SlideShare une entreprise Scribd logo

My E-mail appears as spam | The 7 major reasons | Part 6#17

Eyal Doron
Eyal Doron

My E-mail appears as spam | The 7 major reasons | Part 6#17 http://o365info.com/my-e-mail-appears-as-spam-the-7-major-reasons-part-6-17 Review three major reasons, that could lead to a scenario, in which E-mail that is sent from our organization identified as spam mail: 4. False positive, 5. User Desktop malware, 6. “Problematic” Website Eyal Doron | o365info.com

Technologie
1  sur  15
Télécharger pour lire hors ligne
Page 1 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com MY E-MAIL APPEARS AS SPAM | THE 7 MA JOR REASONS | PART 6#17 The current article is the continuation of the former article (My E- mail appears as spam | The 7 major reasons | Part 5#17) in which we continue to review the major reasons, that could lead to a scenario in which E-mail that is sent from our organization, identified as spam E- mail. In the current article we will review the following causes:  False positive  User Desktop malware  “Problematic” Website 4. False positive
Page 2 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com Regarding the subject of internal outbound spam, the term “false positive”, relate to a scenario in which a legitimate E-mail is recognized by mistake as a spamjunk mail. Q: Is there an option to completely avoid from a scenario of “false positive”? A: Sadly, the answer is no. There are different “elements”, which can identify our organization E-mail by mistake as a spamjunk mail. For example, your E-mail message could be mistakenly classified as spamjunk mail by a blacklist provider who recognizes aspects in your E-mail message that “look like” charters of spamjunk mail (no system is perfect). Another example could be: destination recipient looks at your E-mail message, and it seemed to him like a spamjunk mail. For this reason, he decides to report the specific E-mail message as spamjunk mail.
Page 3 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com In the following diagram, we can see that there could be “additional element” that could “decide” to identify a specific E-mail as spamjunk mail such as – the user mail application or the security application that is installed on the user desktop. How to avoid? There is no real method for “avoiding” this scenario. In case that legitimate E-mail that was sent by organization users is classified as spamjunk E-mail by a specific blacklist, all we can do is to address the specific blacklist owner and ask to be removed from the blacklist. Another best practice could be: implement a procedure, in which we check the “spam score” of commercial E-mail, before we send the specific E-mail message to the large group of recipients.
Page 4 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com You can read more information about the option of testing your spam score in the article: My E-mail appears as spam | The 7 major reasons | Part 5#17 5. User Desktop malware In case that the user desktop is infected with Malware (virus, spyware, etc.) the result can be a “stranger phenomenon” such as: mail that disappears, spam mail that sends from our organization recipient without his knowledge and so on. One of the major charters of such a scenario (a scenario in which the user desktop is infected by Malware) is that the organization user is not aware that spam E-mail is sent by his name to other recipients. The “point” in which we become aware of this issue, is only if the destination mail server reply using the NDR message or worse scenario, in which our organization appears as blacklisted.
Page 5 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com In a scenario of an “NDR”, it’s easy to implement the reverse engineering process in which we understand that the problem is related to a specific recipient organization. In a scenario in which the “destination mail server” doesn’t reply using NDR or, in a scenario in which we found that our organization is blacklisted, there is no thread or “bread cramp” that could lead us to the “source of the problem”. Q: How to recognize a scenario in which a user’s desktop is infected with Malware that sends an E-mail message on behalf of the user? A: There is no “magic formula” that will help you to capture this type of scenario. Our main “weapons” is the awareness for the charters of this type of scenarios (in which the user desktop is compromised by malware that send spam E-mail on behalf of the organization user). One of the main charters for this type of scenario is “lack of coordination” between the evidence that exists in the user mailbox versus the “evidence” that exists in the Exchange Online mail server. For example – an organization’s user report about a strange phenomenon in which he gets the NDR message for E-mail that he didn’t send. The NDR message informs him that his E-mail was rejected by the destination mail server because he was identified as spamjunk mail. Note – there is another spam scenario that has similar characteristics named: NDR backscatter. In this scenario, the organization users get an NDR message that informs them that their “destination recipient” doesn’t exist. This is a scenario in which a spammer impersonated himself to a legitimate user from using our organization user identity.
