Message Control

OpenSSL Heartbleed Exploit: What To Know

Friday, April 11th, 2014

We’ve had questions regarding OnlyMyEmail’s spam filtering and email hosting services and how they might be affected by the recent HeartBleed exploit within OpenSSL software.

As soon as the exploit was announced, OnlyMyEmail reviewed all of our systems and found that none of them have ever run any version of OpenSSL vulnerable to this exploit.

More information on the exploit itself from http://heartbleed.com/

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

As a result of this bug, it is possible that passwords on affected hosts are compromised, so it’s a good idea to change your password if the service in question is an issue.  This Mashable article has a fairly comprehensive list of all the major services that are suggesting you change your password.

According to this article the exploit was a result of an honest mistake and not part of a deliberate attempt to compromise the security of OpenSSL.  The article also indicates that this bug has existed in OpenSSL since New Years Eve 2011.

Given the length of time that this bug has existed, and the fact that using this exploit is undetectable,  it is quite possible that cyber criminals have been using this exploit for some time to gather information.  Thus it’s a good idea to change your passwords on affected sites (and any sites that share that password) just to be safe.

Another VBSpam Competition First Place Finish

Sunday, January 20th, 2013

For the thirteenth consecutive evaluation, OnlyMyEmail has again blocked more spam than any other filtering system in the Virus Bulletin VBSpam Challenge and secured yet another first place finish.

The latest competition ran for 16 consecutive days, during which, OnlyMyEmail’s MX-Defender accurately filtered out more spam than all other competitors tested, again missing just 1 single spam email out of 92,166 total. This represents a spam capture rate of 99.9989%.

By comparison, the next best capture rate was Libra Esva which missed 44 emails in total. The third best blocking rate went to Zerospam which missed 61 spam emails from the same corpus. The worst performers, missing well over 500 spam emails included:  IBM, Sophos, SPAMfighter, Vamsoft, Spamhaus ZEN+DBL and SURBL.

more »

Once Again, OnlyMyEmail Stops More Spam

Saturday, February 4th, 2012

The results from OnlyMyEmail’s seventh participation in the Virus Bulletin VBSpam Challenge competition have been released.

For the seventh time in a row, OnlyMyEmail’s MX-Defender has blocked more spam than any other competing spam filtering solution. This time, OnlyMyEmail missed just four spam messages out of 113,770 total, for a spam filtering capture rate of rate of 99.996% and did so without blocking even a single legitimate email.

By comparison, the next best capture rate was McAfee SaaS which missed 53 spam messages but did so with a whopping 20 false positive results as well.  The second best capture of any spam filter with the same zero false positives as OnlyMyEmail was Mailshell with a disappointing 113 missed spam emails.

The average “false-negative” rate among the other 23 filtering systems was a whopping 519 missed spam messages and the median was 193.

The results from Virus Bulletin’s VBSpam Challenge have proven, time and again, that OnlyMyEmail’s MX-Defender is decisively superior to any other spam defense available today, including hardware appliances, software programs and other Software as a Service (SaaS) solutions solutions as well.

The full list of competitors to date, includes: AnubisNetworks, BitDefender, CronLab Anti-Spam, FortiMail, GFI MailEssentials, Halon Security, IBM Lotus Protector, Kaspersky Anti-Spam, Libra Esva, Mailshell, McAfee Email Gateway, McAfee EWS, McAfee SaaS, Messaging Architects M+ Guardian, Sophos Email Appliance, SPAM Fighter, Spamhaus ZEN+DBL, SpamTitan, Spider Antispam, SURBL, Symantec Messaging Gateway, The Email Laundry, Vade Retro, Vamsoft ORF, and ZEROSPAM.

Introducing Your US Department of Justice and FBI Victim Notification System

Thursday, January 19th, 2012

Here’s something we really don’t see every day….

We recently received an email claiming to be from the U.S Department of Justice Victim Notification System (VNS)

Subject:     US Department of Justice Victim Notification System
From:     Courtney Walker <fedemail@vns.usdoj.gov>
To:     Business Representative <address>

Our typical “common sense” check for email Phishing Fraud starts with the obvious:

  1. Overly serious/threatening Subject line…. check!
  2. Human sender doesn’t match email address…. check!
  3. Impersonal and generic salutation… check!

