Not sure if this is a WTF or I just don't understand...could someone educate me?



  • We have a spam filter at my place of work. I've noticed over a few weeks that it's blocking emails from recipients that I've whitelisted with a "Spam Filter Pattern" of "Test ???". After a couple of test emails, it looks like it's blocking any email with the word "test" in the subject or body, even if they are from a whitelisted recipient.

    After querying the head of IT he says that some filters override the whitelist and this particular one is to stop spammers and malware authors because they often use the word "test" in their emails to try to avoid email filters

    Can someone explain to me how putting "test" in an email would circumvent a spam filter? Is this something that you do/have at your place of work and if not do you get metric shit tons of spam emails?

    Or is this a spam filter WTF?



  •  It worked on CSI, so it must be good security practice in the real world too, right?

     



  • Sounds like the head of IT knows fuck all.


    If you have spam filters, overridden by a whitelist, in turn overridden by your 'test' spam filter, why can't the 'test' one just be moved into the base group so that the whitelist is in charge? It's fucking obvious that's what you'd do. Did the head of IT pick your spam filters and pick a shit one? Regarless, he's a colossal berk.



  • @eViLegion said:

    Sounds like the head of IT knows fuck all.


    If you have spam filters, overridden by a whitelist, in turn overridden by your 'test' spam filter, why can't the 'test' one just be moved into the base group so that the whitelist is in charge? It's fucking obvious that's what you'd do. Did the head of IT pick your spam filters and pick a shit one? Regarless, he's a colossal berk.

    I feel it makes a whitelist a little less useful..



  • Your head of IT is an idiot and has created a WTF. (There's TWO LEVELS of spam filtering? Normal and... super-secret double probation?)



  • @Charleh said:

    some filters override the whitelist
    That's normal. Malware-ridden emails shouldn't normally make it through a spam/virus filter, even if whitelisted.

    @Charleh said:

    this particular one is to stop spammers
    But that seems daft. It's clearly a potentially reasonable spamcheck, but it shouldn't cause anything to be blocked that is whitelisted, because it's only a spamcheck.

    @Charleh said:

    and malware authors
    Eh? Surely the virus/malware scans are what stops them, not spam filtering.

    @Charleh said:

    because they often use the word "test" in their emails to try to avoid email filters
    What in the name of holy fuck?!

    In this situation, I recommend replying by email, copied to his immediate superiors, inquiring politely whether he's merely lying to you to avoid having to do any work, or is actually so stupid and incompetent that he believes the nonsense he's telling you is true. It's not like you have to worry about your long-term job prospects there, because either way a company with an IT manager pulling this kind of shit is doomed.


    In all likelihood what actually happened is that the guy who set up the spam filter made a filter with the word 'test' to test the syntax, then forgot to remove it. The IT manager doesn't want to admit to a minor error. Run far and fast.



  •  @TDWTF123 said:

    @Charleh said:
    some filters override the whitelist
    That's normal. Malware-ridden emails shouldn't normally make it through a spam/virus filter, even if whitelisted.

    @Charleh said:

    this particular one is to stop spammers
    But that seems daft. It's clearly a potentially reasonable spamcheck, but it shouldn't cause anything to be blocked that is whitelisted, because it's only a spamcheck.

    @Charleh said:

    and malware authors
    Eh? Surely the virus/malware scans are what stops them, not spam filtering.

    @Charleh said:

    because they often use the word "test" in their emails to try to avoid email filters
    What in the name of holy fuck?!

    In this situation, I recommend replying by email, copied to his immediate superiors, inquiring politely whether he's merely lying to you to avoid having to do any work, or is actually so stupid and incompetent that he believes the nonsense he's telling you is true. It's not like you have to worry about your long-term job prospects there, because either way a company with an IT manager pulling this kind of shit is doomed.


    In all likelihood what actually happened is that the guy who set up the spam filter made a filter with the word 'test' to test the syntax, then forgot to remove it. The IT manager doesn't want to admit to a minor error. Run far and fast.

    Incidentally these are also my suspicions...

    I can't really go with the former since this person is company owner...guess the latter is the only option left... anyone hiring :D



  • Wow...

