Lotus Notes Spam

Tags: : Patents

Our partner in spam blocking, Cloudmark, has just received a patent on their Global Threat Network system. What an exciting announcement! For the last 5 years, we have been asserting that the Community Approach to Blocking Spam is the best way to beat the spammers. Although the spammers have made some counter attacks, the Cloudmark technology that we integrate into SpamSentinel consistently self-corrects and finds a way to block the spam. It first dealt with polymorphic spam, then random poetry inside the message, then images, then viruses, and on and on.

Here is a quote from Cloudmark:

"This patented technology, the Global Threat Network system, is the industry's first collaborative threat detection system. The Global Threat Network system consists of 600 million trusted reporting sources, including service provider abuse teams, systems administrators, honeypots and users, who report e-mail messages into the system in real-time. Corroborated feedback from these reporters enables Cloudmark to automatically block new spam, phishing and virus outbreaks within minutes of the original attack."

The Community Blocking idea started with one of the founders of Napster who said "What can I do with a million people, now that they cannot share music anymore"? He created a collaborative filter, working with Vipul's Razor, to let the community decide what is spam and what is good mail. Leon Rishniw, a colleague and VP of Engineering at Cloudmark, had this to say:

"The Global Threat Network is the first and largest trusted collaborative threat detection system in the world," said Rishniw. "This patented technology gives Cloudmark customers unmatched protection against emerging threats"

So, while we Lotus Notes users are going in for all things community in a big way, SpamSentinel has been utilizing a community approach for 5 years. Here is a t-shirt from Admin 2006, stating:
What can 10 Million People Do to make the World a better place? The other side says the answer: Stop Spam! And now that approach is patented!

Posted by Frank Paolino At 12:25 PM Location Boston | Permalink | Comments (0) |      

Tags: : Celtics

I was invited to Nashawtuc Country Club by Ed Sasena to see the Bank of America Championship. I watched a lot of golf, and it happened that a Nashawtuc member and one of the owners of the Boston Celtics, Steve Pagliuca, managed to bring the 2008 World Champion Boston Celtics Trophy on Saturday, June 21.  I had a picture taken with the trophy.  There were lip marks on the basketball, but I abstained from kissing it.  Notice that I kept my water bottle cool with  the Notes Floats My Boat koozie!

Posted by Frank Paolino At 10:32 AM Location Boston | Permalink | Comments (0) |      

Tags: : End User Experience

I read an interesting article from Lee Gomes of the Wall Street Journal.  He looked at his company's internal spam policies and was not happy with the result:

"...Inboxes were suddenly free of offers for prescription medicines, mortgage refinances, crude erotica and all the other mainstays of the spam economy. Regular email life could resume--spam-free. It looked like another victory for technology in the hands of the good guys... [However] the antispam system had been so effective because it had labeled as spam just about everything that was even remotely suspect... Naturally, a huge percentage of the emails weren't spam at all. Our freedom from spam had come at a stiff price -- a very high false-positive rate. How bad was it? I took a good long look at a few days' worth of messages in my spam bucket. There were 192 in all. Sorting them by hand into "real mail" and "actual spam," I figured that some 46% were legitimate messages that had been flagged as spam.  Of these, most were news releases from companies, including VMWare, Dell and Hewlett-Packard. Notices from Purdue University, the Semiconductor Industry Association and Forbes Magazine also were blocked." See full Wednesday, June 18, 2008 Wall Street Journal article

What Lee really needs is more of a self-service handling of his spam volume, and he mentions later in the article that his software does have a sensitivity setting.  But with spam volume increasing more and more, one of the biggest challenges of spam filtering technology is finding false positives among the spam.  Users need an easy way to peruse the spam that has been filtered.  Users receiving hundreds of spam daily have a tough time finding good mail among the blocked messages.  

Filters that score spam can, for example, only show the lowest scored spam to the users for examination, reducing the number of messages that need attention.  SpamSentinel rates spam as categories "B" (Bulk, which would include Lee's news releases), "C" (Confirmed) and "D" (Delete). The "D" (Delete) category comprises 80% of all spam we receive, and does not contain any false positives.  That is how we designed the "D" category, and 3 billion messages have confirmed no false positives in this category.

I prefer to have my low scored spam (category "B") sent to my Junk Mail folder in my Lotus Notes email, so I can check it once a day and release any false positives, newsletters or other bulk messages.  I can also whitelist a sender, which only impacts me, with a single click.  And I never have to call any IT staff to ask for help.