The email itself open with:

DO NOT REPLY TO THIS EMAIL.

U.S. Department of Justice
Federal Bureau of Investigation
FBI – New York
26 Federal Plaza, 23rd Floor
New York, NY 10278
Phone:  (212) 384-2564
Fax:  (212) 384-4104

more »

OnlyMyEmail Beats 22 Competitors in the Virus Bulletin Spam Challenge

Tuesday, December 13th, 2011

The results from OnlyMyEmail’s sixth Virus Bulletin VBSpam Challenge competition have been released.

For the sixth time in a row, OnlyMyEmail’s MX-Defender stopped more spam than any of the 23 competing spam solutions. OnlyMyEmail missed just one single spam message out of 171,963 total, for a new record spam filtering capture rate of 99.9994% besting the previous record of 99.9993% –  also set by OnlyMyEmail in a previous competition.
By comparison, the next best capture rate was McAfee SaaS which missed 41 spam messages. The third best capture rate was AnubisNetworks which missed 97 spam emails.

The average “false-negative” rate among the other 22 filtering systems was a whopping 3,471 missed spam messages and the median was 272.

The results from Virus Bulletin’s VBSpam Challenge have proven, time and again, that for the last year OnlyMyEmail’s MX-Defender is decisively superior to any other spam defense available today, including hardware appliances, software programs and other Software as a Service (SaaS) solutions solutions as well.

The full list of competitors to date, includes: AnubisNetworks, BitDefender, CronLab Anti-Spam, FortiMail, GFI MailEssentials, Halon Security, IBM Lotus Protector, Kaspersky Anti-Spam, Libra Esva, Mailshell, McAfee Email Gateway, McAfee EWS, McAfee SaaS, Messaging Architects M+ Guardian, Sophos Email Appliance, SPAM Fighter, Spamhaus ZEN+DBL, SpamTitan, Spider Antispam, SURBL, Symantec Messaging Gateway, The Email Laundry, Vade Retro, Vamsoft ORF, and ZEROSPAM.

What if someone says they sent me a message but I didn’t get it?

Thursday, August 11th, 2011

We commonly receive questions from users who tell us an expected email has not arrived, and they don’t know how to go about finding it.

Fortunately, with proper information and the right approach, it’s not really that hard to track down missing email messages.

Like snail mail, email follows a path from the sender to the recipient and problems can arise along the way.  When a package or letter hasn’t arrived, it doesn’t make much sense to start yelling at the mail carrier; instead you have to start at the beginning and follow the message from point to point.

Following the chain of possession, the most common causes of missing email are as follows: more »

LinkedIn Shows How To Do “Reset Your Password” Emails Right

Tuesday, December 14th, 2010

We’re constantly bombarded with examples of how large well-known companies shoot themselves in the foot with poorly thought out client communications.

They commonly make foolish mistakes that send their messages to the user’s spam folder. Worse yet, many firms practically train their users to fall for the next “Phishing Fraud” campaign that makes it to their in-box.  more »

Miss Freya and the Taliban Virus

Monday, November 22nd, 2010

Today, in the “more proof that there’s nothing new under the sun” category, we’re going to discuss the Taliban Virus.

The so-called “Taliban Virus” is a MANUAL virus. A manual virus requires you to voluntarily damage your computer because the virus is not sophisticated enough to do it by itself.

Yes, this is a joke. more »

…Your $50 Coupon to McDonald’s inside! Not!

Wednesday, November 17th, 2010

The truth is, this has nothing to do with McDonald’s. The message even says so, if you read the fine print:

The advertisers in this email are not affiliated with any of the above brands.

Apparently it’s okay to pretend to be McDonald’s as long as you put in a disclaimer that says you’re not affiliated with them. more »

Your mailbox is over its size limit – Happy Ending

Monday, October 25th, 2010

We are not fond of URL shorteners because, whether they mean to or not, they help spammers. Spammers like to have a lot of URLs that all go to the same site so spam filters don’t see the same URL over and over and realize it’s spam.

The whole purpose of URL shorteners is to create domain aliases so they’re a perfect tool for spammers. more »