Hotmail spam filtering
Dear all, Recently we are getting increasing issues with hotmail email services.hotmail spam filtering is too much sensitive so that it filters many valid email.Despite of having SPF,PTR and dkim of a smtp server it's sending mail to hotmail in junk folder.You can share your experience to get rid off the problem. Thanks Suman BdCERT
Suman From our experience they seem to block most mail from “new” mail servers until they “trust” them. They used to have a reasonably good feedback loop that you could access which helped. No idea if they still run it, but maybe somebody else knows? Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 On 29/09/2015 21:08, "anti-abuse-wg on behalf of Suman" <anti-abuse-wg-bounces@ripe.net on behalf of suman@bdcert.org> wrote:
Dear all, Recently we are getting increasing issues with hotmail email services.hotmail spam filtering is too much sensitive so that it filters many valid email.Despite of having SPF,PTR and dkim of a smtp server it's sending mail to hotmail in junk folder.You can share your experience to get rid off the problem.
Thanks Suman BdCERT
* Suman <suman@bdcert.org> [2015-09-29 22:12]:
Dear all, Recently we are getting increasing issues with hotmail email services.hotmail spam filtering is too much sensitive so that it filters many valid email.Despite of having SPF,PTR and dkim of a smtp server it's sending mail to hotmail in junk folder.You can share your experience to get rid off the problem.
Yes, I was hit by that as well - out of the blue. I used the "Smart Network Data Service" to fix this: https://postmaster.live.com/snds/ I don't know where I got that link, I was digging trough outlook.com postmaster documentation for a while. You can claim ownership of your MX IPs there and after that request removal from the blocklist. In my case I was informed 30 minutes later that: "Our investigation has concluded that the IP address(es) are qualified for a probational deblocking." (Paraphrased from German) Since then mail delivery to hotmail/outlook/live.com accounts is working just fine. Still a hassle though. Regards Sebastian -- GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant
Dear ALL, In our community mostly using mailscanner or amavis with postfix/exim as anti spam email gateway.But its perfection is not satisfactory now-a-days.Can you share which open source anti spam application works well. Thanks Suman bdCERT
Spamassassin together with free and/or cheap depending on usage pattern block lists such as Spamhaus and SURBL Mailscanner plus amavis does a sort of OK job on antivirus but that's a different ball game --srs
On 10-Oct-2015, at 6:14 PM, Suman Kumar Saha <suman@bdcert.org> wrote:
Dear ALL, In our community mostly using mailscanner or amavis with postfix/exim as anti spam email gateway.But its perfection is not satisfactory now-a-days.Can you share which open source anti spam application works well.
Thanks Suman bdCERT
RBL and even PTR record check doesn’t work well.Now spammer also use clean IP and with PTR.Mailscanner/amavis with clamav can’t protect spammers very well. Thanks Suman
On Oct 10, 2015, at 6:59 PM, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
Spamassassin together with free and/or cheap depending on usage pattern block lists such as Spamhaus and SURBL
Mailscanner plus amavis does a sort of OK job on antivirus but that's a different ball game
--srs
On 10-Oct-2015, at 6:14 PM, Suman Kumar Saha <suman@bdcert.org> wrote:
Dear ALL, In our community mostly using mailscanner or amavis with postfix/exim as anti spam email gateway.But its perfection is not satisfactory now-a-days.Can you share which open source anti spam application works well.
Thanks Suman bdCERT
ip block lists are a first and still quite useful line of defense. Spam assassin is a series of score based content filters that supplement Spamhaus and such. SURBL is a URL block list. Beyond a point however filtering has grown enormously complex (and add issues such as dmarc and other authentication) so your constituents might be better off outsourcing their mail hosting to one of several large players in this field (none that are local to Asia / saarc though) --srs
On 10-Oct-2015, at 6:34 PM, Suman Kumar Saha <suman@bdcert.org> wrote:
RBL and even PTR record check doesn’t work well.Now spammer also use clean IP and with PTR.Mailscanner/amavis with clamav can’t protect spammers very well.
Thanks Suman
On Oct 10, 2015, at 6:59 PM, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
Spamassassin together with free and/or cheap depending on usage pattern block lists such as Spamhaus and SURBL
Mailscanner plus amavis does a sort of OK job on antivirus but that's a different ball game
--srs
On 10-Oct-2015, at 6:14 PM, Suman Kumar Saha <suman@bdcert.org> wrote:
Dear ALL, In our community mostly using mailscanner or amavis with postfix/exim as anti spam email gateway.But its perfection is not satisfactory now-a-days.Can you share which open source anti spam application works well.
