I have a few EAS questions now that I'm using it.

1) There is a search box shown, but it's disabled. Why? I was looking for a piece of missing email and it would have been nice to be able to search for the domain name of the sender.

2) I have some forwarded email addresses which an organization uses to get emails to several people at once. If I want that forwarded email aliases to work with EAS, do I really have to add the alias accounts (forward1@domain.tld, forward1@domain.tld, etc) to the EAS list one at a time? Is there no 'domain name wide' controls as there were in SA? I really don't want the others in the list to recieve the activation email, nor have access to the controls. The forwarded emails do not have an actual email account on my server. It's simply an email forward to a few other accounts on non hostpc servers (usually people's home accounts).

3) How long does EAS hold on to spam? I see the quaranteen list seems to go on for a while. That's a lot of pages to search through to see if you lost some email.

4) Since the quaranteen list is so long, is there a method to create a white list for EAS? I don't see one.

I really don't want the others in the list to recieve the activation email, nor have access to the controls.

When EAS was first activated on my server, I wasn't aware of it. Spam just stopped. Later, I signed up for an account at protectedmail.net and found spam already in the quarantine. So, I'm pretty sure you don't need to sign up for the quarantine to activate EAS for an individual email address.

I've been tracking the retention period and it's not consistent. So far it seems like I've never seen it keep less than 3 days worth of emails but sometimes it's been close to 5 days. Like right now I'm still seeing some from Jan 1 at 7:55 am in my quarantine.

Interesting that you're getting so much in your quarantine that it's somewhat unmanageable. These are supposed to be the ones EAS just isn't "sure" are spam but if yours are like the 25 accounts I'm monitoring, it's just so obvious from the subject lines that these are spam. Like "One of our sexy girls wants to meet you" or "Our casino is for you who likes to win" or "VICODIN, HYDROCODONE, PHENTERMIN at SUPER DISCOUNT PRICE! x7me1i2343oe304" or the ever popular "Re:Lastname" from Firstname Lastname. The few that I've opened because the subject line was too generic are filled with Vi4gr@ offers or other obvious things.

Are you seeing any instances where the quarantine shows multiple copies of the same email? I have 2 or 3 accounts where they get 4 or 5 copies of each spam with the exact same timestamp and header info. I don't believe they're actually getting that many, I think EAS is dumping one email in the quarantine multiple times.

I've been tracking the retention period and it's not consistent. So far it seems like I've never seen it keep less than 3 days worth of emails but sometimes it's been close to 5 days. Like right now I'm still seeing some from Jan 1 at 7:55 am in my quarantine.

Interesting that you're getting so much in your quarantine that it's somewhat unmanageable. These are supposed to be the ones EAS just isn't "sure" are spam but if yours are like the 25 accounts I'm monitoring, it's just so obvious from the subject lines that these are spam. Like "One of our sexy girls wants to meet you" or "Our casino is for you who likes to win" or "VICODIN, HYDROCODONE, PHENTERMIN at SUPER DISCOUNT PRICE! x7me1i2343oe304" or the ever popular "Re:Lastname" from Firstname Lastname. The few that I've opened because the subject line was too generic are filled with Vi4gr@ offers or other obvious things.

Are you seeing any instances where the quarantine shows multiple copies of the same email? I have 2 or 3 accounts where they get 4 or 5 copies of each spam with the exact same timestamp and header info. I don't believe they're actually getting that many, I think EAS is dumping one email in the quarantine multiple times.

In any given day, I get 200-250 in my quarantine - to a point where I just dont look at it anymore. I've never had a false positive after 5 months, no reason to think one is going to slip in. Sorting thru 200+ emails a day in quarantine just isn't in my schedule.

For "obvious" ones, what I found was the IP was just too new (maybe a previously trusted sender ip, etc.) - but I never saw one multiple days from the same sender that was in quarantine.

I guess my impressions from EAS were that the quarantine was in a 30 day retention - but you're right, I dont think I've ever seen more than 30 "pages" of mail - and that certainely isn't 30 days.

