Categories: Email Delivery Questions :

Why are these blatant spam messages making it through Postini

Showing 1-18 of 18 messages
Why are these blatant spam messages making it through Postini JeremyRWhittaker 7/15/12 5:36 PM
All,

I have a client who in the last 3 weeks started getting a ton of spam messages delivered.  I have ran the Postini spam tool and the results are below.  When I log in to his Postini his overall junk filter is set for "strict" which I believe is the equivalent of a 3.  But I'm not sure.  The Postini spam score of this message is a 2.12471 if his settings are a 3 then it should be marked as spam, correct?  There are multiple messages making it through.  I have posted the Postini header analyzer of all of them below.

What is weird is this user has been using Postini with no problems for at least 3 years.



 This message went through the Postini System.
 This message went through Postini Spam, Virus and Content filtering.
 Message delivered (see spam scores below for more information).

 Message Analysis Details


Overall Evaluation

Result

Note

Passed Virus DetectionYesVirus Name: --
Triggered Content ManagerNoFilter Name: --
From Approved/Blocked SenderNoSender: wiz_...@netlogixlabs.com
Passed Spam DetectionYesSee spam scores below for more information.
DispositionDelivered to InboxMessage delivered (see spam scores below for more information).
 more information...

Spam Filter Scores

Score

Note

Passed Blatant Spam BlockingYesMessage does not score as blatant spam.
Spam Threshold1.0000Scores below the threshold are considered spam.
Postini Spam Score2.12471Range: 0(Spam) - 100(Legitimate)
Spam score is above the threshold?YesMessage is not considered spam.
Legitimate sender behavior?----
Zero-Hour Threat?No--
 Early Detection Quarantine messages are quarantined for 8 hours as possible Zero-Hour Threats, and then rescanned by the system.

User Settings

Value

Note

Spam Filter SensitivityModerate (3)Higher Levels have a greater sensitivity to spam.
Bulk Filter Threshold1.0000Value based on Bulk Filter Setting.
 The above values affect the spam Threshold score. Higher Bulk and Category Filter values indicate an increased sensitivity to spam. more information...

Category Filters

Triggered?

Score

Racially InsensitiveNo95.9108
Sexually ExplicitNo95.9108
Make Money FastNo95.5423
Commercial OfferNo98.6951
 If a category filter is triggered, spam sensitivity is increased. more information...

Other Filters

Triggered?

Note

Legal Content HeuristicsNoScore: 95.5390
Financial Content HeuristicsNoScore: 95.5390
Quarantined by Xfilter?NoAn xfilter is a special filter released to stop a specific spam outbreak.
 These filters are triggered infrequently. If triggered, the message bypasses spam filtering. more information...

Causes of Message Delay

Result

Note

SpooledNoMessage spooled while recipient server offline.
EDQ RescanNoEarly Detection Quarantine messages are quarantined for 8 hours as possible Zero-Hour Threats, and then rescanned by the system.
Message Quarantined




 This message went through the Postini System.
 This message went through Postini Spam, Virus and Content filtering.
 Message delivered (see spam scores below for more information).

 Message Analysis Details

Overall Evaluation

Result

Note

Passed Virus DetectionYesVirus Name: --
Triggered Content ManagerNoFilter Name: --
From Approved/Blocked SenderNoSender: wiz_...@my-flash-store.net
Passed Spam DetectionYesSee spam scores below for more information.
DispositionDelivered to InboxMessage delivered (see spam scores below for more information).
 more information...

Spam Filter Scores

Score

Note

Passed Blatant Spam BlockingYesMessage does not score as blatant spam.
Spam Threshold1.0000Scores below the threshold are considered spam.
Postini Spam Score48.77974Range: 0(Spam) - 100(Legitimate)
Spam score is above the threshold?YesMessage is not considered spam.
Legitimate sender behavior?----
Zero-Hour Threat?No--
 Early Detection Quarantine messages are quarantined for 8 hours as possible Zero-Hour Threats, and then rescanned by the system.

User Settings

Value

Note

Spam Filter SensitivityModerate (3)Higher Levels have a greater sensitivity to spam.
Bulk Filter Threshold1.0000Value based on Bulk Filter Setting.
 The above values affect the spam Threshold score. Higher Bulk and Category Filter values indicate an increased sensitivity to spam. more information...

Category Filters

Triggered?

Score

Racially InsensitiveNo95.9108
Sexually ExplicitNo95.9108
Make Money FastNo97.0282
Commercial OfferNo98.6951
 If a category filter is triggered, spam sensitivity is increased. more information...

