spam_check
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
spam_check [2016/08/15 17:34] – lucy | spam_check [2017/10/20 17:18] – lucy | ||
---|---|---|---|
Line 2: | Line 2: | ||
Many campaigns fail because the test emails end up in the SPAM folder (e.g. if you define a sender email domain that does not exist, most email servers will reject that email as SPAM. Also, sending an email with a link that contains only an IP address instead of a domain or has certain keywords, may also trigger SPAM filters). There are many reasons for getting filtered and a few things that can be done. More info can be found [[avoid_spam_issues|here]]. This SPAM check does not replace the [[avoid_spam_issues|checklist]], | Many campaigns fail because the test emails end up in the SPAM folder (e.g. if you define a sender email domain that does not exist, most email servers will reject that email as SPAM. Also, sending an email with a link that contains only an IP address instead of a domain or has certain keywords, may also trigger SPAM filters). There are many reasons for getting filtered and a few things that can be done. More info can be found [[avoid_spam_issues|here]]. This SPAM check does not replace the [[avoid_spam_issues|checklist]], | ||
- | |||
- | ===== How to avoid SPAM? ===== | ||
- | |||
- | Before going live with a campaign we recommend: | ||
- | |||
- | * **Test Run**: Before you start your real campaign against all users, always have LUCY send an email to one specific account (must be the same domain as the final recipient group domain) and see if it arrives fine. | ||
- | * **Built-in SPAM Check**: Run the built in SPAM checker from LUCY. It can be activated under " | ||
- | |||
- | {{ 96.jpg?600 }} | ||
- | |||
- | After selecting a campaign, it will present you with the summarized results after a short 2-3 minutes testing phase (please refresh the page if there is no result shown after more than 5 minutes): | ||
- | |||
- | {{ 116.jpg?600 }} | ||
- | |||
- | * **Test with External SPAM Checker**: Sometimes, email might go directly to the recipient' | ||
- | |||
===== What type of SPAM checker tools are build into LUCY? ===== | ===== What type of SPAM checker tools are build into LUCY? ===== | ||
Line 39: | Line 23: | ||
{{ spam_long.png? | {{ spam_long.png? | ||
+ | |||
+ | ===== Why are SPAM filters rejecting an email? ===== | ||
+ | |||
+ | Spam filters identify Spam based on a long list of criteria, but generally they consider: | ||
+ | * Relationship with subscriber | ||
+ | * Reputation of IP address and sender domain | ||
+ | * Quality of email subject line, teaser, and content | ||
+ | * Quality and safety of links in email | ||
+ | * Presence or absence of images (e.g. tiny size of a tracking images might cause a problem) | ||
+ | * Ratio of images to text and links to text | ||
+ | * Inclusion of text version of email | ||
+ | * etc. | ||
+ | |||
+ | ===== How can I get pass the common email defenses like SPAM filters? ===== | ||
+ | |||
+ | The goal of a phishing campaign is people testing. So you don't want to spend too much time in creating a hack that allows you to bypass an external email filter (since most email filters are "black boxes" the only way of preventing you from being filtered is using some very time consuming trial & error methodology). Therefore we strongly recommend creating a **whitelist entry** on your SPAM/Email defense solution (whitelist either LUCY's domain or IP). If this is not possible you try a few other things to get a better SPAM score or bypass filters: | ||
+ | |||
+ | |||
+ | **Use an external mail server** | ||
+ | Using an external mail server with an existing domain configured could be the easiest and quickest workaround to prevent SPAM issues. | ||
+ | |||
+ | |||
+ | **Set helo/ehlo SMTP host name in LUCY** | ||
+ | It is recommended to create a SMTP server name (that is the server name of LUCY). Most SMTP servers will accept your mail if you simply have a reverse DNS entry. It does not have to match the domain name on your e-mail address. Some SMTP servers will reject mail if the reverse DNS doesn' | ||
+ | |||
+ | {{ settings_mail_host.png? | ||
+ | |||
+ | **Review Your Email Content** | ||
+ | Spam filters consider a long list of criteria when judging the “spamminess” of an email. They’ll weigh each factor and add them up to determine a Spam score which then determines whether a campaign will pass through the filter. They might look for spammy phrases like “CLICK HERE!” or “FREE! BUY NOW!”. Then they' | ||
+ | * Talks about lots of money (.193 points) | ||
+ | * Describes some sort of breakthrough (.232 points) | ||