Page 6 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com When we start to investigate this strange issue by looking at the user mailbox and, in particular in the Sent mail folder, we cannot see any evidence to the mail that was sent from the user mailbox. The reason for this strange phenomenon is that most of the time, the malware will prefer to “cover his track” by deleting the E-mail that he sent from the sent item’s folder or by connecting the mail server directly and bypassing the desktop mail client. The phenomenon becomes even stranger when we look at our Exchange Online message trace log and finds out, that the Exchange Online log includes information about dozens or even hundreds of E- mail messages that was sent by the specific organization user. This scenario is a clear evidence of a scenario of Malware that took over the user desktop and impersonate as a legitimate organization user. Q: How to avoid a scenario in which organization user desktop can be compromised? A: Verify that you implemented the basic security best practices that relate to the user desktop security:
Page 7 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com  Verify that the desktop includes installation of antivirus software.  Verify the antivirus software include all the last updates.  Verify the antivirus software service is turned on. Another option:  Reset the organization user password  Monitor the “problematic user” activity by using the Exchange Online message trace log. For example, look at the Exchange Online log and try to locate a “strange behavior” in which there are many E-mails that are sent “by the user” to unknown E-mail address. 6. “Problematic” Website Another interesting and unknown reason for classifying E-mail as a spamjunk mail is related to the website address (URL) that appears in E-mail message. Exchange Online and other mail server are using the services of a special blacklist provider, such as: surbl that specialized is a specific “realm” that is focused on a URL address that considers is “problematic URL address” and that appear in a user E-mail message. Attached a quotation from the surbl website: SURBLs are lists of web sites that have appeared in unsolicited messages. Unlike most lists, SURBLs are not lists of message senders. I have read the information in the website that explains the method that is used and I must admit, that I’m sure that I completely
Page 8 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com understand the full concept of the “methods” that are used by the surbl service. As I understand it, the first step that is implemented by the surbl service is to – create a list of public websites that their name (their URL address) appears in E-mails that was classified or identified as spamjunk mail. The fact that a specific website URL address “appear” in unsolicited E- mail messages, “stamp” this website “suspicious”. In case that user sends an E-mail message, which includes the URL address of a website that appeared on the list of “suspicious web site”, the E-mail message could be considered as mail item that contains spam content. Additional reading  SURBL
Page 9 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com NON-OFFICE 365 AND EXCHANGE ONLINE ISSUES Under the subject of – “factors and element that can lead into a scenario in which E-mail that is sent from your organization could be identified as spamjunk mail” there could be additional causes that we didn’t review. The reason that we have not reviewed these factors is – because that in Office 365 and Exchange Online this factor cannot be realized. An example of such causes could be: A mail server that is hacked by spammers, mail server that configured as: open relay, Mail application that doesn’t use standard or non-RFC complaint SMTP protocol, missing MX record, missing PTR records, using a dynamic IP address as the IP address of the mail server and more. Although in Office 365 and Exchange Online we should not be concerned about the above issues, in case that we manage a “private mail infrastructure” it’s important to be aware of this potential problem. Additional reading  Open mail relay  Email Fundamentals: What is an Open Relay?  The return of the open relays  What is SMTP relay?
Page 10 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com Internal outbound spam in Office 365 environment | Article series index A quick reference for the article series My E-mail appears as a spam | Article series index | Part 0#17 The article index of the complete article series Introduction to the concept of internal outbound spam in general and in Office 365 and Exchange Online environment My E-mail appears as a spam – Introduction | Office 365 | Part 1#17 The psychological profile of the phenomenon: “My E-mail appears as a spam!”, possible factors for causing our E-mail to appear a “spam mail”, the definition of internal outbound spam. Internal spam in Office 365 – Introduction | Part 2#17 Review in general the term: “internal outbound spam”, miss conceptions that relate to this term, the risks that are involved in this scenario, outbound spam E-mail policy and more.
