SlideShare a Scribd company logo

My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17

Eyal Doron
Eyal Doron

My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 http://o365info.com/my-e-mail-appears-as-spam-troubleshooting-mail-server-part-15-17 Step B: Get information about your Exchange Online infrastructure, Step C – Fetch the information about the Exchange Online IP address, Step D – verify if the “formal “Exchange Online IP address appear as blacklisted. Eyal Doron | o365info.com

Technology
1 of 26
Download to read offline
Page 1 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com MY E-MAIL APPEARS AS SPAM | TROUBLESHOOTING – MAIL SERVER | PART 15#17 In the current article, we will review the rest of the steps, in our troubleshooting journey that relates to a scenario in which we think or suspect that: The cause of the problem, in which “our E-mail” identified as spamJunk mail is caused by the fact that our Exchange Online IP address paper as blacklisted. In the former article – My E-mail appears as spam | Troubleshooting – Mail server | Part 15#17, we have reviewed the required steps for “fetching” the Exchange
Page 2 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com Online IP address from the E-mail message. The current article is dedicated to step “B”, Step “C” and step “D”. Step B – Get information about Exchange Online infrastructure Get the required information about the Exchange Online server that represent our domain name (the Exchange Online host name + IP address) Step C – Fetch the information about the Exchange Online IP address In this step, we will need to locate the Exchange Online server IP address. The IP address could appear as part of the NDR E- mail message or, in case of a scenario in which we get a copy of the E-mail message that was sent to the junk mail folder of the destination recipient, fetch the required information from the E-mail header. Step D – verify if the “formal “Exchange Online IP address appear as blacklisted. This step builds on the information, we have obtained three previous steps. Given that we have the IP address of the Exchange Online server who appears in the NDR E-mail message + that we know what is the IP address of our Exchange Online server
Page 3 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com who represents our domain name in Office 365, we can verify if the IP address that appear in the NDR is the IP address of our Exchange Online server. In case that the IP address is not the IP of our Exchange Online server (this is the most common scenario), it’s probably one of the IP addresses that belong to the Exchange Online High Risk Delivery Pool. Step B – Get information about your Exchange Online infrastructure
Page 4 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com Step 1 – get the host name of the Exchange Online server who represents our domain in Office 365. To be able to answer the question: what is the IP address of the Exchange Online server who represents our domain? We will first need to know the “FQDN” (host name) of the Exchange Online server that represents our tenant in Office 365. There are a two ways that we can use to get information about the FQDN of the Exchange Online that “send E-mail for our domain” Option 1: Office 365 administrate portal  Login on to Office 365 administrate portal  On the left sidebar – choose the domain menu
Page 5 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com  Choose – Manage DNS Under the Exchange Online section, look for information about the MX record host name (POINTS TO ADDRESS). In our scenario, the Exchange Online server who will “represent” our organization is: o365info-com.mail.protection.outlook.com Option 2: using the nslookup tool Another option for getting information about the “Host name” of the Exchange Online mail server that “represent” our organization is: by using the nslookup tool.  Open the command prompt  Type the command: Nslookup  Type the command: set type=mx
Page 6 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com  Type the name of the domain that you want to display his MX record. In our scenario: com In the following screenshot, we can see the result of our MX query. In our example, the host name of the Exchange Online server who represents our domain is:o365info- com.mail.protection.outlook.com Step 2 – Get the IP address of the Exchange Online server who represent our domain. A couple of notes regarding the subject of Exchange Online and his Public IP address:  The Exchange Online (that host name who appears in our domain MX record) is mapped to more than one IP address.
