: 46
Joined: 1.Feb.2007
Status: offline
|
indeed, we receive also a lot of CNN spam, but not one is past our filters..
the main catch is:
1) Local recipient does not exist
2) Sending mail server found on zen.spamhaus.org
3) Sender is forget (SPF Fail)
good luck!
< Message edited by Reemster -- 12.Aug.2008 3:49:27 PM >
|
|
|
|
|
RE: CNN Spam - 12.Aug.2008 3:50:49 PM
|
|
|
wjhaase
Posts: 21
Joined: 11.Aug.2008
Status: offline
|
Thanks for the tips. I added zen.spamhaus.org to my DNS blacklist. I have my SPF set to medium. Should it be higher?
|
|
|
|
|
RE: CNN Spam - 12.Aug.2008 5:06:30 PM
|
|
|
John Letourneau
Posts: 1124
Joined: 28.Apr.2008
From: Clayton, NC
Status: offline
|
wjhaase,
I would not suggest making SPF any higher than medium. Can someone post some headers of this spam so I can take a look at how they are being delivered? I have seen a few instances of this but would like to see what is being delivered to users here as well.
_____________________________
Regards,
John Letourneau - Senior Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
|
RE: CNN Spam - 12.Aug.2008 5:23:49 PM
|
|
|
wjhaase
Posts: 21
Joined: 11.Aug.2008
Status: offline
|
This one was caught by the filter. I'll send you the next one that is not filtered.
Microsoft Mail Internet Headers Version 2.0
Received: from 72-56-121-27.area2.spcsdns.net ([72.56.121.27]) by <removed> with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 12 Aug 2008 16:11:13 -0500
From: CNN Alerts <input1971@billmatrix.com>
Reply-To: input1971@billmatrix.com
To: <removed>
Subject: CNN Alerts: Breaking news
MIME-version: 1.0
Content-Type: TEXT/HTML; charset=US-ASCII
Return-Path: input1971@billmatrix.com
Message-ID: <removed>
X-OriginalArrivalTime: 12 Aug 2008 21:11:14.0149 (UTC) FILETIME=[F3EE4150:01C8FCBF]
Date: 12 Aug 2008 16:11:14 -0500
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