Page 11 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com Internal spam in Office 365 – Introduction | Part 3#17 What are the possible reasons that could cause to our mail to appear as spamjunk mail, who or what are this “elements”, that can decide that our mail is a spam mail?, what are the possible “reactions” of the destination mail infrastructure that identify our E- mail as spamjunk mail?. Commercial E-mail – Using the right tools | Office 365 | Part 4#17 What is commercial E-mail? Commercial E-mail as part of the business process. Why do I think that Office 365 Exchange Online is unsuitable for the purpose of commercial E-mail? Introduction if the major causes for a scenario in which your organization E-mail appears as spam My E-mail appears as spam | The 7 major reasons | Part 5#17 Review three major reasons, that could lead to a scenario, in which E- mail that is sent from our organization identified as spam mail: 1. E-mail content, 2. Violation of the SMTP standards, 3. BulkMass mail
Page 12 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com My E-mail appears as spam | The 7 major reasons | Part 6#17 Review three major reasons, that could lead to a scenario, in which E- mail that is sent from our organization identified as spam mail: 4. False positive, 5. User Desktop malware, 6. “Problematic” Website Introduction if the subject of SPF record in general and in Office 365 environment What is SPF record good for? | Part 7#17 The purpose of the SPF record and the relation to for our mail infrastructure. How does the SPF record enable us to prevent a scenario in which hostile elements could send E-mail on our behalf. Implementing SPF record | Part 8#17 The “technical side” of the SPF record: the structure of SPF record, the way that we create SPF record, what is the required syntax for the SPF record in an Office 365 environment + mix mail environment, how to verify the existence of SPF record and so on.
Page 13 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com Introduction if the subject of Exchange Online - High Risk Delivery Pool High Risk Delivery Pool and Exchange Online | Part 9#17 How Office 365 (Exchange Online) is handling a scenario of internal outbound spam by using the help of the Exchange Online- High Risk Delivery Pool. High Risk Delivery Pool and Exchange Online | Part 10#17 The second article about the subject of Exchange Online- High Risk Delivery Pool. The troubleshooting path of internal outbound spam scenario My E-mail appears as spam – Troubleshooting path | Part 11#17 Troubleshooting scenario of internal outbound spam in Office 365 and Exchange Online environment. Verifying if our domain name is blacklisted, verifying if the problem is related to E-mail content, verifying if the problem is related to specific organization user E-mail address, moving the troubleshooting process to the “other side.
Page 14 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com My E-mail appears as spam | Troubleshooting – Domain name and E-mail content | Part 12#17 Verify if our domain name appears as blacklisted, verify if the problem relates to a specific E-mail message content, registering blacklist monitoring services, activating the option of Exchange Online outbound spam. My E-mail appears as spam | Troubleshooting – Mail server | Part 13#17 What is the meaning of: “our mail server”?, Mail server IP, host name and Exchange Online. One of our users got an NDR which informs him, that his mail server is blacklisted!, How do we know that my mail server is blacklisted? My E-mail appears as spam | Troubleshooting – Mail server | Part 14#17 The troubleshooting path logic. Get the information from the E-mail message that was identified as spamNDR. Forwarding a copy of the NDR message or the message that saved to the junk mail
Page 15 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com My E-mail appears as spam | Troubleshooting – Mail server | Part 15#17 Step B – Get information about your Exchange Online infrastructure, Step C – fetch the information about the Exchange Online IP address, Step D – verify if the “formal “Exchange Online IP address a De-list your organization from a blacklist | My E-mail appears as spam | Part 16#17 Review the charters of a scenario in which your organization appears as blacklisted. The steps and the operations that need to be implemented for de-list your organization from a blacklist. Summery and recap of the troubleshooting and best practices in a scenario of internal outbound spam Dealing and avoiding internal spam | Best practices | Part 17#17 Provide a short checklist for all the steps and the operation that relates to a scenario of – internal outbound spam.