Other Filters

Triggered?

Note

Legal Content HeuristicsNoScore: 95.5390
Financial Content HeuristicsNoScore: 95.5390
Quarantined by Xfilter?NoAn xfilter is a special filter released to stop a specific spam outbreak.
 These filters are triggered infrequently. If triggered, the message bypasses spam filtering. more information...

Causes of Message Delay

Result

Note

SpooledNoMessage spooled while recipient server offline.
EDQ RescanNoEarly Detection Quarantine messages are quarantined for 8 hours as possible Zero-Hour Threats, and then rescanned by the system.
Message QuarantinedNoMessage was Quarantined and released by a User or Admin.
 This message went through the Postini System.
 This message went through Postini Spam, Virus and Content filtering.
 Message delivered (see spam scores below for more information).

 Message Analysis Details

Overall Evaluation

Result

Note

Passed Virus DetectionYesVirus Name: --
Triggered Content ManagerNoFilter Name: --
From Approved/Blocked SenderNoSender: wiz_...@netlogixlabs.com
Passed Spam DetectionYesSee spam scores below for more information.
DispositionDelivered to InboxMessage delivered (see spam scores below for more information).
 more information...

Spam Filter Scores

Score

Note

Passed Blatant Spam BlockingYesMessage does not score as blatant spam.
Spam Threshold1.0000Scores below the threshold are considered spam.
Postini Spam Score2.12471Range: 0(Spam) - 100(Legitimate)
Spam score is above the threshold?YesMessage is not considered spam.
Legitimate sender behavior?----
Zero-Hour Threat?No--
 Early Detection Quarantine messages are quarantined for 8 hours as possible Zero-Hour Threats, and then rescanned by the system.

User Settings

Value

Note

Spam Filter SensitivityModerate (3)Higher Levels have a greater sensitivity to spam.
Bulk Filter Threshold1.0000Value based on Bulk Filter Setting.
 The above values affect the spam Threshold score. Higher Bulk and Category Filter values indicate an increased sensitivity to spam. more information...

Category Filters

Triggered?

Score

Racially InsensitiveNo95.9108
Sexually ExplicitNo95.9108
Make Money FastNo95.5423
Commercial OfferNo98.6951
 If a category filter is triggered, spam sensitivity is increased. more information...

Other Filters

Triggered?

Note

Legal Content HeuristicsNoScore: 95.5390
Financial Content HeuristicsNoScore: 95.5390
Quarantined by Xfilter?NoAn xfilter is a special filter released to stop a specific spam outbreak.
 These filters are triggered infrequently. If triggered, the message bypasses spam filtering. more information...

Causes of Message Delay

Result

Note

SpooledNoMessage spooled while recipient server offline.
EDQ RescanNoEarly Detection Quarantine messages are quarantined for 8 hours as possible Zero-Hour Threats, and then rescanned by the system.
Message QuarantinedNoMessage was Quarantined and released by a User or Admin.


NoMessage was Quarantined and released by a User or Admin.


 This message went through the Postini System.
 This message went through Postini Spam, Virus and Content filtering.
 Message delivered (see spam scores below for more information).

 Message Analysis Details

Overall Evaluation

Result

Note

Passed Virus DetectionYesVirus Name: --
Triggered Content ManagerNoFilter Name: --
From Approved/Blocked SenderNoSender: wiz_...@fertia.net
Passed Spam DetectionYesSee spam scores below for more information.
DispositionDelivered to InboxMessage delivered (see spam scores below for more information).
 more information...

Spam Filter Scores

Score

Note

Passed Blatant Spam BlockingYesMessage does not score as blatant spam.
Spam Threshold0.5000Scores below the threshold are considered spam.
Postini Spam Score2.34121Range: 0(Spam) - 100(Legitimate)
Spam score is above the threshold?YesMessage is not considered spam.
Legitimate sender behavior?----
Zero-Hour Threat?No--
 Early Detection Quarantine messages are quarantined for 8 hours as possible Zero-Hour Threats, and then rescanned by the system.

User Settings

Value

Note

Spam Filter SensitivityLenient (2)Higher Levels have a greater sensitivity to spam.
Bulk Filter Threshold0.5000Value based on Bulk Filter Setting.
 The above values affect the spam Threshold score. Higher Bulk and Category Filter values indicate an increased sensitivity to spam. more information...

Category Filters

Triggered?