Posted by Frank Paolino At 3:29 PM Location Boston | Permalink | Comments (1) |      

Tags: : Backscatter

So I opened up my Inbox this morning and found 4 backscatter messages.   2 of them were out of office replies from Harvard University, my guess is some professors who are done with this semester. At first I was disappointed that SpamSentinel had missed this backscatter until I looked at my Lotus Notes Junk Mail folder, and found 440 messages stopped since I checked my email just last night at about 9 PM, about 12 hours ago.

It looks like I was the (un)lucky spoofed sender for a new email attack.  I was lucky that we have the aggressive Backscatter prevention feature of SpamSentinel turned on, which stops almost all non-Delivery reports and other Backscatter right at the Domino server (see SpamSentinel 7.5.3.6 Aggressive Backscatter Prevention ).

Building this product for others is one thing, but using it myself makes it much more real, especially when I am the victim of the attack!

Here is a picture of my Junk Mail folder this morning:



So, if you still haven't tried the free Backscatter stopper for Domino, you can download it here and it will help block most of the Backscatter right at the Domino server:

http://www.maysoft.com/nobs

Posted by Frank Paolino At 8:21 AM Location Boston | Permalink | Comments (2) |      

Tags: : Backscatter

Some users want to aggressively stop all Backscatter.  Using SpamSentinel version 7.5.3.6, you can block even more Backscatter right at your Domino server.  Here are the settings from the SpamSentinelAdmin.nsf server config document:



Notice the Aggressive option.  This will block the most common Backscatter offenders, such as Challenge / Response systems, EML attachments, Delivery Failures and Out of Office Replies.  It will also block some real delivery failure reports or out of office replies, and should only be used if you are getting hundreds or thousands of these Backscatter emails every day.  These aggressive options are best turned on for a week until the Backscatter subsides. They can be changed in real-time, without restarting the Domino server.

If your Lotus Notes email users get one or two a day, we recommend the "Normal Settings" and that you deselect the "Aggressive Backscatter Prevention" settings.

Posted by Frank Paolino At 9:23 AM Location Boston | Permalink | Comments (1) |      

Tags: : Backscatter Free Software

We have built a free server addin for Lotus Notes and Domino, to help reduce Backscatter that arrives at your Domino servers.

Backscatter is a big problem for all servers across the internet, and Lotus Domino servers are no exception.  We have created a "Stop Backscatter" project to help protect Lotus Notes and Domino email users from email Backscatter.

We call this version SpamSentinel NoBS, for No Backscatter.  The software is a simple DLL that you put in your Notes.ini.  It works on any version of Domino (5,6,7 or 8) running on Windows machines (2000, 2003, XP), and stops between 80%-90% of the Backscatter. The messages are deleted at the server during the SMTP session.  It does not send back a non-Delivery report, or reject the message, as that would just add to the Backscatter problem.  It should be compatible with all Lotus Domino Anti-Virus products, as well as most spam filters you may be using.  There are No license fees and No expiration date (and no support - except via email on a best efforts basis).  

What is Backscatter?  Most of us have seen it:

failure notice
Mail delivery failed: returning message to sender
Undelivered Mail Returned to Sender
Undeliverable: Free Vigara Plils. ksmith's discount Coupon #lJevs        .
Please Verify Your Email Address: REPLY to this email.
Your e-mail could not be delivered
Delivery Status Notification (Delay)
Undeliverable - Recipient does not exist

These are delivery failure reports for messages that we did not send.  Backscatter is a common issue at the moment. What happens is that the spam sender forges the return address so that it points to you. When the receiving server rejects the message, due to an invalid user name or mail box full error (for example), the server creates a non-Delivery failure and sends it back to the user who it thinks the mail came from - i.e. you or one of your users.  (To see how that can happen read Why do I get spam that is NOT addressed to me ).

Although Backscatter is not spam, many of our Lotus Notes and Domino customers complain about it to us, as they know we can be pretty creative when stopping unwanted email.  We have figured out a way to protect the Domino servers from most Backscatter.  (SpamSentinel has this Backscatter feature already built-in in version 7.5.3.1).  

Here is a sample of what it accomplishes, taken from log.nsf:

Here are some questions and answers about the product:

Will I still Receive "Real" Delivery Failure Reports?
Delivery failure reports will still be sent to users for mail that they actually sent.  We can determine the difference between mail originating from your Domino server and Backscatter.  

Is it Compatible with my current Spam filter?  Or AV product?
NoBS should be compatible with all anti-spam and anti-virus products installed on your Domino server.  If you find one that is not, click here to report a problem:
Click here to report a problem

Can I Whitelist specific Domains?
No.  NoBS is a simple, free product.  If you want advanced features, take a look at the full SpamSentinel product (click here), which has many advanced settings, including an option to quarantine Backscatter for users to examine and release as needed.