Recommandé

IND-2012-287 Anando -MILKY IDEA
IND-2012-287 Anando -MILKY IDEAIND-2012-287 Anando -MILKY IDEA
IND-2012-287 Anando -MILKY IDEA
designforchangechallenge
 
Boletim informativo - janeiro
Boletim informativo - janeiroBoletim informativo - janeiro
Boletim informativo - janeiro
bibliotecasjuliomartins
 
Ашманов И.С. (2013.04.24) - Информационный суверенитет - новая реальность
Ашманов И.С. (2013.04.24) - Информационный суверенитет - новая реальностьАшманов И.С. (2013.04.24) - Информационный суверенитет - новая реальность
Ашманов И.С. (2013.04.24) - Информационный суверенитет - новая реальность
mediamera
 
TAM-2012-11 PUMS Pandiapuram
TAM-2012-11 PUMS PandiapuramTAM-2012-11 PUMS Pandiapuram
TAM-2012-11 PUMS Pandiapuram
designforchangechallenge
 
Presentation
PresentationPresentation
Presentation
sunkitchen
 
第10回word bench熊本
第10回word bench熊本第10回word bench熊本
第10回word bench熊本
Akinori Tateyama
 
Past perfect tense Nurlaela 201212500067
Past perfect tense Nurlaela 201212500067Past perfect tense Nurlaela 201212500067
Past perfect tense Nurlaela 201212500067
nurlaelanur
 
Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4
Eyal Doron
 

Recommandé

IND-2012-287 Anando -MILKY IDEA
IND-2012-287 Anando -MILKY IDEAIND-2012-287 Anando -MILKY IDEA
IND-2012-287 Anando -MILKY IDEA
designforchangechallenge
 
Boletim informativo - janeiro
Boletim informativo - janeiroBoletim informativo - janeiro
Boletim informativo - janeiro
bibliotecasjuliomartins
 
Ашманов И.С. (2013.04.24) - Информационный суверенитет - новая реальность
Ашманов И.С. (2013.04.24) - Информационный суверенитет - новая реальностьАшманов И.С. (2013.04.24) - Информационный суверенитет - новая реальность
Ашманов И.С. (2013.04.24) - Информационный суверенитет - новая реальность
mediamera
 
TAM-2012-11 PUMS Pandiapuram
TAM-2012-11 PUMS PandiapuramTAM-2012-11 PUMS Pandiapuram
TAM-2012-11 PUMS Pandiapuram
designforchangechallenge
 
Presentation
PresentationPresentation
Presentation
sunkitchen
 
第10回word bench熊本
第10回word bench熊本第10回word bench熊本
第10回word bench熊本
Akinori Tateyama
 
Past perfect tense Nurlaela 201212500067
Past perfect tense Nurlaela 201212500067Past perfect tense Nurlaela 201212500067
Past perfect tense Nurlaela 201212500067
nurlaelanur
 
Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4
Eyal Doron
 
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
pathsproject
 
Generating Paths through Cultural Heritage Collections, LATECH 2013 paper
Generating Paths through Cultural Heritage Collections, LATECH 2013 paperGenerating Paths through Cultural Heritage Collections, LATECH 2013 paper
Generating Paths through Cultural Heritage Collections, LATECH 2013 paper
pathsproject
 
PATHS system architecture
PATHS system architecturePATHS system architecture
PATHS system architecture
pathsproject
 
Plivo OSDC FR 2012
Plivo OSDC FR 2012Plivo OSDC FR 2012
Plivo OSDC FR 2012
mricordeau
 
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Eyal Doron
 
Величко М.В. (2014.02.26) — О Майдане и перспективах Украины и России
Величко М.В. (2014.02.26) — О Майдане и перспективах Украины и РоссииВеличко М.В. (2014.02.26) — О Майдане и перспективах Украины и России
Величко М.В. (2014.02.26) — О Майдане и перспективах Украины и России
mediamera
 
DFC2012 India: Health & Hygiene
DFC2012 India: Health & HygieneDFC2012 India: Health & Hygiene
DFC2012 India: Health & Hygiene
designforchangechallenge
 
How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2
Eyal Doron
 
How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...
Eyal Doron
 
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Eyal Doron
 
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Eyal Doron
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
Eyal Doron
 
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comWhat is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
Eyal Doron
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...
Eyal Doron
 
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Eyal Doron
 
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Eyal Doron
 
Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...
Eyal Doron
 
Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...
Eyal Doron
 
Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...
Eyal Doron
 
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Eyal Doron
 
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Eyal Doron
 
Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36
Eyal Doron
 

Contenu connexe

En vedette

PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
pathsproject
 
PATHS system architecture
PATHS system architecturePATHS system architecture
PATHS system architecture
pathsproject
 
Величко М.В. (2014.02.26) — О Майдане и перспективах Украины и России
Величко М.В. (2014.02.26) — О Майдане и перспективах Украины и РоссииВеличко М.В. (2014.02.26) — О Майдане и перспективах Украины и России
Величко М.В. (2014.02.26) — О Майдане и перспективах Украины и России
mediamera
 

En vedette (7)

PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
 
Generating Paths through Cultural Heritage Collections, LATECH 2013 paper
Generating Paths through Cultural Heritage Collections, LATECH 2013 paperGenerating Paths through Cultural Heritage Collections, LATECH 2013 paper
Generating Paths through Cultural Heritage Collections, LATECH 2013 paper
 
