Service Alert: CEO Spam

We’ve seen an influx of what is known as ‘CEO Spam’, where an email is supposedly sent from the boss’ iPhone asking the recipient to urgently send some money to a bank account.

Please be on the alert for this, and help your users not to fall for what is quite a clever scam.

Meanwhile, we are just in the process of adding a rule to our anti-spam software to hopefully block all of these – this will only work if your users are using our anti-spam system, of course!

Service Alert: WannaCrypt

I’m sure you’ve all heard the news over the weekend about this ransomware and the damage it has done to the NHS.

You’ll be pleased to know that both our AV engines were updated pretty promptly to block this virus. However, no-one seems entirely sure whether it was spread via email in the first place, or simply over the internet via SMB connections.

We also expect other people to get hold of this virus and start modifying it, so there may be some variants appearing over the coming days, and our AV engines will both be trying to update themselves as soon as new variants appear.

The best advice we can pass on is for users to continue to be vigilant, and if in doubt, don’t attempt to open an attachment. Also, get those Windows boxes updated asap. Please note this doesn’t affect Windows 10 or Mac users.

Adrian

Under the hood: Spam Wars

In the ongoing war against the spammers, we have put a lot of effort over the last year or two in looking at the effectiveness of various methods, and thought it might be helpful to give a bit of a behind-the-scenes look at some of the lists and methodologies we use and their relative effectiveness. What these stats don’t show is the amount of false positives or the amount of spams that we miss as with our diverse user base it is impossible to measure these things accurately.

We try to be quite aggressive at detecting spams as the majority of our users make use of what we call auto-whitelisting, where anyone they send an email to automatically gets added to their whitelist and doesn’t get checked for spam in the future (well not at stage 2 anyway – see below).

The first stage of our spam blocking is the most aggressive, and most sensitive. If we have false positives here, we tend to find out about it because we reject the connections based on the IP address that is trying to connect to us.

I’ve included links below so you can investigate and find out more about any particular list.

Firstly, let’s look at connections to our servers. Taking a sample day, of Wednesday December 14th 2016, we received a total of 6,680,134 inbound SMTP connections. Here’s what we did with them.

Spamhaus Zen 5,403,727
Invaluement ivmSIP 236,211
Accepted 1,040,196

Of those 1,040,196 accepted connections, we received 1,008,901 individual emails. These were then broken up as follows:

Whitelisted 138,055
Blacklisted 3,513
Too Large to Scan 6,960
Not scanned (user not enabled anti-spam) 131,480
Scanned 728,893

So we now have a grand total of 728,893 emails to feed into our anti-spam servers. These run a piece of software called Spamassassin that looks for patterns in emails that mean they are probably spam and score them accordingly. Unfortunately, the spammers have access to this, and the good ones are very clever at making their spams not look like spam to a computer (though still obviously spam to a human), so we rely quite heavily on various blacklists to identify spam for us.

In the last couple of years, the spammers have become even more sophisticated and found ways to send out millions of spams before the blacklists are able to list them. The blacklists are fighting back, however, with new lists such as InstantRBL and faster listings (particularly good at URIBL).

Taking our sample day with 728,893 spams to be scanned, here is how many are caught by each different method/list employed. These stats show unique hits (so, for example, if something is caught by two lists, or one list and other Spamassassin rules, it won’t show up).

Spamhaus Zen 2,062
URIBL 8,137
Invaluement ivmSIP24 2,029
Invaluement ivmURI 10,194
Barracuda 9,109
InstantRBL 8,442
Protected Sky 5,468
Spamassassin other rules 32,007
Total caught 113,439

It’s hard to draw a pretty chart from all of this. However, here are the headline figures. 6,680,134 inbound connections, 891,949 emails delivered to inboxes, which represents 13% of the total. 131,480 of those didn’t get a chance to be scanned because our end user didn’t have the feature enabled.

So there you have it, it’s an ongoing battle, and the battleground keeps shifting. The spammers have access to all of the same tools that we do – that’s the nature of the internet, so they will keep trying to find new ways to beat the system, and we will keep trying to find new ways to stop them.

MailCore Pro Price Reduction!