Score

Racially InsensitiveNo95.9108
Sexually ExplicitNo95.9108
Make Money FastNo94.1602
Commercial OfferNo99.5902
 If a category filter is triggered, spam sensitivity is increased. more information...

Other Filters

Triggered?

Note

Legal Content HeuristicsNoScore: 95.5390
Financial Content HeuristicsNoScore: 95.5390
Quarantined by Xfilter?NoAn xfilter is a special filter released to stop a specific spam outbreak.
 These filters are triggered infrequently. If triggered, the message bypasses spam filtering. more information...

Causes of Message Delay

Result

Note

SpooledNoMessage spooled while recipient server offline.
EDQ RescanNoEarly Detection Quarantine messages are quarantined for 8 hours as possible Zero-Hour Threats, and then rescanned by the system.
Message QuarantinedNoMessage was Quarantined and released by a User or Admin.


Received: from psmtp.com (64.18.2.80) by FT-HUBCAS-01.foresighttech.com (192.168.1.6) with Microsoft SMTP Server id 14.1.355.2; Sun, 15 Jul 2012 12:10:12 -0700Received: from mx2.fertia.net ([213.229.76.51]) by exprod7mx166.postini.com ([64.18.6.13]) with SMTP; Sun, 15 Jul 2012 15:11:37 EDTTo: <>MIME-Version: 1.0From: RECORDING-EMPLOYEES <wiz_...@fertia.net>Message-ID: <538.11939...@mx2.fertia.net>Subject: auto_record_employee_hours_and_record_payrollDate: Sun, 15 Jul 2012 15:09:11 -0400Content-Type: text/html; charset="us-ascii"Content-Transfer-Encoding: 8bitContent-Disposition: inlineX-pstn-neptune: 0/0/0.00/0X-pstn-levels: (S:18.16511/99.90000 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:95.5423 C:98.6951 )X-pstn-dkim: 0 skipped:not-enabledX-pstn-settings: 2 (0.5000:0.5000) s cv gt3 gt2 gt1 p X-pstn-addresses: from <wiz_...@fertia.net> [26/1] Return-Path: wiz_...@fertia.netX-MS-Exchange-Organization-AuthSource: FT-HUBCAS-01.foresighttech.comX-MS-Exchange-Organization-AuthAs: Anonymous

Re: Why are these blatant spam messages making it through Postini JeremyRWhittaker 7/16/12 8:35 AM
More messages are making it through today.  How can I contact Postini to gain assistance with this as my client is on the verge of cancelling?

 This message went through the Postini System.
 This message went through Postini Spam, Virus and Content filtering.
 Message delivered (see spam scores below for more information).

 Message Analysis Details

Overall Evaluation

Result

Note

Passed Virus DetectionYesVirus Name: --
Triggered Content ManagerNoFilter Name: --
From Approved/Blocked SenderNoSender: wiz_...@mehmetsanli.net
Passed Spam DetectionYesSee spam scores below for more information.
DispositionDelivered to InboxMessage delivered (see spam scores below for more information).
 more information...

Spam Filter Scores

Score

Note

Passed Blatant Spam BlockingYesMessage does not score as blatant spam.
Spam Threshold1.5000
Scores below the threshold are considered spam.
Postini Spam Score4.14884Range: 0(Spam) - 100(Legitimate)
Spam score is above the threshold?YesMessage is not considered spam.
Legitimate sender behavior?----
Zero-Hour Threat?No--
 Early Detection Quarantine messages are quarantined for 8 hours as possible Zero-Hour Threats, and then rescanned by the system.

User Settings

Value

Note

Spam Filter SensitivityAggressive (4)
Higher Levels have a greater sensitivity to spam.
Bulk Filter Threshold1.5000
Re: Why are these blatant spam messages making it through Postini JeremyRWhittaker 7/16/12 8:36 AM
And yet another...

 This message went through the Postini System.
 This message went through Postini Spam, Virus and Content filtering.
 User settings are not available (see note below).

 Header Analysis Details

This message went through the message security service and went through spam and virus filtering. The individual user settings are not available because this message was delivered to multiple recipients, the recipient of the message is not configured in the Message Security Service as a user or alias or the header is incomplete. You should make sure the user who received this message is configured in the Message Security service. Also, BCC recipients are not displayed in the message header. Here are the technical details of the header:

Overall Evaluation

Result

Note

Passed Virus DetectionYesVirus Name: --
Passed Spam DetectionNo
See spam scores below for more information.
 more information...