I've gotten one false positive (that I know of). It was first day after EAS was turned on and so I looked a bit suspect when I'd just told my clients about the 1 in 1M false positive rate. I told them now they don't need to look at the next 999,999. :D

I say "that I know of" because some of my clients are also looking through their own quarantines so there may have been more that they didn't report to me. :mad:

Some of these clients are sales people and they can't afford to miss even one potential sale so they really have to look through the quarantine, at least until they get enough experience to get warm fuzzies about the process. But we're talking maybe 10 a day in the quarantine so it's not a huge deal.

As far as the multiple copies of the same spam, is this something I should ask the EAS folks directly or would you prefer that I open a help desk ticket and let you guys handle? I don't have a problem doing it either way.

I've gotten one false positive (that I know of). It was first day after EAS was turned on and so I looked a bit suspect when I'd just told my clients about the 1 in 1M false positive rate. I told them now they don't need to look at the next 999,999. :D

I say "that I know of" because some of my clients are also looking through their own quarantines so there may have been more that they didn't report to me. :mad:

Some of these clients are sales people and they can't afford to miss even one potential sale so they really have to look through the quarantine, at least until they get enough experience to get warm fuzzies about the process. But we're talking maybe 10 a day in the quarantine so it's not a huge deal.

As far as the multiple copies of the same spam, is this something I should ask the EAS folks directly or would you prefer that I open a help desk ticket and let you guys handle? I don't have a problem doing it either way.
I used to get multiple copies of spam before I got setup on EAS. Most of the duplicates I get are the same emails sent to multiple email addresses.

I used to get multiple copies of spam before I got setup on EAS. Most of the duplicates I get are the same emails sent to multiple email addresses.
Yeah, I've seen the same thing many times, too. But this is different. Check out the last couple of days of quarantine for one of these clients.

We offer business loans up to $1,000,000 "Francisca Spaulding" xxx@xxxx.com Sat, 05 Jan 2008 04:55:25
We offer business loans up to $1,000,000 "Francisca Spaulding" xxx@xxxx.com Sat, 05 Jan 2008 04:55:25
We offer business loans up to $1,000,000 "Francisca Spaulding" xxx@xxxx.com Sat, 05 Jan 2008 04:55:25
We offer business loans up to $1,000,000 "Francisca Spaulding" xxx@xxxx.com Sat, 05 Jan 2008 04:55:25
$5,000 to $500,000 or more "Mel Byers" xxx@xxxx.com Fri, 04 Jan 2008 21:01:12
$5,000 to $500,000 or more "Mel Byers" xxx@xxxx.com Fri, 04 Jan 2008 21:01:12
$5,000 to $500,000 or more "Mel Byers" xxx@xxxx.com Fri, 04 Jan 2008 21:01:12
$5,000 to $500,000 or more "Mel Byers" xxx@xxxx.com Fri, 04 Jan 2008 21:01:12
Re: 90% loan approval rate "Mathew Vargas" xxx@xxxx.com Fri, 04 Jan 2008 16:12:36
Re: 90% loan approval rate "Mathew Vargas" xxx@xxxx.com Fri, 04 Jan 2008 16:12:36
Re: 90% loan approval rate "Mathew Vargas" xxx@xxxx.com Fri, 04 Jan 2008 16:12:36
Re: 90% loan approval rate "Mathew Vargas" xxx@xxxx.com Fri, 04 Jan 2008 16:12:36
setfiks "Bang Rabovsky" xxx@xxxx.com Fri, 04 Jan 2008 04:43:30
Hey, start seeing dollars pouring in. "Rolland Gilliam" xxx@xxxx.com Fri, 04 Jan 2008 00:51:45
Hey, start seeing dollars pouring in. "Rolland Gilliam" xxx@xxxx.com Fri, 04 Jan 2008 00:51:45
Hey, start seeing dollars pouring in. "Rolland Gilliam" xxx@xxxx.com Fri, 04 Jan 2008 00:51:45
Hey, start seeing dollars pouring in. "Rolland Gilliam" xxx@xxxx.com Fri, 04 Jan 2008 00:51:45
brand name quality rolex "Cecelia Lin" xxx@xxxx.com Thu, 03 Jan 2008 23:51:52

The "duplicates" are absolutely identical in every way, down to the second of the time stamp, leading me to believe they each only got sent once.

