What to do about misconfigured email servers from other orgs

momurda

Occasionally a user forwards me an email that looks 'fishy'. This email usually consists of a word doc that asks the user to click 'enable editing' or some bs like that. Obviously I just blacklist the domain right?

Well in some of these cases the orgs that are sending these spurious emails are potential customers for us, like state wide, country wide, international service providers, they just have something wrong in their dns records or email sever setup. So I just don't want to BL them.
Today I went to one of these websites and clicked on Contact Us, sent an email explaining what was wrong with their setup.
In this case their spf record is missing a space between the last server address and -all, effectively making their spf record do nothing, even though mxtoolbox doesn't show invalid syntax errors or anything.
Ive done this a few times over the years.

Do any of you do similar things?

Reid Cooper

Can't say that I have ever done that. Not a bad idea.

BRRABill

I find with most of the larger companies it falls on deaf ears.

Dashrender

You clearly found a mistake that allows the SPF to have little to no use, but how often do you really find that the potential client's setup is what caused the email, and that the address isn't just spoofed?

momurda

@Dashrender
Ah yes, in this case the invalid spf has allowed their email to be spoofed. If their spf was valid, this email wouldnt have been sent unless the account that sent is real, in which case it has been compromised. I suppose it doesn't happen that often. But sometimes large orgs don't even have spf, which makes stopping spoofed emails from them difficult.

JaredBusch

Why are you blocking domains int he first place. This is what spam filter systems are designed to do for you.

momurda

I have spam filters. These messages go through with a spam score of 0, and get delivered.

JaredBusch

@momurda said in What to do about misconfigured email servers from other orgs:

I have spam filters. These messages go through with a spam score of 0, and get delivered.

Buy a new service then because the one you have is obviously not working.

Spending any time at all manually adding domains to a blacklist is just crazy.

IRJ

@JaredBusch said in What to do about misconfigured email servers from other orgs:

@momurda said in What to do about misconfigured email servers from other orgs:

I have spam filters. These messages go through with a spam score of 0, and get delivered.

Buy a new service then because the one you have is obviously not working.

Spending any time at all manually adding domains to a blacklist is just crazy.

I agree

Dashrender

Unfortunately Spam filters aren't perfect. I had one user who was being spammed daily with political ads, nothing we did could stop them, the filters were worthless.

JaredBusch

@Dashrender said in What to do about misconfigured email servers from other orgs:

Unfortunately Spam filters aren't perfect. I had one user who was being spammed daily with political ads, nothing we did could stop them, the filters were worthless.

Users subscribing to things is not spam. That is stupid user tricks.

travisdh1

@Dashrender said in What to do about misconfigured email servers from other orgs:

Unfortunately Spam filters aren't perfect. I had one user who was being spammed daily with political ads, nothing we did could stop them, the filters were worthless.

They've been finding volunteers to send their spam emails. Each person will only send a very few out, which is one way they're breaking through the spam filters. Even my gmail account gets them, and that's the best filtering I've been able to find for the price.

scottalanmiller

@travisdh1 said in What to do about misconfigured email servers from other orgs:

@Dashrender said in What to do about misconfigured email servers from other orgs:

Unfortunately Spam filters aren't perfect. I had one user who was being spammed daily with political ads, nothing we did could stop them, the filters were worthless.

They've been finding volunteers to send their spam emails. Each person will only send a very few out, which is one way they're breaking through the spam filters. Even my gmail account gets them, and that's the best filtering I've been able to find for the price.

Which actually makes it not SPAM, SPAM is a term for UBE. The B is bulk. If it stops being bulk, it stops being actual SPAM.

Dashrender

@JaredBusch said in What to do about misconfigured email servers from other orgs:

@Dashrender said in What to do about misconfigured email servers from other orgs:

Unfortunately Spam filters aren't perfect. I had one user who was being spammed daily with political ads, nothing we did could stop them, the filters were worthless.

Users subscribing to things is not spam. That is stupid user tricks.

A subscription that comes from a different email address every time? Not likely. And even if it was, that's spam behavior on the part of the sender at which point I consider them a bad actor.

scottalanmiller

@Dashrender said in What to do about misconfigured email servers from other orgs:

@JaredBusch said in What to do about misconfigured email servers from other orgs:

@Dashrender said in What to do about misconfigured email servers from other orgs:

Unfortunately Spam filters aren't perfect. I had one user who was being spammed daily with political ads, nothing we did could stop them, the filters were worthless.

Users subscribing to things is not spam. That is stupid user tricks.

A subscription that comes from a different email address every time? Not likely. And even if it was, that's spam behavior on the part of the sender at which point I consider them a bad actor.

I know one of the big media spam shops in NYC has just thousands of accounts and domains. Block a domain, they always have another.

Dashrender

@scottalanmiller said in What to do about misconfigured email servers from other orgs:

@Dashrender said in What to do about misconfigured email servers from other orgs:

@JaredBusch said in What to do about misconfigured email servers from other orgs:

@Dashrender said in What to do about misconfigured email servers from other orgs:

Unfortunately Spam filters aren't perfect. I had one user who was being spammed daily with political ads, nothing we did could stop them, the filters were worthless.

Users subscribing to things is not spam. That is stupid user tricks.

A subscription that comes from a different email address every time? Not likely. And even if it was, that's spam behavior on the part of the sender at which point I consider them a bad actor.

I know one of the big media spam shops in NYC has just thousands of accounts and domains. Block a domain, they always have another.

exactly - this was the problem this user had. It felt more like what Travis was mentioning - not specifically directed at her, but small enough batches that the filters don't get triggered. It was a bunch of political crap she didn't care about.

momurda

I spend about 5 minutes a week adding a few domains to a blacklist. Not a big deal. My spam service is just fine, I'm talking about a few emails a week getting through. I would like to get it to 0 though I doubt that is possible. Gmail seems to be the best at spam blockage, wonder what they are doing.

This email address has existed since the mid 90's(company around since 1984) honestly every single spammer in the world probably has it. [email protected]. The fact that less than 10 spam messages/week get through mean the filters work well I think.

The big spam shops(NYC mostly as SAM says, if you believe their addresses in the sig) do send out emails with slightly different email address domains, all the time.
Had one that was always getting through, baddomain.com, I blacklisted it, two weeks later it was bad-domain.com