You can download the software, and read FAQ here:
http://www.maysoft.com/bs

Feedback to the product can be left on this blog.  Please tell us if it helps stop a lot of your Backscatter?

Posted by Frank Paolino At 12:30 PM Location Boston | Permalink | Comments (2) |      

Tags: :

Let me brag about the extremely positive feedback Nick McCann has received from customers. Nick works in the U.K. and is SpamSentinel support manager for U.K and Europe.  There are 24 customer comments from the month of April here, averaging more than one super-satisfied customer every working day!

Well done, Nick!

Comment		Feedback
Quick, satisfactory and very helpful service.		very good
This is the second or third time that I have worked with Nick and as normal the service was VERY, VERY good. He is one of the few support techs that are friendly and do not make you feel like a total fool in a stressful situation. Kris W. Dallas Tx		Nick did not add to the stress of a already stressful situation. He did his thing and got things right again.
Nick solved the problem in a shorter time than it took me to type in the description of it.		So far, all of you that I've been in contact with really do a very nice job. And I appreciate it.
absolutely hilarious support		by far the best sales support ever ! (55 years old !)
The solution was immediate and perfect.		Nick is always prompt and have the solution.
Nick is quick and gets the job done, as always 10+		10+
verry good it was a very great support to me thanks lot		7-8 months
great support		the software for assistance is easy to use and needs no special firewall and proxy configuration
good job in helping get mail working again...
He is very knowledgeable and helpful.		Very helpful and effective. Very much satisfied.
Very good assistance, and very faster to solve the problem.		Very good and professional
Excellent service. The on screen management and systematic approach is a joy to see. Also sharing that he had seen a similar problem , no db field in the mailin options, helped ease my concerns that it was my issue.		10 out of 10, problem solved, solution put in place for the reinstall on the production server, and a few extra bits of advice added in with regard to scheduling with the weekend coming up. If we hadn't already purchased a licence, I would be buying one right now just based on the quality of the support!
Expert!
Nick in London was a joy to work with, quick, smart and efficient. Thanks lots. Omar A.		Excellent
Nick's help has been a great help for us. The most important, apart from he has solved all our problems, is that he is very patient and kind.		It has been an experience without problems, what is the best!
Great like the last time.....
Hate to sound like a broken record, but EXCELLENT as always
Problem solved very quick.		Very Good
Very fast and good help!
Great service, fix my issue quickly!		Excellent, a little concerned that a stranger was controlling my computer, but watching every move was good. This has been the fastest way to resolve this issue. thanks, Dion.
Thanks for professional urgent support.		Thanks Nick
Very good, Professional tech support.		Great, fast response...
Verrrrrry helpful.
very helpful!		I'm impressed of how fast do you take care of my problems! I'm *very* satisfied!
perfect !

Posted by Frank Paolino At 3:43 PM Location Boston | Permalink | Comments (0) |      

Tags: : Funny

Here is some good British humor, from Luke and John, who put some "Earn a College Degree" spam to good use.  They got their dog, Sonny, a PhD degree at Ashwood University.

Meet Dr. Sonny, the PhD dog.  His credentials are excellent!

Posted by Frank Paolino At 2:18 PM Location Boston | Permalink | Comments (2) |      

Tags: : Community Something Completely Different

Here is a blog on a little positive community activism.  In Acton, MA, where I live and work, two of the Mobil stations were selling an energy drink called "Cocaine". Besides 3 1/2 times the caffeine of Red Bull (=3 shots of espresso), its name bothers some of us.  In particular, Chris Tejeda, a father of 4 in Acton did not like it.  It is available in 2 Mobil stations near his home.  So he started a small movement, simply by standing up to be counted, that resulted, in less than one week's time, in Mobil corporate pulling the products from stores nationwide!

Below is his original email, and my follow up to the owner of one of the stores, who replied immediately, and removed the product.

Well done, Chris!

---

(Email from Chris Tejeda   Subject:  "A little help from my friends")
Hello everyone;

You will, no doubt, be surprised to find that this Email does not come from my wife. I am writing this email to ask for your support with a minor issue that I have not been able to solve by "nicely asking".
Here is the problem: Both the West Acton Mobil and the RT 2A Mobil sell an energy drink called "Cocaine". Many of you might have seen it because they are prominently displayed on the fridge doors. I have asked both locations twice to remove that product. The last time I advised them that they had lost me as a customer. As of this weekend, the product was still being sold at both Mobil stores. The states of Connecticut and Texas have banned the product, 7/11 stores have banned the drink and the company that manufactures the product promised to rename it last year, but never did.