Spam Filter Scores

Score

Note

Passed Blatant Spam BlockingYesMessage does not score as blatant spam.
Postini Spam Score2.80671Range: 0(Spam) - 100(Legitimate)
Legitimate sender behavior?----
Zero Hour Threat?No--
 more information...

Category Filters

Triggered?

Score

Racially InsensitiveNo95.9108
Sexually ExplicitNo95.9108
Make Money FastNo95.5423
Commercial OfferNo99.5644
 If a category filter is triggered, spam sensitivity is increased. more information...

Causes of Message Delay

Result

Note

SpooledNoMessage spooled while recipient server offline.
EDQ RescanNoEarly Detection Quarantine messages are quarantined for 8 hours as possible Zero-Hour Threats, and then rescanned by the system.
Message QuarantinedNoMessage was Quarantined and released by a User or Admin.

Re: Why are these blatant spam messages making it through Postini FrankM Forums-TC 7/16/12 8:52 AM
When users settings are not available, it's most likely sent BCC. As for the others, there is a new strain of cleverly crafted messages that are given spam filters some challenges, including exploiting SPF/DKIM filters.
Re: Why are these blatant spam messages making it through Postini JeremyRWhittaker 7/16/12 9:01 AM
Only in my last post the user settings were not available because there was more than one recipient to this message.  Whenever there is more than one recipient Postini cannot show the user settings because there is more than one.  I'm still trying to figure out the spam issue.  Is there anything we can do to resolve this?  I have changed the user in questions settings to aggressive the highest setting and he is still receiving spam today.
Re: Why are these blatant spam messages making it through Postini JeremyRWhittaker 7/16/12 9:05 AM
for instance this message is obvious spam.  How is it possibly getting through?

 This message went through the Postini System.
 This message went through Postini Spam, Virus and Content filtering.
 Message delivered (see spam scores below for more information).

 Message Analysis Details

Overall Evaluation

Result

Note

Passed Virus DetectionYesVirus Name: --
Triggered Content ManagerNoFilter Name: --
From Approved/Blocked SenderNoSender: sup...@intuit.com
Passed Spam DetectionYes
See spam scores below for more information.
DispositionDelivered to InboxMessage delivered (see spam scores below for more information).
 more information...

Spam Filter Scores

Score

Note

Passed Blatant Spam BlockingYesMessage does not score as blatant spam.
Spam Threshold1.5000Scores below the threshold are considered spam.
Postini Spam Score1.76079Range: 0(Spam) - 100(Legitimate)
Spam score is above the threshold?YesMessage is not considered spam.
Legitimate sender behavior?----
Zero-Hour Threat?No--
 Early Detection Quarantine messages are quarantined for 8 hours as possible Zero-Hour Threats, and then rescanned by the system.

User Settings

Value

Note

Spam Filter SensitivityAggressive (4)Higher Levels have a greater sensitivity to spam.
Bulk Filter Threshold1.5000Value based on Bulk Filter Setting.
 The above values affect the spam Threshold score. Higher Bulk and Category Filter values indicate an increased sensitivity to spam. more information...

Category Filters

Triggered?

Score

Racially InsensitiveNo95.9108
Sexually ExplicitNo95.9108
Make Money FastNo97.0282
Commercial OfferNo98.6951
 If a category filter is triggered, spam sensitivity is increased. more information...

Other Filters

Triggered?

Note

Legal Content HeuristicsNoScore: 95.5390
Financial Content HeuristicsNoScore: 95.5390
Quarantined by Xfilter?NoAn xfilter is a special filter released to stop a specific spam outbreak.
 These filters are triggered infrequently. If triggered, the message bypasses spam filtering. more information...

Causes of Message Delay

Result

Note

SpooledNoMessage spooled while recipient server offline.
EDQ RescanNoEarly Detection Quarantine messages are quarantined for 8 hours as possible Zero-Hour Threats, and then rescanned by the system.
Message QuarantinedNoMessage was Quarantined and released by a User or Admin.