Page 7 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com  This “IP address” represent additional Office 365 tenants besides our domain.  In case that we suspect that our Exchange Online mail server appears as blacklisted, we will need to verify information about each of the public IP addresses that are “bind” to the Exchange Online server who represents our domain name. To be able to get information about the IP address that are “mapped” to the host name of the Exchange Online server who represents our domain, we can use an option such as the nslookup tool.  Open the command prompt  Type the command: Nslookup  Type the host name of the Exchange Online server who represents your domain. In our example:o365info- com.mail.protection.outlook.com In the following screenshot, we can see the results. In our example, the “answer” is the IP address of the Exchange Online servers who represent our domain are: 213.199.154.87
Page 8 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com and 213.199.154.23 Step C – Fetch the information about the Exchange Online IP address In the phase, our mission is to get the IP address of the Exchange Online server who appear in the E-mail message. The Exchange Online IP address could appear in the NDR message or in the E-mail header of the E-mail message that was saved in the junk mail folder of the destination external receipt.
Page 9 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com The information about the Exchange Online mail server that sent the E-mail message appears in the content of the E-mail header. Technically speaking, we get the required information from the “raw data” in the mail header text but this is not an easy task. The preferred option is using a mail header analyzer, which will help us the display the information in a clear way. In our example, we will use the Microsoft tool named: Exchange connectivity analyzer 1. Access the Exchange connectivity analyzer web site 2. Copy the information from the mail header.
Page 10 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com 3. Choose the Message Analyzer tab 4. In the section: “Insert the message header you would like to analyze” paste the information from the mail header In the following screenshot, we can see the results. The information in the Received headers, displays a clear path through the mail flow. We can see the Exchange Online servers that accept the E-mail from the Office 365 recipients, but this is not the “final node” in our mail flow.
Page 11 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com The Exchange Online server (10.255.179.24) forward the E-mail message to the additional Exchange Online server (10.255.179.23) and the Exchange Online server the “deliver” the E-mail message to the external recipient, is an Exchange Online server who is represented by the IP address: 157.55.234.141 Conclusion from the Message Analyzer By analyzing the information in the E-mail header, we can see the flow of the E-mail message “inside Exchange Online infrastructure”. We can see that the E-mail message “travel” between a couple or more than one Exchange Online server. The “most important” Exchange Online server in our scenario is the “last Exchange Online server”, who is responsible for delivering the E-mail message to “her destination” (the mail server that represents the destination recipient).
Page 12 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com If you notice, in our example, the IP address of the Exchange Online server that sent out the E-mail message is: 157.55.234.141. As mentioned, from my experience, this IP address is “belong” to the Exchange Online Higher Risk Delivery Pool. Step D – verify if the “formal “Exchange Online IP address appear as blacklisted. In this phase, we want to verify if the IP address that appear in the NDR message that we got (or the E-mail message that was sent to the junk mail folder of the destination recipient) is the “formal IP address” of the Exchange Online server who represents our domain. Note – the scenario in which the Exchange Online IP address that represent our domain name is blacklisted is quite rare. A more common scenario, is a scenario in which the IP address that appear in the E-mail message belong to the Exchange Online- High Risk Delivery Pool IP address range.
Page 13 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com After we got the IP address that are mapped to the Exchange Online server who represents our domain, the next step is – use online tools, which will help us to check if one of the IP addresses of our Exchange Online mail server name appears as blacklisted. In the following example, we will use a free on-line tool that is offered by mxtoolbox. 1. Go to the mxtoolbox site and choose the Blacklists menu. 2. In our example, our Exchange Online host name is mapped to the following IP address: 213.199.154.87 and 213.199.154.23 In the box: Server IP or domain we will enter the IP: 213.199.154.87 Choose: Blacklists check.
Page 14 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com In the following screenshot, we can see the result. In our scenario, it appears that the IP address of our mail server (o365info-com.mail.protection.outlook.com) is “green and clean” meaning; the domain IP Address doesn’t appear in well-known blacklists.
Page 15 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com The scenario in which the “formal IP address” of the Exchange Online server who represents our domain name could be considered as rare scenario.