+ | * Contains urgent matter (.288 points) | ||
+ | * Money back guarantee (2.051 points) | ||
+ | |||
+ | LUCY allows you to Review the mail Content with the local SPAM assassin engine: | ||
+ | |||
+ | {{ spam_test.png? | ||
+ | |||
+ | **Use a Corporate Email Account as Your Sender Address** | ||
+ | If you use a major ESP and send email using personal email addresses such as paul@yahoo.com or paul@aol.com, | ||
+ | |||
+ | **Use Descriptive Text Instead of URLs as Link Text** | ||
+ | Spam filters try to block phishing attacks where attackers encourage readers to click on a well-known text URL that links to a different URL (attacker website). For example, a victim of a phishing attack would see " | ||
+ | |||
+ | **Make Sure You Are Not on Blacklists** | ||
+ | If you are sending from your own IP address, you can use tools like MX Toolbox (https:// | ||
+ | |||
+ | **It Matters Where You’re “From”** | ||
+ | Mailbox providers evaluate more than just the sender’s IP, domain and content. They also pay attention to your " | ||
+ | |||
+ | **Keep the Format Simple** | ||
+ | Avoid the use of background colors, large or unusual fonts, or more than one font. In other words, don't make your email look like an advertisement or a brochure. | ||
+ | Avoid coding sloppy HTML - usually from converting a Microsoft Word file to HTML. | ||
+ | Avoid creating an HTML email that’s nothing but one big image with little or no text. Spam filters can’t read images, so they assume you’re a spammer trying to trick them. | ||
+ | Using the word “test” in the subject line. Agencies can run into this issue when sending drafts to clients for approval. | ||
+ | |||
+ | **Limit the Number of URL Links** | ||
+ | Spam filters are wary of link-laden messages because spammers tend to scatter links around their messages, hoping that the reader will click on at least one. | ||
+ | |||
+ | **Create a Unique Subject Title** | ||
+ | In your e-mail header, include something unique to the recipient that's unlikely to be in a Spam message. Examples could include your company name, the name of one of your target' | ||
+ | |||
+ | **Review Your Sending Method and Ask Your Client to Whitelist the IP** | ||
+ | Sending a test to multiple recipients within the same company might cause some problems. That company’s email firewall often assumes it’s a Spam attack. To perform a phishing attack, you might need to whitelist LUCY's IP on the remote firewall or SPAM filter. | ||
+ | |||
+ | **Optimize your DNS settings** | ||
+ | Don't use an existing common domain name (like apple.com) already reserved by a third party. Never use a domain that does not exist. Reserve a similar domain name or one that relates to the service you describe in the email (example: get-your-secure-mail.com). | ||
+ | Set an MX, A & a SPF record for the domain you use in the test that all point to LUCY for that domain. Enable [[dkim_support|LUCY' | ||
+ | |||
+ | **Watch out when you spoof your own domain** | ||
+ | Did you define your own company domain as a sender? Example: You try to phish your employees with the domain mycompany.com which is actually the official domain for your company? The problem is that there might be a DNS record (example SPF) that defines which mail server is allowed to send mails on behalf of this domain. If such a record exists your email server will deny emails coming from a different server using this domain. The solution is: If you still want to perform a phishing test, with a domain like the one from your company, we recommend reserving a similar domain like “my-company.com” or strategically place a typo like “myconpany.com”. Most users won’t recognize the difference and you'll have an additional feature to test awareness. | ||
+ | |||
+ | **Set a PTR (reverse DNS)** | ||
+ | Some SPAM filters like http:// | ||
+ | |||
+ | |||
+ | **Avoid using a tracking image in the mail (Do not click: "track opened mails" | ||
+ | Tracking images (the small size) lead to a higher SPAM score. So try to uncheck this option in case you get filtered. | ||
+ | |||
+ | **Avoid using advanced LUCY Features like BeEF Framework** | ||
+ | The [[beef_integration|BeEF Framework]] is often detected by scanners that follow the links. This will raise the chance your mail gets flagged as SPAM. | ||
+ | |||
+ | **Test your IP & Domain reputation** | ||
+ | If you mails still get flagged you can test your domain/ | ||
+ | |||
+ | |||
+ | **Don' | ||
+ | If you send hundreds of mails without throttling down the delivery you might get flagged as SPAM very quickly. Please use the [[scheduler|scheduler]] to slow down mail delivery. | ||
+ | |||