For customers using MailCore Pro we are delighted to announce that, with effect from your first billing date on, or after, 1st October 2016, we are reducing the price of the full MailCore Pro feature set down to that of the ‘Basic’ – only £1 per mailbox, per month. Any ‘Basic’ mailboxes will automatically be upgraded to full MailCore Pro specification providing the option to use the collaboration tools if required.

In addition – and we know this is a ‘biggie’ for many of you – with recent upgrades to our CalDAV integration we now have a seamless Calendar integration with Windows 10!

Please note that it will take a while to sort out the back-end systems and merge them, so, for a short period, there will still be a separate ‘Basic’ version, but this will go and all mailboxes will be upgraded automatically.

Email Anti-Virus Filtering Upgrade

Today we have introduced a further level of protection our anti-virus service. Using our control panel, a third type of protection can be selected that blocks any incoming or outgoing emails containing Visual Basic for Applications (VBA) macros. These are typically found in Microsoft Office files such as .doc, .docx, .xls and .xlsx. Macros are small blocks of code embedded in the document to help with automation. However, they can also used as ‘payloads’ for transmitting malware and viruses.

To recap, we now offer three levels of settings: Standard Anti-Virus, Advanced (which includes phishing attack detection) and now Advanced with VBA Macro blocking. To use this new setting, users can select it from the ‘Protection’ section of their mailbox Control Panel.

This new feature is part of our ongoing commitment to improving our services and is provided to all customers at no additional charge.

New Gateway Control Interface

Gateway gets a Major Upgrade!

We’re delighted to announce the launch of our new Gateway Control Panel that picks up on recent design changes to our website and provides a number of new features, as well as more intuitive navigation.

email spam and virus filtering

New tools for Gateway include attachment filtering, spam digest controls and a range of comprehensive diagnostic tests – all combining to make our Gateway service even more powerful than before. New stats clearly demonstrate the value and results of using the service.

The new interface is live now and will run in parallel with the old interface for the next three months, after which we’ll discontinue the old one. This will take place on Tuesday 2nd August 2016.

To view the new Gateway interface point your browser at https://gateway.verygoodemail.com and use your existing login and password.

If you require any assistance, or have feedback on the new interface, please let us know at feedback@verygoodemail.com

Service Alert: Anti-Virus Extreme Setting – Macros

We have just enabled a new feature for those using Extreme setting on Anti-Virus. This blocks all Word/Excel attachments that contain macros of any sort, reporting them as: Heuristics.OLE2.ContainsMacros

As this is the Extreme setting, we thought it appropriate to enable this feature. As ever, we welcome your feedback on the impact of this.

Quiet Mail

Introducing Quiet Mail – sanity for your inbox!

Ever dreamed of finding a simple way to de-clutter your email inbox?

Introducing a new and really useful service that will bring sanity to your inbox; Quiet Mail.

Quiet Mail automatically filters unsolicited mail to a Quarantine folder to reduce load on the inbox.


How it Works

When enabled, the following folders are created in the user’s inbox:

  • Quarantine
  • Blacklist
  • Archive

These folders are protected and will be recreated if deleted so long as Quiet Mail is enabled.

All emails will now be placed in the Quarantine folder and marked as read, unless the sender is on the user’s whitelist – these will go into the mail inbox as normal.

In addition, all emails that identify themselves as ‘bulk’ mailings (such as sales promotions) will be placed in the Quarantine folder.

The result is a mailbox that only receives solicited mail in the Inbox. All other mail that is not flagged as Spam is stored in Quarantine folder and marked read.


It ‘learns’ as you go…

To whitelist a sender (and ensure future emails go to the Inbox, not Quarantine) the user can move the message to another folder. Within a few minutes, the message will be scanned and the sender whitelisted. An ‘Archive’ folder is provided for this purpose. All folders are scanned for whitelisting with the exception of ‘Trash’ and ‘Spam’. So, messages can be safely deleted from Quarantine without whitelisting the senders.

If the user wishes to specifically blacklist a sender (regardless of whether the message has been quarantined or not), they can drag a message to the ‘Blacklist’ folder. Within a few minutes the sender will be added to the blacklist and the message deleted.

Any messages in the Quarantine over 30 days old are automatically deleted, so the folder is self maintaining.

Quiet Mail is not recommended for mailboxes that expect unsolicited mail, such as sales@.

How to switch on…

Users can select the Quiet Mail option via their control panel.