Page 16 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com In case that you experienced the above scenario, the only available option is to report this problem to the Office 365 technical support. Get more information about the Exchange Online IP address Just a short recap about the troubleshooting path that we’ve been through so far: 1. We got an NDR message which informs us that our mail server is blacklisted. 2. We have already verified that our “formal Exchange Online IP address” doesn’t appear as blacklisted. 3. We have “fetch” from the NDR message the IP address that is blacklisted. 4. We want to get more detailed information about this specific IP address. In this phase, we can assume that the IP address that appears in the NDR belong to the Exchange Online- High Risk Delivery Pool IP range. To be able to validate our hypothesis, we can use the information about the public IP range of Office 365 and Exchange Online that was published by Microsoft. How do I know, if the IP address of the “mail server” is Office 365 Exchange Online IP address?
Page 17 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com Microsoft publishes a set of articles that include detailed information about the public IP range and the URL address of all Office 365 infrastructures. The main article or the index for all the different Office 365 infrastructure is an article: Office 365 URLs and IP address ranges This article includes a detailed information about all the “different parts and infrastructures” of Office 365 such as – Exchange Online, EOP (Exchange Online protection), SharePoint Online, Lync Online etc. In our scenario, our main Interest is regarding the Exchange Online public IP range and the EOP (Exchange Online Protection) public IP range. The information about the EOP public IP range appears in a separate article: Exchange Online Protection IP addresses In the following screenshot, we can see an example of the information about the public IP range of EOP (Exchange Online protection).
Page 18 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com In case that the IP address that appear in the NDR is not our “formal Exchange Online IP address” and in case that the IP address appears in the “Office 365 and Exchange Online” public IP range, you cannot be sure 100 percent that the IP address belongs to the Exchange Online High Risk Delivery Pool, but It is very likely to assume. In this case, we already know, that the issue is not related to a problem with the IP address of the Exchange Online server,
Page 19 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com but instead, to the E-mail message content that was sent by our organization user. The E-mail address in the NDR doesn’t appear in the Office 365 public IP range. This scenario is quite rare, but I think that it’s important that you will be aware of all the possible scenario and tools that you can use in the different scenarios. The charters of this scenario are as follows:  The NDR message that we got informed us that our mail server is blacklisted. The IP address in the NDR is not the formal IP address of the Exchange Online that representative our domain.  We have performed a search for the IP address in the NDR in the public IP address range of Office 365 and Exchange Online by using the public articles: o Office 365 URLs and IP address ranges o Exchange Online Protection IP addresses  And we didn’t find the IP address. The main question now is: who is the “owner” of the IP address that appear in the NDR message? To be able to get the required answers, we can use public site that can provide us information about the owner of a specific public IP address. Using a public website that can provide is information about the “owner” of a specific Public IP address.
Page 20 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com As mentioned, an additional option that we can use to get information about a specific public IP address is by using different free services. In the following example, we will use a website named: https://db-ip.com/ In the following screenshot, we can see the result of the query for the IP address that appear in our results when using the mail header analyzer forms the former step: Additional reading  DB-IP – IP Geolocation and Network Intelligence  utrace  myip  reputationauthority Additional information
Page 21 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com  dnsbl  Blacklist Check Internal outbound spam in Office 365 environment | Article series index A quick reference for the article series My E-mail appears as a spam | Article series index | Part 0#17 The article index of the complete article series Introduction to the concept of internal outbound spam in general and in Office 365 and Exchange Online environment My E-mail appears as a spam – Introduction | Office 365 | Part 1#17 The psychological profile of the phenomenon: “My E-mail appears as a spam!”, possible factors for causing our E-mail to appear a “spam mail”, the definition of internal outbound spam. Internal spam in Office 365 – Introduction | Part 2#17 Review in general the term: “internal outbound spam”, miss conceptions that relate to this term, the risks that