Thanks Suman bdCERT
Now spam sender is more intelligent and they use IP with PTR and most of the cases their IP not been listed in RBLs like the header.We don’t want to let them do business with spam by taking cloud based solution like zero spam/comodo anti spam.Rather we are trying to find a open source solution that works well against spam. Return-Path: <return@ecommerce.eng.br> X-Original-To: technical@dhakacom.com Delivered-To: technical@dhakacom.com Received: from mail.bdneg.com (ns3.dhakacom.com [118.179.223.10]) by mail.dhakacom.com (Postfix) with ESMTP id 24B188003F6 for <technical@dhakacom.com>; Sat, 10 Oct 2015 07:23:42 +0600 (BDT) Received: from spcr-11.ecommerce.eng.br (spcr-11.ecommerce.eng.br [ ]) by mail.bdneg.com (Postfix) with ESMTP id EE713F802BC for <technical@dhakacom.com>; Sat, 10 Oct 2015 07:29:15 +0600 (BDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=ecommerce.eng.br; h=To:Subject:Message-ID:Date:From:Reply-To:MIME-Version:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; i=abuse@ecommerce.eng.br; bh=o93ep8+n7HSq2EnXXlh49f9uThs=; b=Pu7rSAzPy6dlxqPWxYAd5l14JXkykPVOuBPX2FWM3OmDiHyt92N4PYG5k9sJ3tGqrJgdV25kUjBu Hf1TQRCDnPTFDkp+/gymCd7sF/B/SLQyvo0GkLO62WIWqYY2ufqw2dq9dNGiIfACoMt3K0C5Pn7B EM2/02aTMn9feNfu0kc= To: technical@dhakacom.com Subject: =?UTF-8?B?UHJvbW/Dp8OjbyBkZSBQbmV1cyBOb3Zvcw==?= Message-ID: <c00dc236b2712482879b6c1117cdc090@ecommerce.eng.br> Date: Fri, 09 Oct 2015 19:48:51 -0300 From: "tatuape" <nao-responda@ecommerce.eng.br/> Reply-To: nao-responda@ecommerce.eng.br/ MIME-Version: 1.0 X-Mailer-LID: 3,5 List-Unsubscribe: <http://ecommerce.eng.br/unsubscribe.php?M=420221&C=218ae60a7946264a4d590f99bba14b00&L=3&N=102> X-Mailer-RecptId: 420221 X-Mailer-SID: 102 X-Mailer-Sent-By: 6 Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_d3ab14ba7a57d5b09e9e3daefd4680ba" Content-Transfer-Encoding: 8bit X-dhakacom-MailScanner-ID: EE713F802BC.AAF1E X-dhakacom-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details X-dhakacom-MailScanner-SpamScore: sss X-dhakacom-MailScanner-From: return@ecommerce.eng.br X-Spam-Status: No Thanks Suman
On Oct 10, 2015, at 7:11 PM, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
ip block lists are a first and still quite useful line of defense. Spam assassin is a series of score based content filters that supplement Spamhaus and such. SURBL is a URL block list.
Beyond a point however filtering has grown enormously complex (and add issues such as dmarc and other authentication) so your constituents might be better off outsourcing their mail hosting to one of several large players in this field (none that are local to Asia / saarc though)
--srs
On 10-Oct-2015, at 6:34 PM, Suman Kumar Saha <suman@bdcert.org> wrote:
RBL and even PTR record check doesn’t work well.Now spammer also use clean IP and with PTR.Mailscanner/amavis with clamav can’t protect spammers very well.
Thanks Suman
On Oct 10, 2015, at 6:59 PM, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
Spamassassin together with free and/or cheap depending on usage pattern block lists such as Spamhaus and SURBL
Mailscanner plus amavis does a sort of OK job on antivirus but that's a different ball game
--srs
On 10-Oct-2015, at 6:14 PM, Suman Kumar Saha <suman@bdcert.org> wrote:
Dear ALL, In our community mostly using mailscanner or amavis with postfix/exim as anti spam email gateway.But its perfection is not satisfactory now-a-days.Can you share which open source anti spam application works well.
Thanks Suman bdCERT
Part of the work is the software - the rest of it is watching, tweaking, deploying and changing your filters. These aren't like light bulbs that you can turn them on and all your spam disappears magically For that sort of static source Brazilian / other snowshoe spammer Spamhaus sbl / dbl and SURBL should generally be adequate --srs
On 10-Oct-2015, at 7:28 PM, Suman Kumar Saha <suman@bdcert.org> wrote:
Now spam sender is more intelligent and they use IP with PTR and most of the cases their IP not been listed in RBLs like the header.We don’t want to let them do business with spam by taking cloud based solution like zero spam/comodo anti spam.Rather we are trying to find a open source solution that works well against spam.