PATHS system architecture
PATHS system architecturePATHS system architecture
PATHS system architecture
 
Plivo OSDC FR 2012
Plivo OSDC FR 2012Plivo OSDC FR 2012
Plivo OSDC FR 2012
 
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
 
Величко М.В. (2014.02.26) — О Майдане и перспективах Украины и России
Величко М.В. (2014.02.26) — О Майдане и перспективах Украины и РоссииВеличко М.В. (2014.02.26) — О Майдане и перспективах Украины и России
Величко М.В. (2014.02.26) — О Майдане и перспективах Украины и России
 
DFC2012 India: Health & Hygiene
DFC2012 India: Health & HygieneDFC2012 India: Health & Hygiene
DFC2012 India: Health & Hygiene
 

Plus de Eyal Doron

Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Eyal Doron
 
Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...
Eyal Doron
 
Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...
Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
Eyal Doron
 

Plus de Eyal Doron (20)

How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2
 
How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...
 
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
 
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
 
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comWhat is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...
 
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
 
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
 
Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...
 
Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...
 
Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...
 
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
 
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
 
Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
 
Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...
Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...
Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...
 

Dernier

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Dernier (20)

WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 

My E-mail appears as spam | The 7 major reasons | Part 6#17

  • 1. Page 1 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com MY E-MAIL APPEARS AS SPAM | THE 7 MA JOR REASONS | PART 6#17 The current article is the continuation of the former article (My E- mail appears as spam | The 7 major reasons | Part 5#17) in which we continue to review the major reasons, that could lead to a scenario in which E-mail that is sent from our organization, identified as spam E- mail. In the current article we will review the following causes:  False positive  User Desktop malware  “Problematic” Website 4. False positive
  • 2. Page 2 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com Regarding the subject of internal outbound spam, the term “false positive”, relate to a scenario in which a legitimate E-mail is recognized by mistake as a spamjunk mail. Q: Is there an option to completely avoid from a scenario of “false positive”? A: Sadly, the answer is no. There are different “elements”, which can identify our organization E-mail by mistake as a spamjunk mail. For example, your E-mail message could be mistakenly classified as spamjunk mail by a blacklist provider who recognizes aspects in your E-mail message that “look like” charters of spamjunk mail (no system is perfect). Another example could be: destination recipient looks at your E-mail message, and it seemed to him like a spamjunk mail. For this reason, he decides to report the specific E-mail message as spamjunk mail.
  • 3. Page 3 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com In the following diagram, we can see that there could be “additional element” that could “decide” to identify a specific E-mail as spamjunk mail such as – the user mail application or the security application that is installed on the user desktop. How to avoid? There is no real method for “avoiding” this scenario. In case that legitimate E-mail that was sent by organization users is classified as spamjunk E-mail by a specific blacklist, all we can do is to address the specific blacklist owner and ask to be removed from the blacklist. Another best practice could be: implement a procedure, in which we check the “spam score” of commercial E-mail, before we send the specific E-mail message to the large group of recipients.
  • 4. Page 4 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com You can read more information about the option of testing your spam score in the article: My E-mail appears as spam | The 7 major reasons | Part 5#17 5. User Desktop malware In case that the user desktop is infected with Malware (virus, spyware, etc.) the result can be a “stranger phenomenon” such as: mail that disappears, spam mail that sends from our organization recipient without his knowledge and so on. One of the major charters of such a scenario (a scenario in which the user desktop is infected by Malware) is that the organization user is not aware that spam E-mail is sent by his name to other recipients. The “point” in which we become aware of this issue, is only if the destination mail server reply using the NDR message or worse scenario, in which our organization appears as blacklisted.