+ | ===== What is the best test procedure with LUCY to identify the source of SPAM issues? ===== | ||
+ | |||
+ | **Step 1 - TEST MAIL** | ||
+ | Send to the desired recipient a [[test_mail|test mail]] using a sender with a 3rd party domain name that has no SPF (e.g. " | ||
+ | |||
+ | {{ tstmail.png? | ||
+ | |||
+ | The test mail is always a text only mail with no suspicious content. If the test mail does not arrive it is possible that the email filter is blocking any mail communication from an unknown IP (if there is no known activity log about that IP in the internet). In such a case you can either try to configure an [[using_an_external_mail_server_or_web_proxy|external mail]] server. | ||
+ | |||
+ | **Step 2 - IDENTIFY THE ISSUE THAT TRIGGERS THE EMAIL FILTER** | ||
+ | Start altering the message & domain settings: it is very important that you slowly start altering the settings in order to identify the reason for getting filtered. One of the first changes you might want to try is playing around with different domain names (e.g. a different domain as a [[http:// | ||
+ | |||
+ | **Step 3 - TEST RUN** | ||
+ | After you identified and removed the issues that caused the mails to get filtered we recommend doing a test run. The test run should be done with one target email accounts to see if the email gets filtered and how the link is accessed (sometimes a SPAM filter can automatically access the link in the email before the user can. This will make it impossible for LUCY to know if the link was really clicked). | ||
+ | |||
+ | **Step4 - REAL CAMPAIGN** | ||
+ | Once you started the campaign you might still have a situation where mails get filtered. To investigate this: | ||
+ | |||
+ | * First check if the mail got send by clicking on the message log in the left navigation panel within a campaign | ||
+ | |||
+ | {{ mail_communication_issues: | ||
+ | |||
+ | * Then check if there was a communication error by clicking on the error log in the left navigation panel within a campaign | ||
+ | |||
+ | {{ mail_communication_issues: | ||
+ | |||
+ | There are three possible message scenarios in case mails are still being filtered: | ||
+ | |||
+ | * a) No mails send: then you won’t see anything in the message log | ||
+ | * b) Mails send – but with error: then you will see an error in “Errors” | ||
+ | * c) Mail send – no error: mail communication has been established and mails have been accepted for delivery | ||
+ | |||
+ | |||
+ | In case of " | ||
+ | |||
+ | * 1) You know that the SMTP communication works and LUCY's IP is not filtered by any 3rd Party product. Therefore you experience a configuration issue in the campaign which causes the mail to get filtered (like using a spoofed sender domain which has an SPF record, using a sender domain that points to a different MX record or has no valid MX record at all or creating a campaign that gets filtered because of the SPAM score). Also make sure you even created a [[: | ||
+ | |||
+ | {{ mail_communication_issues: | ||
+ | |||
+ | * 2) Investigate your [[: | ||
+ | |||
+ | |||
+ | ===== Known Issues with Microsoft, Gmail etc. ===== | ||
+ | |||
+ | Some providers will block all mails or automatically flag them as SPAM from any new mail server that has no activity logs in the internet (like Microsoft or Gmail). Microsoft Points out that any new mail server will have a higher likelihood of getting blocked (https:// | ||
+ | |||
+ | **Note**: If you are sending emails from a new or “cold” IP address, abrupt spikes in email sending volumes can harm your IP’s reputation. To prevent this, you need to warm your IP address up gradually over time to establish your IP address as a legitimate email sender among Internet Service Providers (ISPs). Properly warming up your IP address is a crucial step in building your email sending reputation and improving delivery performance. The key to warming your IP address is to spread out your initial sends over multiple days. | ||
+ | |||
+ | |||
+ | ===== How do I improve my Sender Score? ===== | ||
+ | Your Sender Score can affect your deliverability in a few ways. Senders with scores below 70 generally have emails coming from their IP aggressively filtered -- your emails are more likely to end up in junk folders. Senders with scores above 70 generally have filtering applied to individual emails and campaigns, rather than their IP address. | ||
+ | |||
+ | There are several things you can do to improve and maintain a good Sender Score. Maintaining consistent sending volumes and schedules, staying off blacklists, and warming your IP address are all great ways to keep your Sender Score healthy. | ||
spam_check.txt · Last modified: 2020/08/07 13:01 by lucy