Return-Path: <return@ecommerce.eng.br> X-Original-To: technical@dhakacom.com Delivered-To: technical@dhakacom.com Received: from mail.bdneg.com (ns3.dhakacom.com [118.179.223.10]) by mail.dhakacom.com (Postfix) with ESMTP id 24B188003F6 for <technical@dhakacom.com>; Sat, 10 Oct 2015 07:23:42 +0600 (BDT) Received: from spcr-11.ecommerce.eng.br (spcr-11.ecommerce.eng.br [ ]) by mail.bdneg.com (Postfix) with ESMTP id EE713F802BC for <technical@dhakacom.com>; Sat, 10 Oct 2015 07:29:15 +0600 (BDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=ecommerce.eng.br; h=To:Subject:Message-ID:Date:From:Reply-To:MIME-Version:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; i=abuse@ecommerce.eng.br; bh=o93ep8+n7HSq2EnXXlh49f9uThs=; b=Pu7rSAzPy6dlxqPWxYAd5l14JXkykPVOuBPX2FWM3OmDiHyt92N4PYG5k9sJ3tGqrJgdV25kUjBu Hf1TQRCDnPTFDkp+/gymCd7sF/B/SLQyvo0GkLO62WIWqYY2ufqw2dq9dNGiIfACoMt3K0C5Pn7B EM2/02aTMn9feNfu0kc= To: technical@dhakacom.com Subject: =?UTF-8?B?UHJvbW/Dp8OjbyBkZSBQbmV1cyBOb3Zvcw==?= Message-ID: <c00dc236b2712482879b6c1117cdc090@ecommerce.eng.br> Date: Fri, 09 Oct 2015 19:48:51 -0300 From: "tatuape" <nao-responda@ecommerce.eng.br/> Reply-To: nao-responda@ecommerce.eng.br/ MIME-Version: 1.0 X-Mailer-LID: 3,5 List-Unsubscribe: <http://ecommerce.eng.br/unsubscribe.php?M=420221&C=218ae60a7946264a4d590f99bba14b00&L=3&N=102> X-Mailer-RecptId: 420221 X-Mailer-SID: 102 X-Mailer-Sent-By: 6 Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_d3ab14ba7a57d5b09e9e3daefd4680ba" Content-Transfer-Encoding: 8bit X-dhakacom-MailScanner-ID: EE713F802BC.AAF1E X-dhakacom-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details X-dhakacom-MailScanner-SpamScore: sss X-dhakacom-MailScanner-From: return@ecommerce.eng.br X-Spam-Status: No
Thanks Suman
On Oct 10, 2015, at 7:11 PM, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
ip block lists are a first and still quite useful line of defense. Spam assassin is a series of score based content filters that supplement Spamhaus and such. SURBL is a URL block list.
Beyond a point however filtering has grown enormously complex (and add issues such as dmarc and other authentication) so your constituents might be better off outsourcing their mail hosting to one of several large players in this field (none that are local to Asia / saarc though)
--srs
On 10-Oct-2015, at 6:34 PM, Suman Kumar Saha <suman@bdcert.org> wrote:
RBL and even PTR record check doesn’t work well.Now spammer also use clean IP and with PTR.Mailscanner/amavis with clamav can’t protect spammers very well.
Thanks Suman
On Oct 10, 2015, at 6:59 PM, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
Spamassassin together with free and/or cheap depending on usage pattern block lists such as Spamhaus and SURBL
Mailscanner plus amavis does a sort of OK job on antivirus but that's a different ball game
--srs
On 10-Oct-2015, at 6:14 PM, Suman Kumar Saha <suman@bdcert.org> wrote:
Dear ALL, In our community mostly using mailscanner or amavis with postfix/exim as anti spam email gateway.But its perfection is not satisfactory now-a-days.Can you share which open source anti spam application works well.
Thanks Suman bdCERT
On Sat, Oct 10, 2015 at 06:41:02PM +0530, Suresh Ramasubramanian wrote:
ip block lists are a first and still quite useful line of defense. Spam assassin is a series of score based content filters that supplement Spamhaus and such. SURBL is a URL block list.
Beyond a point however filtering has grown enormously complex (and add issues such as dmarc and other authentication) so your constituents might be better off outsourcing their mail hosting to one of several large players in this field (none that are local to Asia / saarc though)
One possibility that appears to be overlooked in many places is the usage of domain BLs (such as Spamhaus DBL or SURBL) at the SMTP level (that is, pre-DATA and before the message is transmitted). Three checks can be done: MAIL FROM, HELO and rDNS of the sending IP if available. It maybe tremendously effective with snowshoe spammers, particularly those of the so-called hailstorm variety (each IP used for 5-10 minutes in total, with *tremendous* intensity, stopping exactly when BL data start covering them), presumably because correlations allow BL operators to find spam domains even before they are used, while this is basically impossible for IP addresses. Sadly, with some mail server products these checks are not possible. One of the biggest oversight by MTAs/appliance coders. furio
participants (6)
-
furio ercolessi -
Michele Neylon - Blacknight -
Sebastian Wiesinger -
Suman -
Suman Kumar Saha
-
Suresh Ramasubramanian