Page 22 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com are involved in this scenario, outbound spam E-mail policy and more. Internal spam in Office 365 – Introduction | Part 3#17 What are the possible reasons that could cause to our mail to appear as spamjunk mail, who or what are this “elements”, that can decide that our mail is a spam mail?, what are the possible “reactions” of the destination mail infrastructure that identify our E- mail as spamjunk mail?. Commercial E-mail – Using the right tools | Office 365 | Part 4#17 What is commercial E-mail? Commercial E-mail as part of the business process. Why do I think that Office 365 Exchange Online is unsuitable for the purpose of commercial E-mail? Introduction if the major causes for a scenario in which your organization E-mail appears as spam My E-mail appears as spam | The 7 major reasons | Part 5#17 Review three major reasons, that could lead to a scenario, in which E- mail that is sent from our organization identified as spam mail:
Page 23 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com 1. E-mail content, 2. Violation of the SMTP standards, 3. BulkMass mail My E-mail appears as spam | The 7 major reasons | Part 6#17 Review three major reasons, that could lead to a scenario, in which E- mail that is sent from our organization identified as spam mail: 4. False positive, 5. User Desktop malware, 6. “Problematic” Website Introduction if the subject of SPF record in general and in Office 365 environment What is SPF record good for? | Part 7#17 The purpose of the SPF record and the relation to for our mail infrastructure. How does the SPF record enable us to prevent a scenario in which hostile elements could send E-mail on our behalf. Implementing SPF record | Part 8#17 The “technical side” of the SPF record: the structure of SPF record, the way that we create SPF record, what is the required syntax for the SPF record in an Office 365 environment + mix mail environment, how to verify the existence of SPF record and so on.
Page 24 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com Introduction if the subject of Exchange Online - High Risk Delivery Pool High Risk Delivery Pool and Exchange Online | Part 9#17 How Office 365 (Exchange Online) is handling a scenario of internal outbound spam by using the help of the Exchange Online- High Risk Delivery Pool. High Risk Delivery Pool and Exchange Online | Part 10#17 The second article about the subject of Exchange Online- High Risk Delivery Pool. The troubleshooting path of internal outbound spam scenario My E-mail appears as spam – Troubleshooting path | Part 11#17 Troubleshooting scenario of internal outbound spam in Office 365 and Exchange Online environment. Verifying if our domain name is blacklisted, verifying if the problem is related to E-mail content, verifying if the problem is related to specific organization user E-mail address, moving the troubleshooting process to the “other side.
Page 25 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com My E-mail appears as spam | Troubleshooting – Domain name and E-mail content | Part 12#17 Verify if our domain name appears as blacklisted, verify if the problem relates to a specific E-mail message content, registering blacklist monitoring services, activating the option of Exchange Online outbound spam. My E-mail appears as spam | Troubleshooting – Mail server | Part 13#17 What is the meaning of: “our mail server”?, Mail server IP, host name and Exchange Online. One of our users got an NDR which informs him, that his mail server is blacklisted!, How do we know that my mail server is blacklisted? My E-mail appears as spam | Troubleshooting – Mail server | Part 14#17 The troubleshooting path logic. Get the information from the E-mail message that was identified as spamNDR. Forwarding a copy of the NDR message or the message that saved to the junk mail
Page 26 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com My E-mail appears as spam | Troubleshooting – Mail server | Part 15#17 Step B – Get information about your Exchange Online infrastructure, Step C – fetch the information about the Exchange Online IP address, Step D – verify if the “formal “Exchange Online IP address a De-list your organization from a blacklist | My E-mail appears as spam | Part 16#17 Review the charters of a scenario in which your organization appears as blacklisted. The steps and the operations that need to be implemented for de-list your organization from a blacklist. Summery and recap of the troubleshooting and best practices in a scenario of internal outbound spam Dealing and avoiding internal spam | Best practices | Part 17#17 Provide a short checklist for all the steps and the operation that relates to a scenario of – internal outbound spam.

