User Tools

Site Tools


avoid_spam_issues

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
avoid_spam_issues [2018/05/18 09:19] lucyavoid_spam_issues [2020/04/03 13:21] – ["Deceptive site ahead". What can I do?] lucy
Line 103: Line 103:
  
 **Step 1 - TEST MAIL**  **Step 1 - TEST MAIL** 
-Send to the desired recipient a [[test_mail|test mail]] using a sender with a 3rd party domain name that has no SPF (e.g. "test@gaga.com) or a valid domain configured on LUCY. +Send to the desired recipient a [[test_mail|test mail]] using a sender with a 3rd party domain name **that has no SPF** (e.g. "test@gaga.com; you can test the SPF here: https://mxtoolbox.com/spf.aspx) or a valid domain (valid means, that the domain has a MX record) configured on LUCY. 
  
 {{ tstmail.png?600 }} {{ tstmail.png?600 }}
  
-The test mail is always a text only mail with no suspicious content. If the test mail does not arrive it is possible that the email filter is blocking any mail communication from an unknown IP (if there is no known activity log about that IP in the internet). In such a case you can either try to configure an [[using_an_external_mail_server_or_web_proxy|external mail]] server.+The test mail is always a text only mail with no suspicious content.  
 + 
 +If the test mail does not arrive it is possible that the email filter is blocking any mail communication from an unknown IP or an server with a neutral mail reputation (if there is no known activity log about that IP in the internet). In such a case you can try to configure an [[using_an_external_mail_server_or_web_proxy|external mail]] server. If you don't have a mail relay you can use, please set for the test the mail delivery method to (1) "HTTP Proxy" in the "settings/mail settings" menu and use one of the predefined domains (2): 
 + 
 +{{ mailhttpse.png?600 }} 
 + 
 + 
 +This will force all communication through the external mail relay from sendgrid. You can change this setting later on a campaign level (under "Base Settings/Scenario Settings/Mail Settings"). 
  
 **Step 2 - IDENTIFY THE ISSUE THAT TRIGGERS THE EMAIL FILTER**  **Step 2 - IDENTIFY THE ISSUE THAT TRIGGERS THE EMAIL FILTER** 
-Start altering the message & domain settings: it is very important that you slowly start altering the settings in order to identify the reason for getting filtered. One of the first changes you might want to try is playing around with different domain names (e.g. a different domain as a [[http://phishing-server.com/PS/doc/dokuwiki/doku.php?id=mail_settings&s[]=domain|sender mail]], the  using a different domain for the landing page and maybe also just use a link with an IP address only). If there is no effect in using different domain names make sure that the domain settings are correct. Keep the mail & landing page as simple as possible in the beginning and then start adding content.+If the test email arrives, you can start altering the message & domain settings: it is very important that you change the settings step by step, in order to identify the reason for getting filtered.  
 + 
 +One of the first changes you might want to try is playing around with different domain names (e.g. a different domain as a [[http://phishing-server.com/PS/doc/dokuwiki/doku.php?id=mail_settings&s[]=domain|sender mail]], the  using a different domain for the landing page and maybe also just use a link with an IP address only). If there is no effect in using different domain names make sure that the domain settings are correct. Keep the mail & landing page as simple as possible in the beginning and then start adding content. 
  
 **Step 3 - TEST RUN**  **Step 3 - TEST RUN** 
 After you identified and removed the issues that caused the mails to get filtered we recommend doing a test run. The test run should be done with one target email accounts to see if the email gets filtered and how the link is accessed (sometimes a SPAM filter can automatically access the link in the email before the user can. This will make it impossible for LUCY to know if the link was really clicked).  After you identified and removed the issues that caused the mails to get filtered we recommend doing a test run. The test run should be done with one target email accounts to see if the email gets filtered and how the link is accessed (sometimes a SPAM filter can automatically access the link in the email before the user can. This will make it impossible for LUCY to know if the link was really clicked). 
 +
  
 **Step4 - REAL CAMPAIGN**  **Step4 - REAL CAMPAIGN** 
Line 128: Line 140:
 There are three possible message scenarios in case mails are still being filtered: There are three possible message scenarios in case mails are still being filtered:
  
-  * a) No mails send: then you won’t see anything in the message log +  * a) [[mail_communication_issues_-_mails_do_not_get_send_at_all|No mails send]]: then you won’t see anything in the message log 
-  * b) Mails send – but with error: then you will see an error in Errors” +  * b) Mails send – but with error: then you will see an error in "[[resend_mails_that_previously_generated_an_error|Errors]]"
   * c) Mail send – no error: mail communication has been established and mails have been accepted for delivery    * c) Mail send – no error: mail communication has been established and mails have been accepted for delivery 
  
Line 140: Line 152:
  
   * 2) Investigate your [[:i_started_my_campaign_-_but_no_mails_get_send_and_i_see_no_error|settings]]   * 2) Investigate your [[:i_started_my_campaign_-_but_no_mails_get_send_and_i_see_no_error|settings]]
 +  * 3) In some cases there is a email threshold that limits the amount of emails you are allowed to send in a certain time frame. Amazon, Google & Microsoft have such limits. When you do a test run you might not experience any difficulties, but once you start sending out mass emails, the communication might get dropped by the remote mail server.
  