 Message Data

Only First 3500 Characters are displayed:
Received: from psmtp.com (64.18.2.60) by FT-HUBCAS-01.foresighttech.com
 (192.168.1.6) with Microsoft SMTP Server id 14.1.355.2; Mon, 16 Jul 2012
 09:02:24 -0700
Received: from bzq-84-109-36-123.red.bezeqint.net ([84.109.36.123]) by
 exprod7mx210.postini.com ([64.18.6.14]) with SMTP;	Mon, 16 Jul 2012 09:03:39
 PDT
Received: from  (192.168.1.25) by intuit.com (84.109.36.123) with Microsoft
 SMTP Server id 8.0.685.24; Mon, 16 Jul 2012 18:03:38 +0200
Message-ID: <500435B...@intuit.com>
Date: Mon, 16 Jul 2012 18:03:38 +0200
From: Minnie Clements <sup...@intuit.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.9) Gecko/20101112 Thunderbird/3.1.4
MIME-Version: 1.0
To: <reci...@mydomain.net>
Subject: New incoming Intuit payments.
Content-Type: multipart/alternative;
	boundary="------------02080400407020503010708"
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S: 1.76079/99.90000 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-dkim: 0 skipped:not-enabled
X-pstn-settings: 4 (1.5000:1.5000) s cv gt3 gt2 gt1 
X-pstn-addresses: from <sup...@intuit.com> [26/1] 
Return-Path: sup...@intuit.com
X-MS-Exchange-Organization-AuthSource: FT-HUBCAS-01.foresighttech.com
X-MS-Exchange-Organization-AuthAs: Anonymous
Re: Why are these blatant spam messages making it through Postini FrankM Forums-TC 7/16/12 11:06 AM
The intuit.com domain is/may being spoofed. SPF filtering, either on your server or using Postini's SPF, would have at least quarantined the message if the SPF TXT records were not correct. I did not see the IP 84.109.36.123, listed in the Intuit SPF TXT record, or do I think they use an IP from Israel. The other messages may take additional content filters, as some of these aggressive new strains are using valid SPF/DKIM.  
Re: Why are these blatant spam messages making it through Postini JeremyRWhittaker 7/16/12 11:26 AM
The Postini spam score on this latest one is .16 and it still made it through!  Something has got to be wrong here!  How can I contact Postini to have them help me with this?

 This message went through the Postini System.
 This message went through Postini Spam, Virus and Content filtering.
 User settings are not available (see note below).
 Raise the recipients filter settings to stop more spam.

 Header Analysis Details

This message went through the message security service and went through spam and virus filtering. The individual user settings are not available because this message was delivered to multiple recipients, the recipient of the message is not configured in the Message Security Service as a user or alias or the header is incomplete. You should make sure the user who received this message is configured in the Message Security service. Also, BCC recipients are not displayed in the message header. Here are the technical details of the header:

Overall Evaluation

Result

Note

Passed Virus DetectionYesVirus Name: --
Passed Spam DetectionNo
See spam scores below for more information.
 more information...

Spam Filter Scores

Score

Note

Passed Blatant Spam BlockingYesMessage does not score as blatant spam.
Postini Spam Score0.16839Range: 0(Spam) - 100(Legitimate)
Legitimate sender behavior?----
Zero Hour Threat?No--
 more information...

Category Filters

Triggered?

Score

Racially InsensitiveNo95.9108
Sexually ExplicitNo95.9108
Make Money FastNo97.0282
Commercial OfferNo98.6951
 If a category filter is triggered, spam sensitivity is increased. more information...

Causes of Message Delay

Result

Note

SpooledNoMessage spooled while recipient server offline.
EDQ RescanNoEarly Detection Quarantine messages are quarantined for 8 hours as possible Zero-Hour Threats, and then rescanned by the system.
Message QuarantinedNoMessage was Quarantined and released by a User or Admin.

 Message Data

Only First 3500 Characters are displayed:
Received: from psmtp.com (64.18.2.118) by FT-HUBCAS-01.foresighttech.com
 (192.168.1.6) with Microsoft SMTP Server id 14.1.355.2; Mon, 16 Jul 2012
 11:14:47 -0700
Received: from 036_149.pool-clientes.gilat.com.pe ([200.62.149.36]) by
 exprod7mx264.postini.com ([64.18.6.11]) with SMTP;	Mon, 16 Jul 2012 14:15:48
 EDT
Received: from apache by intuit.com with local (Exim 4.63)	(envelope-from
 <sup...@intuit.com>)	id GKC807-LQ8RDL-YP	for <>,
	<sales@.net>,	<jhull@.net>,
	<dmontgomery@.net>,	<nhall@.net>,
	<sales@.net>,	<tcrow@.net>,
	<tmorrison@.net>,	<dcarter@.net>; Mon, 16 Jul 2012
 13:15:47 -0500
To: <jhull@.net>, <sales@.net>,
	<jhull@.net>, <dmontgomery@.net>,
	<nhall@.net>, <sales@.net>,
	<tcrow@.net>, <tmorrison@.net>,
	<dcarter@.net>
Subject: Your new Intuit payment invoice.
Date: Mon, 16 Jul 2012 13:15:47 -0500
From: Gerard Fuller <sup...@intuit.com>
Message-ID: <BED9601C7885FFC219975B2FD78BD0A0@intuit.com>
X-Priority: 3
X-Mailer: PHPMailer 5.1 (phpmailer.sourceforge.net)
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="------------05080600105010808010106"
X-pstn-levels: (S: 0.16839/99.80067 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-dkim: 0 skipped:not-enabled
Return-Path: sup...@intuit.com
X-MS-Exchange-Organization-AuthSource: FT-HUBCAS-01.foresighttech.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-Auto-Response-Suppress: DR, OOF, AutoReply
Re: Why are these blatant spam messages making it through Postini FrankM Forums-TC 7/16/12 11:38 AM
Just hold tight, Postini is aware of the outbreak. As for unknown recipients, the filters can not be applied unless the users settings are known. Use SPF and you should see a reduced rate of these spoofs. 

