Contact Microsoft

[dra007]

Any general links to websites would be helpful. I could do the reseach on my own, but as you stated I have no idea what type of OS they use for our imap server, could be unix, but that is just a huntch.. What I need is some general information on the concepts of blocking the IPs rather than the domain name which is invariably spoofed in the header. To such an extent that a lot of problematic e-mail I get spoofs my own domain name and only IP analysis shows its true origin. They (the helpdesk) seem to think no such method exists.

[Wazoo]

Not a (or the) total solution, but ... http://ordb.org/faq/#usage ... a fairly huge list of mail-server applications with instructions for setting up checks with a list, looking for a certain result ... more than enough evidence one would think to demonstrate that there is the capability .... but, yes, the OS and application in use is the first issue, then we get to the knowledge of the folks involved.

[dra007]

Thanks again Wazoo,

I send them the information:

Dear helpdesk,

In your reply you state <<unfortunately, there are not any filters that work on the

headers of the email (that could filter an IP address, rather that trying

to guess whether the email address is fake or real)>>, however as this link suggests (http://ordb.org/faq/#usage), there are countless ways to block e-mail based on the IP of the spam, or virus containing e-mail, and in fact this is becoming the preferred way to filter this nuisance. It is done by <<rejecting the message during the initial SMTP transaction>> so users like myself and other university users would not have to sieve through or deal with such e-mail on the postini web-page or elsewhere. Most of these blocks are continuously updated and result in few or no false negatives and loss of real mail but would considerably ease the traffic of unwanted e-mail on the university server. If you so desire I could provide you with more references regarding this issue but I would need to know what type of operating system our university imap server is using.

Thank you again

Hope this will have the desired results.

[StevenUnderwood]

dra007,

I had forgotten you are using the postini system. In that case, all messages are received by postini, scanned for you using their methods of determining spam and/or viruses, and the "clean" stuff is passed on. The junk is held to be deleted. The only server that contacts your university servers is the postini one, so dnsbl's will not work in this case. If they were receiving email directly to their servers from the internet, then dnsbl's could work.

I use postini at work because the upper brass did not want to bounce messages back to potential customers. They make it the responsibiliy of the company users to sift through the held messages looking for mistakes. "Do not lose any messages" was their decision.

[dra007]

You are right on that one Steven. In my case spammers and virus attacks occasionaly spoof dot gov and my own domain to make it past postini. And yes, postini retains some wanted mail even after repeated selection as legit mail, so every system has its falacies.

What annoys me is the countinued stubborness of that help desk not to accept that there are ways to block repeated offenders (who send me 5-10 viruses a day every day) based on their IP. I don't care if it is mostly retained in the postini folder, that is good, but since such abusers continue the abuse despite repeated contacts and exchanges with their admins I am concerned that a fraction of those will make it past all my defences. This is not an empty paranoia, I had my computer hard disk demaged beyond repair just a few weeks ago by such an attack.

[StevenUnderwood]

occasionaly spoof dot gov and my own domain to make it past postini

The fact that the from address is forged would only come into play IF you (or your admins) have whitelisted these addresses or domains. Have you checked the postini headers to see if there is a X-pstn-addresses: line?

And yes, postini retains some wanted mail even after repeated selection as legit mail, so every system has its falacies.

Have you listed the specific email addresses or just the domains. Are the email addresses exactly the same? I use both approvals and blocks and have not had one error in about 14 months of use.

What annoys me is the countinued stubborness of that help desk not to accept that there are ways to block repeated offenders (who send me 5-10 viruses a day every day) based on their IP.

Logged into the Postini System Administration account

Email Server Config, Inbound Servers, Connection Manager, Manual IP Blocking

This will block the IP for all email associated with that Email server for a self-defined length of time. I don't know what the maximum is. I usually use 30 days.

This is not an empty paranoia, I had my computer hard disk demaged beyond repair just a few weeks ago by such an attack.

I'm not aware of any recent viruses that destroy hard disks. And if someone can reach your machine from the internet, you need to increase your security, probably with a firewall, preferably hardware separate from your computer. These things have been mentioned to you previously.

[dra007]

Thank you Steven, I think I have taken all the precautions necessary and beyond, as in the saying <<once you get your tongue burnt, you blow even in the cold yogurt>> (does that make sense??)...

As for getting settings on postini I have checked and re-checked, even went to the pstini site (which asked me for an adminitrator log on, one I obviously do not have), I can only whitelist domain names (as in microsoft.com)...or

Blocked Senders

To block email from an entire domain,

enter addresses in the form "domain.com".