It's not something that they'd automatically dump to each mailbox in your quarantine ... it's most likely spammers just hitting every possible email address.

I just looked in mine for shits and giggles, I've got some of the same thing, but not all of them. Another thought is maybe they're hitting a forwarded email address that goes to all of the people in your list?

It really just doesn't even bother me ... they're all spam, just let them go and be zapped.

And no, our customers should never contact EAS. We're your supplier, not them - I'll be happy to ask them about it, but honestly, they'll probably just laugh at me and say "why would we make extra spam for the clients"... I highly doubt they are, it's just the nature of spammers these days :(

It's not something that they'd automatically dump to each mailbox in your quarantine ... it's most likely spammers just hitting every possible email address.
I didn't think that, I thought it might indicate some sort of corrupted account in EAS or something.


I just looked in mine for shits and giggles, I've got some of the same thing, but not all of them. Another thought is maybe they're hitting a forwarded email address that goes to all of the people in your list?
No, that quarantine list is from an individual email account and there are no forwarders involved that would affect that account and not the others on that domain. Two accounts out of fifteen on that domain get duplicates and none of the rest do. And even those two accounts don't get the same duplicates.


And no, our customers should never contact EAS. We're your supplier, not them - I'll be happy to ask them about it, but honestly, they'll probably just laugh at me and say "why would we make extra spam for the clients".
Well, I learned a couple of years ago what happens when I contact one of your suppliers directly so that's why I asked first this time. :D

It seems to be working for me, and I get many pages of spam.

Does the search box work for any of you? Mine is disabled for some reason.

tonydi-

I am one of the few clients who opted-out of using EAS. I have been receiving a steady supply of those multiplicate emails. It has nothing to do with EAS.
MY best guess is that we are seeing the results of a botnet. They are randomly choosing names and addresses in an attempt to go through, much like a brute force attack against a password.

I don't know how to strike out the above text, but I was mistaken. Please ignore the above.

Thanks for the info, eugene. But are the headers of your duplicates exactly the same? Yesterday I saw one that had like 10 copies and every single detail in the headers was identical...sent and received timestamps, message id's, even the EAS processing timestamps. If these were indeed multiple transmissions I'd expect at least some minor differences in the headers.

I was also seeing the same thing (duplicate spam emails) in my SpamAssassin folder before switching to EAS. These emails were also idential down to every line in the headers. I was not sure at the time if it was an email server or SpamAssassin issue. After switching to EAS I have seen the dupes in my EAS quarrantine as well but not nearly as often. I am still not sure what causes it but it is not caused by EAS. Maybe the spam bots are sending multiple copies.

Interesting. I monitored the spam previous to EAS for these same clients and never saw this dupe thing. Oh well, mysteries of life, eh? ;)

I have noticed that on many of the spams that EAS passes through to my email, that there are actually 2 or 3 identical stamps (different times) from EAS before it finally decides to pass it on through. The following is pretty typical...