     

    Because nobody ever sends test results via email, right?



  • How much of your office communication with this guy is via email?

    Try and include the word test in everything you send to him, so he has to keep dealing with the issue, and feign forgetfulness every time when he tells you not to.



  •  I can believe it.  My regular email address is with an outfit that prides itself on being set up to reduce the amount of spam in the universe, with buttons on their web-based reader to report anything you receive as suspected spam and filters for anything that gets a suitable number of hits.  (If something gets misidentified, you can still find it in a quarantine folder and apply a personal override.)  And as a sign of their pride, the word SPAM is part of the domain name.

    Some years ago, I suddenly got a snail-mail from Discover Card telling me that they had tried to send me some important document via email but my address was found to be invalid.  I confirmed that the address they had was in fact, the very same one that half the Korean and Russian Viagra merchants are still able to get through to, and scanned the quarantine folder finding no sign whatsoever of anything from Discover.  Their emails weren't bouncing back, they were getting stopped at their end because apparently my actual domain is somehow "invalid" in their eyes.

    Workaround: give Discover an address at a completely different domain and have that address forwarded to my spam-stomping address.  Problem solved.  Until two years later, when I get a letter from Sam's Club that they don't appear to have a valid e-mail address on file for me.  Same thing turns out to be responsible, which is hardly surprising since my Sam's credit card is also issued by Discover.  Now I've got two bills coming through the other address.  All because a domain with the word SPAM in it can't possibly be valid.

    Last week, I got a letter from JC Penney.  Had a nice long conversation with the polite young man at their Customer Service number, and it looks like the same philosophy about invalid e-mail addresses has spread.  JCP's card is issued by GE Credit Bank, so I expect to start seeing more snail-mail in the next few months from other consumer credit cards issued by that provider, which if memory serves includes at least a couple of my oil-company cards.



  • @da Doctah said:

    Their emails weren't bouncing back, they were getting stopped at their end because apparently my actual domain is somehow "invalid" in their eyes.
    I wouldn't be too sure about that. One of the major spam filtering houses, which has 'spam' in their domain name, has a default setting for some obscure filter - obscenity or some such is set up as a secondary filter, but only for some subset of mail, or something; I forget the details - of 'delete and do not log'. It's possible the emails are being received, rated as spam, and then deleted without trace.



  • @TDWTF123 said:

    @Charleh said:
    some filters override the whitelist
    That's normal. Malware-ridden emails shouldn't normally make it through a spam/virus filter, even if whitelisted.

    @Charleh said:

    this particular one is to stop spammers
    But that seems daft. It's clearly a potentially reasonable spamcheck, but it shouldn't cause anything to be blocked that is whitelisted, because it's only a spamcheck.

    @Charleh said:

    and malware authors
    Eh? Surely the virus/malware scans are what stops them, not spam filtering.

    @Charleh said:

    because they often use the word "test" in their emails to try to avoid email filters
    What in the name of holy fuck?!

    In this situation, I recommend replying by email, copied to his immediate superiors, inquiring politely whether he's merely lying to you to avoid having to do any work, or is actually so stupid and incompetent that he believes the nonsense he's telling you is true. It's not like you have to worry about your long-term job prospects there, because either way a company with an IT manager pulling this kind of shit is doomed.


    In all likelihood what actually happened is that the guy who set up the spam filter made a filter with the word 'test' to test the syntax, then forgot to remove it. The IT manager doesn't want to admit to a minor error. Run far and fast.

    I agree with everything TDWTF123 just said!



  • @da Doctah said:

    Their emails weren't bouncing back, they were getting stopped at their end because apparently my actual domain is somehow "invalid" in their eyes.

    Greylisting will do that sometimes. Could also be that you have blackholes at the lowest level in your MX records, that's an ancient way to bypass a lousy spammer approach that nobody is using anymore. Whatever happens this could be a symptom that the sender is using an unplesantly configured qmail service.



    I hate hard-ass email admins who don't understand that their job is to make email communication easier, not to implement RFCs. It's like web designers and table elements...