  
Line 163: Line 176:
  
 In case you rent a VPS through LUCY Security, we kindly ask you first to contact the the blacklist site and request a de-listing. If you cannot get delisted in a reasonable time, please get in contact with us and we can request an IP address change. In case you rent a VPS through LUCY Security, we kindly ask you first to contact the the blacklist site and request a de-listing. If you cannot get delisted in a reasonable time, please get in contact with us and we can request an IP address change.
 +
 +===== "Deceptive site ahead". What can I do? =====
 +{{ :deceptive_site.png?600 |}}
 +
 +If you are seeing a message like this, it means that the domain name was blacklisted by Google.
 +Unfortunately, domain won't be unblocked, because Google bans these domains for phishing.
 +
 +The fastest and easiest option is to abandon the current domain name and register a new one.
 +In case if LUCY administration domain got blacklisted, please do the following:
 +  - Open Chrome 
 +  - Go to Settings > Privacy. 
 +  - Toggle off Chrome's Safe Browsing mode.
 +
 +After the actions above, the Deceptive Site message won't appear in your browser and the LUCY administration panel is available again.
 +
 +You can check if your domain got blacklisted by Google via the link below:
 +https://transparencyreport.google.com/safe-browsing/search
  
 ===== Whitelisting in different products ===== ===== Whitelisting in different products =====
  
 **GSuite/Google Apps** **GSuite/Google Apps**
-  * This is the recommend setting if you do not have a cloud-based spam filter in front of GSuite. + 
-  * Login to https://admin.google.com and select Apps. +Please review [[gsuite_whitelisting|this]] article.
-  * Select GSuite. +
-  * Select Gmail. +
-  * Select Advanced Settings. +
-  * In the Organizations section, highlight your Domain (Not an OU). Note: GSuite does not allow whitelisting by IP Address for individual OUs, only the entire domain. +
-  * In the Email whitelist section, enter the LUCY IP address +
-  * Scroll to the bottom and click Save. The setting may take up to an hour to propagate to all users.+
  
  
Line 189: Line 213:
   * Click Save    * Click Save 
   * If emails with certain attachements get blocked, setup a safe attachement policy: https://support.office.com/en-us/article/set-up-office-365-atp-safe-attachments-policies-078eb946-819a-4e13-8673-fe0c0ad3a775   * If emails with certain attachements get blocked, setup a safe attachement policy: https://support.office.com/en-us/article/set-up-office-365-atp-safe-attachments-policies-078eb946-819a-4e13-8673-fe0c0ad3a775
 +
 +**O365 Advanced Threat Protection** 
 +  * Go to https://protection.office.com and sign in with your work or school account.
 +  * In the left navigation, under Threat management > Policy > Safe Links.
 +  * In the Policies that apply to specific recipients section, choose New (the New button resembles a plus sign ( +)) to create a new policy. (Alternatively, you can edit an existing policy.)
 +  * Choose New to add a Safe Links policy for specific email recipients
 +  * Specify a name and description for your policy.
 +  * In the Do not rewrite the following URLs section, select the Enter a valid URL box, and then type a URL, and then choose the plus sign (+).
 +  * In the Applied To section, choose The recipient is a member of, and then choose the group(s) you want to include in your policy. Choose Add, and then choose OK.
 +  * When you are finished adding URLs, in the lower right corner of the screen, choose Save.
  
  
Line 227: Line 261:
   * Click Save.    * Click Save. 
  
 +
 +**MessageLabs or Symantec**
 +
 +To add a global Approved Sender: 
 +1.Select Services > Email Services > Anti-Spam.
 +2.Ensure that Global Settings is selected in the domains drop-down list.
 +3.Click the Approved Senders tab.
 +4.Click the Add Entry option.
 +5.The Domain/Email/IP and Description fields become editable.
 +6.In the Domain/Email/IP field enter the IP address of the LUCY server.
 +7.In the Description field, enter brief details about the new entry.
 +8.To add the entry to the list, click Update.
 +
 +This new policy will allow any inbound mail flow originating from LUCY's IPs to reach your users.
avoid_spam_issues.txt · Last modified: 2021/12/14 07:04 by lucysecurity