Because of their convenience these Mobil stores are a place that many of our children go often, either with their parents or in a group. Do I think that if they buy this drink they will go out and do cocaine next? No.
Do I think that Mobil has every right to sell whatever it wants? Yes. But I will not be a customer.

Advertising is a powerful tool:



In any case, if you agree, walk into these stores and complain.

Thank you.

Chris

---

(Email from Frank Paolino to Mobil station owner)
Edward,
This email below was sent to about 100 people in Acton, MA. We respect your decision to sell whatever you like, but we also have the option of buying gas and sundries wherever we like.

As a good community member. I respectfully request you to remove these products.

Frank Paolino

---

(Immediate Reply from Mobil station owner)
Frank,

Thank you for bringing this to my attention. I was not approached by anyone about the product. I am not in the business of offending customers. I will gladly remove this product from my store. I was informed by the vendor that whatever the original problem was that caused the product to be banned was corrected. Would you please let Chris know that I will be removing it from my store and to please feel free to give me a call anytime. I am curious who he spoke to and why they didn’t bring it to my attention. My cell phone number is 978-265-xxxx.

Thank you again.

Ed Booth

---

(Email from Frank Paolino to 100 concerned citizens)
Ed Booth from East Acton Mobil gave a very good reply, and I think it was the correct and responsible one. He is removing the product from his store.

Thanks to Chris Tejeda for standing up on this issue.

Frank Paolino

---

(Email from Acton Mobil station owner)
Hi Frank,

Just wanted to drop you one more note. I spoke with Paul over at West Acton Mobil. He is removing the product from his store as well. As I mentioned before, we did not intend to offend anyone. We both attended a trade show together and were informed by the vendor that it was ok to sell the product now. Thanks one more time for your feedback.

Ed Booth

---

(Email from Chris Tejeda with incredible news... note the understatement)

Thank you very much, Frank.
I also received a phone call from Exxon/Mobil Corporate that they will be removing this product from all stores nationwide.
 
Chris Tejeda

Posted by Frank Paolino At 10:27 AM Location Boston | Permalink | Comments (0) |      

Tags: : Backscatter SpamSentinel

We just got back from Admin 2008.  It was a great show.  We are happy to see the thriving Lotus Notes and Domino community.  Kudos for nice job go to The View for putting this together.  We spent 2 days meeting a large variety of Lotus Notes users from around the world.  I spent a lot of time at the booth, listening to what people are doing to battle spam, and meeting customers to listen to product feedback.

Backscatter
We also spent a lot of time discussing the problem of Backscatter, those annoying delivery failure reports, and discussing ways to stop the problem.  I have written a blog SpamSentinel Stops Backscatter about this problem and explained how SpamSentinel fixes most of it.  Many people who (unfortunately) use another spam blocking tool took us up on our offer of a free Backscatter product, called SpamSentinel NoBS (for No Backscatter).  This basically blocks most non-Delivery Reports (NDRs) while allowing legitimate NDRs to flow through to their Lotus Notes mailbox.  The full product does a more in-depth cleansing, but the free version blocks quite a lot and was very well received by the people who use generic SMTP filtering and don't have the benefit of using a product tailored to Lotus Notes and Domino world.

Here I am with Allison Cote at the Admin 2008 booth:



SpamSentinel Fan Club

One SpamSentinel fan, Josh Currier, from Munters in Amesbury MA and many of his associates from Munters in Sweden, dropped by to say hello and discuss our latest breakthroughs in spam blocking. Here is one quote from Josh: "We are a Lotus Notes shop and SpamSentinel was designed specifically for Lotus Notes"  <-  Josh Currier from Munters

Here is my favorite story:
I met this nice attendee who works for a large credit card company.  His boss, the CEO,  wants email management.   As a CEO, spam is not his biggest problem, just the enormous amount of unsolicited legitimate external email (meeting requests, board activities, analyst meetings, charities, functions, etc.) that he gets as part of his job.  So we are looking at having all of his mail go into an inspection area (we call it our Quarantine) for his administrative assistant to review.  Any mail that she recognizes will be released to him, and that recipient put on a white list to allow future communications.  This way he is not overwhelmed with these external messages.

Very interesting application of our software.  We plan on doing a trial in the upcoming weeks.  Here we are talking about it during one of the evening refreshment breaks:

Posted by Frank Paolino At 11:37 AM Location Boston | Permalink | Comments (1) |