Recommended

Il congiuntivo imperfetto e trapassato
Il congiuntivo imperfetto e trapassatoIl congiuntivo imperfetto e trapassato
Il congiuntivo imperfetto e trapassatoDanilo Buccarello
 
Færre reinnleggelser i sykehus ved samhandling mellom kommunene?
Færre reinnleggelser i sykehus ved samhandling mellom kommunene?Færre reinnleggelser i sykehus ved samhandling mellom kommunene?
Færre reinnleggelser i sykehus ved samhandling mellom kommunene?Lungenettet
 
Sueño mi universidad
Sueño mi universidadSueño mi universidad
Sueño mi universidadDaniella Uribe
 
Problemas psicologicos
Problemas psicologicosProblemas psicologicos
Problemas psicologicosDenis Miranda R
 
Pages 147 to 158
Pages 147 to 158Pages 147 to 158
Pages 147 to 158catapaca
 
E twinning კონფერენციისთვის
E twinning კონფერენციისთვისE twinning კონფერენციისთვის
E twinning კონფერენციისთვისNino Kokilashvili
 
Cloud Driven Development: a better workflow, less worries, and more power
Cloud Driven Development: a better workflow, less worries, and more powerCloud Driven Development: a better workflow, less worries, and more power
Cloud Driven Development: a better workflow, less worries, and more powerMarzee Labs
 
12213217 pss7
12213217 pss712213217 pss7
12213217 pss7irenechau
 

Recommended

Il congiuntivo imperfetto e trapassato
Il congiuntivo imperfetto e trapassatoIl congiuntivo imperfetto e trapassato
Il congiuntivo imperfetto e trapassatoDanilo Buccarello
 
Færre reinnleggelser i sykehus ved samhandling mellom kommunene?
Færre reinnleggelser i sykehus ved samhandling mellom kommunene?Færre reinnleggelser i sykehus ved samhandling mellom kommunene?
Færre reinnleggelser i sykehus ved samhandling mellom kommunene?Lungenettet
 
Sueño mi universidad
Sueño mi universidadSueño mi universidad
Sueño mi universidadDaniella Uribe
 
Problemas psicologicos
Problemas psicologicosProblemas psicologicos
Problemas psicologicosDenis Miranda R
 
Pages 147 to 158
Pages 147 to 158Pages 147 to 158
Pages 147 to 158catapaca
 
E twinning კონფერენციისთვის
E twinning კონფერენციისთვისE twinning კონფერენციისთვის
E twinning კონფერენციისთვისNino Kokilashvili
 
Cloud Driven Development: a better workflow, less worries, and more power
Cloud Driven Development: a better workflow, less worries, and more powerCloud Driven Development: a better workflow, less worries, and more power
Cloud Driven Development: a better workflow, less worries, and more powerMarzee Labs
 
12213217 pss7
12213217 pss712213217 pss7
12213217 pss7irenechau
 
семинар тарасенко и.а.
семинар тарасенко и.а.семинар тарасенко и.а.
семинар тарасенко и.а.Adenski
 
Memetika 2012
Memetika 2012Memetika 2012
Memetika 2012Zoltan Brandt
 
ورقة عمل حساب
ورقة عمل حسابورقة عمل حساب
ورقة عمل حسابmuhmadbdran
 
Mali
MaliMali
MaliDWC_1
 
het ABC van de sociale media
het ABC van de sociale mediahet ABC van de sociale media
het ABC van de sociale mediakwb_eensgezind
 
Animals
AnimalsAnimals
Animalsblusky28
 
3 a cognitive heuristic model of community recognition final
3 a cognitive heuristic model of community recognition final3 a cognitive heuristic model of community recognition final
3 a cognitive heuristic model of community recognition finalAle Cignetti
 
Trends in SAP Data Centers
Trends in SAP Data CentersTrends in SAP Data Centers
Trends in SAP Data CentersDirk Oppenkowski
 
презентация театральна скринька
презентация театральна скринькапрезентация театральна скринька
презентация театральна скринькаdnz234
 
Presentation1
Presentation1Presentation1
Presentation1oky_put13
 
Test
TestTest
Testhophuong0208
 
How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2Eyal Doron
 
How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...Eyal Doron
 
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Eyal Doron
 
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...Eyal Doron
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...Eyal Doron
 
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comWhat is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comEyal Doron
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...Eyal Doron
 
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Eyal Doron
 
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Eyal Doron
 
Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Eyal Doron
 
Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Eyal Doron
 

More Related Content

Viewers also liked

семинар тарасенко и.а.
семинар тарасенко и.а.семинар тарасенко и.а.
семинар тарасенко и.а.Adenski
 
ورقة عمل حساب
ورقة عمل حسابورقة عمل حساب
ورقة عمل حسابmuhmadbdran
 
Mali
MaliMali
MaliDWC_1
 
het ABC van de sociale media
het ABC van de sociale mediahet ABC van de sociale media
het ABC van de sociale mediakwb_eensgezind
 
3 a cognitive heuristic model of community recognition final
3 a cognitive heuristic model of community recognition final3 a cognitive heuristic model of community recognition final
3 a cognitive heuristic model of community recognition finalAle Cignetti
 
Trends in SAP Data Centers
Trends in SAP Data CentersTrends in SAP Data Centers
Trends in SAP Data CentersDirk Oppenkowski
 
презентация театральна скринька
презентация театральна скринькапрезентация театральна скринька
презентация театральна скринькаdnz234
 
Presentation1
Presentation1Presentation1
Presentation1oky_put13
 

Viewers also liked (11)

семинар тарасенко и.а.
семинар тарасенко и.а.семинар тарасенко и.а.
семинар тарасенко и.а.
 