  • @Ronald said:

    I hate hard-ass email admins who don't understand that their job is to make email communication easier, not to implement RFCs. It's like web designers and table elements...

    Or prostitutes and shitting in my hat.



  • @morbiuswilters said:

    @Ronald said:
    I hate hard-ass email admins who don't understand that their job is to make email communication easier, not to implement RFCs. It's like web designers and table elements...

    Or prostitutes and shitting in my hat.

    You have the problem of them shitting in your hat too?  Whew, at least it's not just me.



  • @drurowin said:

    @morbiuswilters said:

    @Ronald said:
    I hate hard-ass email admins who don't understand that their job is to make email communication easier, not to implement RFCs. It's like web designers and table elements...

    Or prostitutes and shitting in my hat.

    You have the problem of them shitting in your hat too?  Whew, at least it's not just me.

    No no, the problem is they won't because it's against some Health Department regulation or something.



  • @morbiuswilters said:

    @drurowin said:

    @morbiuswilters said:

    @Ronald said:
    I hate hard-ass email admins who don't understand that their job is to make email communication easier, not to implement RFCs. It's like web designers and table elements...

    Or prostitutes and shitting in my hat.

    You have the problem of them shitting in your hat too?  Whew, at least it's not just me.

    No no, the problem is they won't because it's against some Health Department regulation or something.

    You need to move to London then, they do it unless specifically paid NOT to.

     



  • @drurowin said:

    You need to move to London then, they do it unless specifically paid NOT to.
    Where? Where? Don't keep these secrets to yourself.



  • @TDWTF123 said:

    @drurowin said:
    You need to move to London then, they do it unless specifically paid NOT to.
    Where? Where? Don't keep these secrets to yourself.
    Most London hookers will shit in your hat while they're rooting through their pocketbook for your change.



  • @da Doctah said:

    apparently my actual domain is somehow "invalid" in their eyes.
     

    What is it with people deciding domain names are invalid? My domain name contains a hyphen, which is specifically allowed by RFC 952. Some years ago, before the merger with Oracle, I tried to register for Java-related stuff with Sun. Sun insisted my email address was invalid, despite the tons of mail I receive at that address every day, and refused to allow me to register with that address.



  • @morbiuswilters said:

    @drurowin said:

    @morbiuswilters said:

    @Ronald said:
    I hate hard-ass email admins who don't understand that their job is to make email communication easier, not to implement RFCs. It's like web designers and table elements...

    Or prostitutes and shitting in my hat.

    You have the problem of them shitting in your hat too?  Whew, at least it's not just me.

    No no, the problem is they won't because it's against some Health Department regulation or something.

    It's a specific expertise. Next time you hire from Backpage, make sure to look for the GS/BS keyword.



  • Who uses spam filters?

    - John Smith

    john@example.com

     



  • @drurowin said:

    @morbiuswilters said:

    @Ronald said:
    I hate hard-ass email admins who don't understand that their job is to make email communication easier, not to implement RFCs. It's like web designers and table elements...

    Or prostitutes and shitting in my hat.

    You have the problem of them shitting in your hat too?  Whew, at least it's not just me.

    You guys have hats?!? Eeeeewwwww.



  • @Ronald said:

    Greylisting will do that sometimes.
    Years ago, when greylisting started to gain popularity, we had problems with disappearing e-mails at several clients. They were all running Exchange 2003, and some e-mails sent to certain domains never arrived, even though the tracking logs claimed that the message was handed off to recipient's server. Logs from recipient's server clearly showed that greylisting blocked the message (with a 4xx error - "try again later"), which somehow caused Exchange to lose the message (wasn't in any of the queues). The weird thing was, if you restarted the SMTP service, that message reappeared, and Exchange would attempt to deliver it again.



  • @drurowin said:

    @TDWTF123 said:

    @drurowin said:
    You need to move to London then, they do it unless specifically paid NOT to.
    Where? Where? Don't keep these secrets to yourself.
    Most London hookers will shit in your hat while they're rooting through their pocketbook for your change.

     

    No, you're thinking of TV License Inspectors. It's a common mixup for those who live outside of the UK.

     


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.