  • 5. Page 5 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com In a scenario of an “NDR”, it’s easy to implement the reverse engineering process in which we understand that the problem is related to a specific recipient organization. In a scenario in which the “destination mail server” doesn’t reply using NDR or, in a scenario in which we found that our organization is blacklisted, there is no thread or “bread cramp” that could lead us to the “source of the problem”. Q: How to recognize a scenario in which a user’s desktop is infected with Malware that sends an E-mail message on behalf of the user? A: There is no “magic formula” that will help you to capture this type of scenario. Our main “weapons” is the awareness for the charters of this type of scenarios (in which the user desktop is compromised by malware that send spam E-mail on behalf of the organization user). One of the main charters for this type of scenario is “lack of coordination” between the evidence that exists in the user mailbox versus the “evidence” that exists in the Exchange Online mail server. For example – an organization’s user report about a strange phenomenon in which he gets the NDR message for E-mail that he didn’t send. The NDR message informs him that his E-mail was rejected by the destination mail server because he was identified as spamjunk mail. Note – there is another spam scenario that has similar characteristics named: NDR backscatter. In this scenario, the organization users get an NDR message that informs them that their “destination recipient” doesn’t exist. This is a scenario in which a spammer impersonated himself to a legitimate user from using our organization user identity.
  • 6. Page 6 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com When we start to investigate this strange issue by looking at the user mailbox and, in particular in the Sent mail folder, we cannot see any evidence to the mail that was sent from the user mailbox. The reason for this strange phenomenon is that most of the time, the malware will prefer to “cover his track” by deleting the E-mail that he sent from the sent item’s folder or by connecting the mail server directly and bypassing the desktop mail client. The phenomenon becomes even stranger when we look at our Exchange Online message trace log and finds out, that the Exchange Online log includes information about dozens or even hundreds of E- mail messages that was sent by the specific organization user. This scenario is a clear evidence of a scenario of Malware that took over the user desktop and impersonate as a legitimate organization user. Q: How to avoid a scenario in which organization user desktop can be compromised? A: Verify that you implemented the basic security best practices that relate to the user desktop security:
  • 7. Page 7 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com  Verify that the desktop includes installation of antivirus software.  Verify the antivirus software include all the last updates.  Verify the antivirus software service is turned on. Another option:  Reset the organization user password  Monitor the “problematic user” activity by using the Exchange Online message trace log. For example, look at the Exchange Online log and try to locate a “strange behavior” in which there are many E-mails that are sent “by the user” to unknown E-mail address. 6. “Problematic” Website Another interesting and unknown reason for classifying E-mail as a spamjunk mail is related to the website address (URL) that appears in E-mail message. Exchange Online and other mail server are using the services of a special blacklist provider, such as: surbl that specialized is a specific “realm” that is focused on a URL address that considers is “problematic URL address” and that appear in a user E-mail message. Attached a quotation from the surbl website: SURBLs are lists of web sites that have appeared in unsolicited messages. Unlike most lists, SURBLs are not lists of message senders. I have read the information in the website that explains the method that is used and I must admit, that I’m sure that I completely
  • 8. Page 8 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com understand the full concept of the “methods” that are used by the surbl service. As I understand it, the first step that is implemented by the surbl service is to – create a list of public websites that their name (their URL address) appears in E-mails that was classified or identified as spamjunk mail. The fact that a specific website URL address “appear” in unsolicited E- mail messages, “stamp” this website “suspicious”. In case that user sends an E-mail message, which includes the URL address of a website that appeared on the list of “suspicious web site”, the E-mail message could be considered as mail item that contains spam content. Additional reading  SURBL
  • 9. Page 9 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com NON-OFFICE 365 AND EXCHANGE ONLINE ISSUES Under the subject of – “factors and element that can lead into a scenario in which E-mail that is sent from your organization could be identified as spamjunk mail” there could be additional causes that we didn’t review. The reason that we have not reviewed these factors is – because that in Office 365 and Exchange Online this factor cannot be realized. An example of such causes could be: A mail server that is hacked by spammers, mail server that configured as: open relay, Mail application that doesn’t use standard or non-RFC complaint SMTP protocol, missing MX record, missing PTR records, using a dynamic IP address as the IP address of the mail server and more. Although in Office 365 and Exchange Online we should not be concerned about the above issues, in case that we manage a “private mail infrastructure” it’s important to be aware of this potential problem. Additional reading  Open mail relay  Email Fundamentals: What is an Open Relay?  The return of the open relays  What is SMTP relay?