A recent response from support, based from our own support tickets. 

Our spam engineers are aware of the increased traffic and are currently working on filters for the new variants. They are in the process of working on a new spam engine calibration (not just an x-filter) that will really help with the new more sophisticated variants of spam we've seen recently. We do not use an external tools for IP monitoring. This is all done by solutions built in house. Our connection manager would be one example of this. 


FrankM
Re: Why are these blatant spam messages making it through Postini JeremyRWhittaker 7/16/12 11:48 AM
So I think I understand the problem now.  If the message is addressed to more than 2 members of my organization Postini does not know which users policies to apply to the message therefore it just makes it through?!  I need to contact Postini to fix this.  How can I get a hold of them.  Do they even know this problem exists?
Re: Why are these blatant spam messages making it through Postini FrankM Forums-TC 7/16/12 2:44 PM
Do they know, yes they do. The X-pstn-settings field is not available in a message that was delivered to multiple (envelope) recipients. However, if the sending mail server establishes a separate connection for each recipient, then an individual recipient’s spam-setting information is displayed in the header field. 

It also happens when one of the recipients is not a registered user. It will also happen, if a message is sent to an unprotected distribution/mailing list. See Protect user aliases and distribution lists. However, in the case of a spoofed domain, e.g, intuit.com applying SPF filtering could have at least quarantined the message, based on your SPF policy settings
Re: Why are these blatant spam messages making it through Postini JeremyRWhittaker 7/16/12 10:10 PM
You're talking about changing the SPF settings within Postini?  Where is that done?
Re: Why are these blatant spam messages making it through Postini FrankM Forums-TC 7/16/12 10:16 PM
The settings are in the email config level, RPF/SPF sections. 
Re: Why are these blatant spam messages making it through Postini JeremyRWhittaker 7/16/12 10:25 PM
Ah, I see now I can enabled SPF check.  This should help cut down on some of this email.  So you can confirm that Postini knows about the issues I addressed above and is working on them?
Re: Why are these blatant spam messages making it through Postini FrankM Forums-TC 7/17/12 5:31 AM
Yes, they are aware of the increased spam. This is what we received from our reseller support case. 

Hello Frank,

Thank you for contacting Google Enterprise Support.

I've taken the sample you provided and escalated them to our engineering team. It looks like there were quite a few new spam outbreaks over the weekend. Our spam engineers are aware of the increased traffic and are currently working on filters for the new variants. They are in the process of working on a new spam engine calibration (not just an x-filter) that will really help with the new more sophisticated variants of spam we've seen recently.. 

You can also escalate messages to our spam engineers by forwarding spam (as an attachment) to sp...@postini.com, or you can upload them directly here http://www.google.com/postini/headeranalyzer/.


FrankM
Re: Why are these blatant spam messages making it through Postini JeremyRWhittaker 7/17/12 8:33 AM
Thanks for the reply Frank.  When did they send that message?  I received another spam message today which is obvious spam but rated a very high score with Postini so it passed.

 This message went through the Postini System.
 This message went through Postini Spam, Virus and Content filtering.
 Message delivered (see spam scores below for more information).

 Message Analysis Details

Overall Evaluation

Result

Note

Passed Virus DetectionYesVirus Name: --
Triggered Content ManagerNoFilter Name: --
From Approved/Blocked SenderNoSender: wiz_...@changemanner.com
Passed Spam DetectionYes
See spam scores below for more information.
DispositionDelivered to InboxMessage delivered (see spam scores below for more information).
 more information...