If a message has been quarantined,

there is no need to add the spammers

address or domain.

block domain names...no more, no less! Once again it goes back to that <<domain>> being spoofed and that action accomplishing next to nothing! Funny thing is that the <<postini web site>> adds one more statement to the one quoted above:

Adding spammers to this list can be

ineffective - spammers continually

change their address.

[Miss Betsy]

I think what Stephen meant was to tell your IT Dept that there is an administrator setting that allows them to block IP addresses and to please block the IP address where all the viruses come from.

The reason they may not want to do that is that there may be someone at the University who corresponds with someone at the IP address. You may have to go to someone who can make policy. Your argument would be that a complaint from someone who /wants/ to correspond with someone on that IP address and a complaint from the legitimate person on that IP address might carry more weight with the IP administrator than your complaints have. You will need some clear evidence that you are still receiving viruses from them.

Miss Betsy

[dra007]

Yes Mz B, you are correct! I have conveyed the follow up by PM to Mr S.

[dra007]

Well Steven, for all it's worth your suggestions have not had the desired results:

Re: Block IP address via Postini...

We do not have the ability to block IP addresses for your email account.

I guess I have to get used to the idea that I am dealing with a bunch of idiots.

[dbiel]

Well Steven, for all it's worth your suggestions have not had the desired results:

I guess I have to get used to the idea that I am dealing with a bunch of idiots.

17282[/snapback]

Take note of the wording "for your account" It can be can done system wide, but the challange is to get that approved.

[turetzsr]

...Here's the reply I received from Microsoft on 14 Sep 8:10 PDT:

Hello and thank you for writing to Microsoft.com and for sharing your  feedback on the Handling unwanted e-mail (spam) Website.

We are working diligently in improving its performance. Feedback such as this is essential to the process. We have forwarded your mail to the appropriate Microsoft group for review and response.

By sending us this report, you are helping us maintain a standard of excellence our customers expect from Microsoft.

If you have additional suggestions or comments, please send us another e-mail.

Like maple syrup -- sweet and thick but no real nutritive value. <g>

[dra007]

Like maple syrup -- sweet and thick but no real nutritive value.  <g>

No, but it sure can make a good fly attractant on those old fashion paper bands (figuratively speaking)!

[dra007]

Take note of the wording "for your account"  It can be can done system wide, but the challange is to get that approved.

17284[/snapback]

Indeed, and I sure gave them a lot more information than posted here. And ironically they have no reason not to block them, they come from a bannana republic phone company and the like, that no one here would exchange e-mail with.

[dbiel]

And here is my reply from Microsoft to my not so very kind email

Hello and thank you for contacting Microsoft.com.

We appreciate your time in providing us your feedback about the article found on the site http://www.microsoft.com/athome/security/spam/options.mspx . The website owners will take this under advisement as they revise the content.

By sending us this report, you are helping us maintain a standard of excellence our customers expect from Microsoft.

Feel free to contact us again if you have further questions or concerns.

Sincerely,

Glenn

Microsoft.com Customer Support

They must be a bit behind as it took several days to get the reply.

By the way, did any of you also not that the link provided to send reports to hotmail is worthless (at least they spelled it right)

So not only do the provide bad advise they can't even write a link that works.

[turetzsr]

...And another reply:

Hello and thank you for writing to Microsoft.com Customer Support.

We would like to let you know that we are revising our spam advice now, and will take this under consideration.

Thanks again for taking the time to submit your feedback.

Should you require other assistance, please feel free to write back.

Sincerely,

Cherlene

Microsoft.com Customer Support

...Guess we'll have to go have another look at that original link some time soon! <g

[dbiel]

Unbelievable, they actually deleted the offensive section.

I guess if enough people complain they will actually do something.

[louisd]

I'm frankly stunned that it happened so quickly. I guess with MS putting the full push on spammers through lawsuits and the such, they didn't want to be seen as complete morons in telling people how to handle spam.

--Louis

[dra007]

Unbelievable, they actually deleted the offensive section.

I guess if enough people complain they will actually do something.

17678[/snapback]

Great news, I actually sent them a few spam samples after the first attempt to change their mind, and asked them if they want to become famous for supporting spammers. Glad to see our contribution, however small, made a difference!!

[StevenUnderwood]

dra007: That was a great tactic...Wish I had thought of it.