  • 10. Page 10 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com Internal outbound spam in Office 365 environment | Article series index A quick reference for the article series My E-mail appears as a spam | Article series index | Part 0#17 The article index of the complete article series Introduction to the concept of internal outbound spam in general and in Office 365 and Exchange Online environment My E-mail appears as a spam – Introduction | Office 365 | Part 1#17 The psychological profile of the phenomenon: “My E-mail appears as a spam!”, possible factors for causing our E-mail to appear a “spam mail”, the definition of internal outbound spam. Internal spam in Office 365 – Introduction | Part 2#17 Review in general the term: “internal outbound spam”, miss conceptions that relate to this term, the risks that are involved in this scenario, outbound spam E-mail policy and more.
  • 11. Page 11 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com Internal spam in Office 365 – Introduction | Part 3#17 What are the possible reasons that could cause to our mail to appear as spamjunk mail, who or what are this “elements”, that can decide that our mail is a spam mail?, what are the possible “reactions” of the destination mail infrastructure that identify our E- mail as spamjunk mail?. Commercial E-mail – Using the right tools | Office 365 | Part 4#17 What is commercial E-mail? Commercial E-mail as part of the business process. Why do I think that Office 365 Exchange Online is unsuitable for the purpose of commercial E-mail? Introduction if the major causes for a scenario in which your organization E-mail appears as spam My E-mail appears as spam | The 7 major reasons | Part 5#17 Review three major reasons, that could lead to a scenario, in which E- mail that is sent from our organization identified as spam mail: 1. E-mail content, 2. Violation of the SMTP standards, 3. BulkMass mail
  • 12. Page 12 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com My E-mail appears as spam | The 7 major reasons | Part 6#17 Review three major reasons, that could lead to a scenario, in which E- mail that is sent from our organization identified as spam mail: 4. False positive, 5. User Desktop malware, 6. “Problematic” Website Introduction if the subject of SPF record in general and in Office 365 environment What is SPF record good for? | Part 7#17 The purpose of the SPF record and the relation to for our mail infrastructure. How does the SPF record enable us to prevent a scenario in which hostile elements could send E-mail on our behalf. Implementing SPF record | Part 8#17 The “technical side” of the SPF record: the structure of SPF record, the way that we create SPF record, what is the required syntax for the SPF record in an Office 365 environment + mix mail environment, how to verify the existence of SPF record and so on.
  • 13. Page 13 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com Introduction if the subject of Exchange Online - High Risk Delivery Pool High Risk Delivery Pool and Exchange Online | Part 9#17 How Office 365 (Exchange Online) is handling a scenario of internal outbound spam by using the help of the Exchange Online- High Risk Delivery Pool. High Risk Delivery Pool and Exchange Online | Part 10#17 The second article about the subject of Exchange Online- High Risk Delivery Pool. The troubleshooting path of internal outbound spam scenario My E-mail appears as spam – Troubleshooting path | Part 11#17 Troubleshooting scenario of internal outbound spam in Office 365 and Exchange Online environment. Verifying if our domain name is blacklisted, verifying if the problem is related to E-mail content, verifying if the problem is related to specific organization user E-mail address, moving the troubleshooting process to the “other side.
  • 14. Page 14 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com My E-mail appears as spam | Troubleshooting – Domain name and E-mail content | Part 12#17 Verify if our domain name appears as blacklisted, verify if the problem relates to a specific E-mail message content, registering blacklist monitoring services, activating the option of Exchange Online outbound spam. My E-mail appears as spam | Troubleshooting – Mail server | Part 13#17 What is the meaning of: “our mail server”?, Mail server IP, host name and Exchange Online. One of our users got an NDR which informs him, that his mail server is blacklisted!, How do we know that my mail server is blacklisted? My E-mail appears as spam | Troubleshooting – Mail server | Part 14#17 The troubleshooting path logic. Get the information from the E-mail message that was identified as spamNDR. Forwarding a copy of the NDR message or the message that saved to the junk mail
  • 15. Page 15 of 15 | My E-mail appears as spam | The 7 major reasons | Part 6#17 Written by Eyal Doron | o365info.com My E-mail appears as spam | Troubleshooting – Mail server | Part 15#17 Step B – Get information about your Exchange Online infrastructure, Step C – fetch the information about the Exchange Online IP address, Step D – verify if the “formal “Exchange Online IP address a De-list your organization from a blacklist | My E-mail appears as spam | Part 16#17 Review the charters of a scenario in which your organization appears as blacklisted. The steps and the operations that need to be implemented for de-list your organization from a blacklist. Summery and recap of the troubleshooting and best practices in a scenario of internal outbound spam Dealing and avoiding internal spam | Best practices | Part 17#17 Provide a short checklist for all the steps and the operation that relates to a scenario of – internal outbound spam.