Memetika 2012
Memetika 2012Memetika 2012
Memetika 2012
 
ورقة عمل حساب
ورقة عمل حسابورقة عمل حساب
ورقة عمل حساب
 
Mali
MaliMali
Mali
 
het ABC van de sociale media
het ABC van de sociale mediahet ABC van de sociale media
het ABC van de sociale media
 
Animals
AnimalsAnimals
Animals
 
3 a cognitive heuristic model of community recognition final
3 a cognitive heuristic model of community recognition final3 a cognitive heuristic model of community recognition final
3 a cognitive heuristic model of community recognition final
 
Trends in SAP Data Centers
Trends in SAP Data CentersTrends in SAP Data Centers
Trends in SAP Data Centers
 
презентация театральна скринька
презентация театральна скринькапрезентация театральна скринька
презентация театральна скринька
 
Presentation1
Presentation1Presentation1
Presentation1
 
Test
TestTest
Test
 

More from Eyal Doron

How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2Eyal Doron
 
How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...Eyal Doron
 
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Eyal Doron
 
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...Eyal Doron
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...Eyal Doron
 
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comWhat is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comEyal Doron
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...Eyal Doron
 
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Eyal Doron
 
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Eyal Doron
 
Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Eyal Doron
 
Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Eyal Doron
 
Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Eyal Doron
 
Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4Eyal Doron
 
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4Eyal Doron
 
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36Eyal Doron
 
Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36Eyal Doron
 
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Eyal Doron
 

More from Eyal Doron (20)

How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2
 
How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...
 
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
 
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
 
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comWhat is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...
 
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
 
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
 
Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...
 
Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...
 
Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...
 
Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4
 
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
 
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
 
Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36
 
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 

Recently uploaded

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Recently uploaded (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17