Spam Filter Scores

Score

Note

Passed Blatant Spam BlockingYesMessage does not score as blatant spam.
Spam Threshold1.5000Scores below the threshold are considered spam.
Postini Spam Score11.75731Range: 0(Spam) - 100(Legitimate)
Spam score is above the threshold?YesMessage is not considered spam.
Legitimate sender behavior?----
Zero-Hour Threat?No--
 Early Detection Quarantine messages are quarantined for 8 hours as possible Zero-Hour Threats, and then rescanned by the system.

User Settings

Value

Note

Spam Filter SensitivityAggressive (4)Higher Levels have a greater sensitivity to spam.
Bulk Filter Threshold1.5000Value based on Bulk Filter Setting.
 The above values affect the spam Threshold score. Higher Bulk and Category Filter values indicate an increased sensitivity to spam. more information...

Category Filters

Triggered?

Score

Racially InsensitiveNo95.9108
Sexually ExplicitNo95.9108
Make Money FastNo97.0282
Commercial OfferNo98.6951
 If a category filter is triggered, spam sensitivity is increased. more information...

Other Filters

Triggered?

Note

Legal Content HeuristicsNoScore: 95.5390
Financial Content HeuristicsNoScore: 95.5390
Quarantined by Xfilter?NoAn xfilter is a special filter released to stop a specific spam outbreak.
 These filters are triggered infrequently. If triggered, the message bypasses spam filtering. more information...

Causes of Message Delay

Result

Note

SpooledNoMessage spooled while recipient server offline.
EDQ RescanNoEarly Detection Quarantine messages are quarantined for 8 hours as possible Zero-Hour Threats, and then rescanned by the system.
Message QuarantinedNoMessage was Quarantined and released by a User or Admin.

 Message Data

Only First 3500 Characters are displayed:
Received: from psmtp.com (64.18.2.80) by FT-HUBCAS-01.foresighttech.com
 (192.168.1.6) with Microsoft SMTP Server id 14.1.355.2; Tue, 17 Jul 2012
 07:33:35 -0700
Received-SPF: pass (google.com: domain of wiz_...@changemanner.com designates 74.3.163.84 as permitted sender) client-ip=74.3.163.84;
Received: from www.changemanner.com ([74.3.163.84]) by
 exprod7mx166.postini.com ([64.18.6.14]) with SMTP;	Tue, 17 Jul 2012 10:34:53
 EDT
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=changemanner.com;
 h=Subject:From:Date:Mime-Version:To:Message-ID:Content-Type:Content-Transfer-Encoding; i=wiz_...@changemanner.com;
 bh=Du3ez59bfHOpP3LIoFDC78e/QNU=;
 b=V9CUAupQH2hNWFraBrdYA+6u2GxTlb/kO1zHXmYBZFT/BX1vtyJvDUTEysafSyAbi/BIhmRgElV6
   cy2PH61uY8zMonUPpPF3SwVcfEszQVHf/BKTGQ81xUJeh8iDVz+hIFJFZjB5mj/Xoe96fJqlcUdH
   ANVU5XbNUSkL2YcHp28=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=default; d=changemanner.com;
 b=JcfYMu3B5rAcxqpYYGucPrI05PLUaQpq5x2KeUDSoxsu/5LDFJH+pwJaprxRsxIx0v+qR8DYxvrr
   Ntuz8tQs4KfqJoCaQ2La1pQzHMM+NhBMmlepOiDiSUW9iI3eWqncBjW29wbVhyaY7ajl5I2eFWkW
   aBm+yhxGGyrOaS3Amc8=;
Subject: the_easy_way_to_shape,_bake_&_create_taco_bowls
From: OFFICIAL-PERFECT-TORTILLA-STORE <wiz_...@changemanner.com>
Date: Tue, 17 Jul 2012 07:28:49 -0700
MIME-Version: 1.0
To: <j@.net>
Message-ID: <386494137...@www.changemanner.com>
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
X-pstn-levels: (S:11.75731/99.90000 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-dkim: 1 skipped:not-enabled
X-pstn-settings: 4 (1.5000:1.5000) s cv gt3 gt2 gt1 
X-pstn-addresses: from <wiz_...@changemanner.com> [26/1] 
Return-Path: wiz_...@changemanner.com
X-MS-Exchange-Organization-AuthSource: FT-HUBCAS-01.foresighttech.com
X-MS-Exchange-Organization-AuthAs: Anonymous
Re: Why are these blatant spam messages making it through Postini JeremyRWhittaker 7/17/12 8:34 AM
Again another one.