Received: from mf1.ijnet.net ([216.246.89.41])
by www509.hostpc.com with esmtp (Exim 4.67)
(envelope-from <spoofed address>)
id 1JCwXm-0005Wv-Qf
for my.email.address ; Thu, 10 Jan 2008 07:29:58 -0500
X-Envelope-From: spoofed address
X-Envelope-To: my.email.address
Received: From mf1.ijnet.net (216.246.89.41) by mf1.ijnet.net (MAILFOUNDRY) id u9l8TL93Edy/EgAw for my.email.address ; Thu, 10 Jan 2008 12:29:48 -0000 (GMT)
X-Envelope-From: spoofed address
X-Envelope-To: my.email.address
Received: From mf1.ijnet.net (216.246.89.41) by mf1.ijnet.net (MAILFOUNDRY) id WE2l+r92EdyAUwAw for my.email.address; Thu, 10 Jan 2008 12:19:53 -0000 (GMT)
X-Envelope-From: spoofed address
X-Envelope-To: my.email.address

Thanks for the info, eugene. But are the headers of your duplicates exactly the same? Yesterday I saw one that had like 10 copies and every single detail in the headers was identical...sent and received timestamps, message id's, even the EAS processing timestamps. If these were indeed multiple transmissions I'd expect at least some minor differences in the headers.
I stand corrected.

I have noticed that on many of the spams that EAS passes through to my email, that there are actually 2 or 3 identical stamps (different times) from EAS before it finally decides to pass it on through. The following is pretty typical...

Now that's pretty weird. I'm not seeing anything like that on these dupes.

Now that we have the duplicate email issue cleared....

No one has replied to my question about the search box in the EAS control panel.

It seems to be disabled, I can't use it. Does it work for anyone? If not, why not?

The search box is disabled for me as well. Sorry, I can't answer the question about why it doesn't work.

Now that we have the duplicate email issue cleared....

No one has replied to my question about the search box in the EAS control panel.

It seems to be disabled, I can't use it. Does it work for anyone? If not, why not?
I don't think we've cleared up anything about the duplicates, only that it appears to hit different people in different ways, or, not at all.

And no search capabilities here either.

<rant>God bless America and all the ships at sea. Although this is an extremely valuable service to every account, can it possibly be any less user-friendly? I have been lurking trying to learn. What I've learned is that this system is too freakin' confusing.</rant>

I don't think we've cleared up anything about the duplicates, only that it appears to hit different people in different ways, or, not at all.

And no search capabilities here either.
I've never seen that search box work and I had one of the first accounts. I almost suspect that it is something they expected to be able to offer and maybe the code just isn't ready yet. Then again, I've never had enough possible spam in there to really need it. As for the duplicated. Once I had to shutdown SA i used to get some with the same quirks others have seen, and still see a few in the quarantine, tho mostly because I'm monitoring 5 accounts with my quarantine. Hope that gives you the insights from this chair.

Yeah, the search thing doesn't seem like it would be all that useful but I was just confirming for NHFTRich that it wasn't just him.

Just to be clear, I'm looking at individual account quarantines and seeing these dupes, not multiple accounts in one quarantine.

Well a few times I had over 30 pages of spam.

I think they should fix the search box, that's what it's there for!

If they don't want us to use it, why display it?

Holy ^%#@, 30 pages??? And are most all of these obvious spam, like I'm seeing (although I'm seeing only a page or two) in our quarantines?

I've been working under the false impression that the content of the EAS quarantine folder is email that has passed through all of the EAS processing and is what EAS isn't "sure" is spam. That's not the case so I felt I should set the record straight since I've posted incorrect info about this before.

Apparently EAS does an initial filter using RBL's (which nukes about 70% of the incoming spam right off) and then anything that gets past that goes through their filtering process. The stuff that ends up in the quarantine is spam, pure and simple, and they're pretty sure it's spam, to the tune of their "1 in 1M" false positive claim. The rest, those emails that pass their tests, goes into your Inbox.

So that explains why what I see in the quarantine is obvious spam to me, because it is to EAS as well.

yes, depending on the day, sometimes I get about 30 pages of 'spam' in my quaranteen box. This is because the email address is protected has been around for a while and was in the public eye for some time. It's for one of my organizations.

But I still want to know why the search function is displayed, but is disabled so I can't use it! :) How can we put a bug report into EAS?

And when they fix that, they can make "Delete" be the default option in the drop down box. :nod

They won't make delete the default - they feel too many people would hit delete accidentally.

As for the search box - it's coming, very soon.