 This message went through the Postini System.
 This message went through Postini Spam, Virus and Content filtering.
 Message delivered (see spam scores below for more information).

 Message Analysis Details

Overall Evaluation

Result

Note

Passed Virus DetectionYesVirus Name: --
Triggered Content ManagerNoFilter Name: --
From Approved/Blocked SenderNoSender: butt...@drivingsofast.com
Passed Spam DetectionYesSee spam scores below for more information.
DispositionDelivered to InboxMessage delivered (see spam scores below for more information).
 more information...

Spam Filter Scores

Score

Note

Passed Blatant Spam BlockingYesMessage does not score as blatant spam.
Spam Threshold1.5000Scores below the threshold are considered spam.
Postini Spam Score2.74949Range: 0(Spam) - 100(Legitimate)

 Message Data

Received: from psmtp.com (64.18.2.199) by FT-HUBCAS-01.foresighttech.com
 (192.168.1.6) with Microsoft SMTP Server id 14.1.355.2; Tue, 17 Jul 2012
 05:31:21 -0700
Received-SPF: pass (google.com: domain of butterfly-=.n...@drivingsofast.com designates 176.9.48.74 as permitted sender) client-ip=176.9.48.74;
Received: from 176.9.48.74.reserver.ru ([176.9.48.74]) by
 exprod7mx186.postini.com ([64.18.6.10]) with SMTP;	Tue, 17 Jul 2012 07:32:34
 CDT
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=drivingsofast.com;
 h=From:To:Date:Reply-To:Message-Id:Subject:MIME-Version:Content-Type:In-Reply-To:References;
 bh=zQKPVOe5OSgpouEzcjtLPw0HOlg=;
 b=q2U+Yi5Q/9sevzKr6suJureq8PduKC0Pal8RD7OJFgHq07LRxxKTOlLXm/h6sQi/ea/WgFfpzH14
   P1VHlbN+K1kdZvWKJGZsFDhK5QrvT1QAdT19L3bKI7uJ5NfSBYn2vO4Wrg8pHyzN6l/3gwSa2ZLk
   shFJI6PE0QReSHtrJ7k=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=drivingsofast.com;
 b=S1hUCiNqowyuveMuvEQz6+F+A0GZzgIBXyhVe2EuIORfM7kzvRdG6QAx+KAq2oUlE1ZPTKLAER9q
   GSFGyxgZ+Qh3ZYN8A97hj3WS5s7+fxQjaByETXZpxS3ee4h9yD9k9CCUtQXqh8P1qYgVHe/39ZJ2
   8vSFF/VSC00VX3ttjvY=;
From: Butterfly <butt...@drivingsofast.com>
To: <@.net>
Date: Tue, 17 Jul 2012 14:30:23 +0200
List-Unsubcribe: <mailto:unsubscrib...@drivingsofast.com>
Reply-To: <reply-1...@drivingsofast.com>
Errors-To: <bounced-...@drivingsofast.com>
Return-Path: <bounced-...@drivingsofast.com>
Message-ID: <oQZ3XFZjZT4uudWnMyFp8g__.0Qdi5lPvd_sls_M_.he3THYFtoDBVFIIJmOry5vbNmKIml_sls_0_@drivingsofast.com>
Subject: Hi
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="tTqb64FUYQqx1rsRMqN3x9pPv.0z282l"
In-Reply-To: <1342524209.CbE...@foresighttech.net>
References: <1342524209.CbE...@foresighttech.net>
X-pstn-neptune: 6/1/0.17/96
X-pstn-levels: (S: 2.74949/99.90000 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-dkim: 1 skipped:not-enabled
X-pstn-settings: 4 (1.5000:1.5000) s cv gt3 gt2 gt1 
X-pstn-addresses: from <butt...@drivingsofast.com> [26/1] 
X-MS-Exchange-Organization-AuthSource: FT-HUBCAS-01.foresighttech.com
X-MS-Exchange-Organization-AuthAs: Anonymous
Re: Why are these blatant spam messages making it through Postini FrankM Forums-TC 7/17/12 9:02 AM
Yesterday. However, you have multiple issues to address, especially SPF filtering. You may try setting SPF to Hard Fail, as hard fails for neutral should be treated as having no SPF. See Sender Policy Framework (SPF) 2.5.2