  • 1. Page 1 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com MY E-MAIL APPEARS AS SPAM | TROUBLESHOOTING – MAIL SERVER | PART 15#17 In the current article, we will review the rest of the steps, in our troubleshooting journey that relates to a scenario in which we think or suspect that: The cause of the problem, in which “our E-mail” identified as spamJunk mail is caused by the fact that our Exchange Online IP address paper as blacklisted. In the former article – My E-mail appears as spam | Troubleshooting – Mail server | Part 15#17, we have reviewed the required steps for “fetching” the Exchange
  • 2. Page 2 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com Online IP address from the E-mail message. The current article is dedicated to step “B”, Step “C” and step “D”. Step B – Get information about Exchange Online infrastructure Get the required information about the Exchange Online server that represent our domain name (the Exchange Online host name + IP address) Step C – Fetch the information about the Exchange Online IP address In this step, we will need to locate the Exchange Online server IP address. The IP address could appear as part of the NDR E- mail message or, in case of a scenario in which we get a copy of the E-mail message that was sent to the junk mail folder of the destination recipient, fetch the required information from the E-mail header. Step D – verify if the “formal “Exchange Online IP address appear as blacklisted. This step builds on the information, we have obtained three previous steps. Given that we have the IP address of the Exchange Online server who appears in the NDR E-mail message + that we know what is the IP address of our Exchange Online server
  • 3. Page 3 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com who represents our domain name in Office 365, we can verify if the IP address that appear in the NDR is the IP address of our Exchange Online server. In case that the IP address is not the IP of our Exchange Online server (this is the most common scenario), it’s probably one of the IP addresses that belong to the Exchange Online High Risk Delivery Pool. Step B – Get information about your Exchange Online infrastructure
  • 4. Page 4 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com Step 1 – get the host name of the Exchange Online server who represents our domain in Office 365. To be able to answer the question: what is the IP address of the Exchange Online server who represents our domain? We will first need to know the “FQDN” (host name) of the Exchange Online server that represents our tenant in Office 365. There are a two ways that we can use to get information about the FQDN of the Exchange Online that “send E-mail for our domain” Option 1: Office 365 administrate portal  Login on to Office 365 administrate portal  On the left sidebar – choose the domain menu
  • 5. Page 5 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com  Choose – Manage DNS Under the Exchange Online section, look for information about the MX record host name (POINTS TO ADDRESS). In our scenario, the Exchange Online server who will “represent” our organization is: o365info-com.mail.protection.outlook.com Option 2: using the nslookup tool Another option for getting information about the “Host name” of the Exchange Online mail server that “represent” our organization is: by using the nslookup tool.  Open the command prompt  Type the command: Nslookup  Type the command: set type=mx
  • 6. Page 6 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com  Type the name of the domain that you want to display his MX record. In our scenario: com In the following screenshot, we can see the result of our MX query. In our example, the host name of the Exchange Online server who represents our domain is:o365info- com.mail.protection.outlook.com Step 2 – Get the IP address of the Exchange Online server who represent our domain. A couple of notes regarding the subject of Exchange Online and his Public IP address:  The Exchange Online (that host name who appears in our domain MX record) is mapped to more than one IP address.
  • 7. Page 7 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com  This “IP address” represent additional Office 365 tenants besides our domain.  In case that we suspect that our Exchange Online mail server appears as blacklisted, we will need to verify information about each of the public IP addresses that are “bind” to the Exchange Online server who represents our domain name. To be able to get information about the IP address that are “mapped” to the host name of the Exchange Online server who represents our domain, we can use an option such as the nslookup tool.  Open the command prompt  Type the command: Nslookup  Type the host name of the Exchange Online server who represents your domain. In our example:o365info- com.mail.protection.outlook.com In the following screenshot, we can see the results. In our example, the “answer” is the IP address of the Exchange Online servers who represent our domain are: 213.199.154.87
  • 8. Page 8 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com and 213.199.154.23 Step C – Fetch the information about the Exchange Online IP address In the phase, our mission is to get the IP address of the Exchange Online server who appear in the E-mail message. The Exchange Online IP address could appear in the NDR message or in the E-mail header of the E-mail message that was saved in the junk mail folder of the destination external receipt.
  • 9. Page 9 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com The information about the Exchange Online mail server that sent the E-mail message appears in the content of the E-mail header. Technically speaking, we get the required information from the “raw data” in the mail header text but this is not an easy task. The preferred option is using a mail header analyzer, which will help us the display the information in a clear way. In our example, we will use the Microsoft tool named: Exchange connectivity analyzer 1. Access the Exchange connectivity analyzer web site 2. Copy the information from the mail header.
  • 10. Page 10 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com 3. Choose the Message Analyzer tab 4. In the section: “Insert the message header you would like to analyze” paste the information from the mail header In the following screenshot, we can see the results. The information in the Received headers, displays a clear path through the mail flow. We can see the Exchange Online servers that accept the E-mail from the Office 365 recipients, but this is not the “final node” in our mail flow.
  • 11. Page 11 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com The Exchange Online server (10.255.179.24) forward the E-mail message to the additional Exchange Online server (10.255.179.23) and the Exchange Online server the “deliver” the E-mail message to the external recipient, is an Exchange Online server who is represented by the IP address: 157.55.234.141 Conclusion from the Message Analyzer By analyzing the information in the E-mail header, we can see the flow of the E-mail message “inside Exchange Online infrastructure”. We can see that the E-mail message “travel” between a couple or more than one Exchange Online server. The “most important” Exchange Online server in our scenario is the “last Exchange Online server”, who is responsible for delivering the E-mail message to “her destination” (the mail server that represents the destination recipient).
  • 12. Page 12 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com If you notice, in our example, the IP address of the Exchange Online server that sent out the E-mail message is: 157.55.234.141. As mentioned, from my experience, this IP address is “belong” to the Exchange Online Higher Risk Delivery Pool. Step D – verify if the “formal “Exchange Online IP address appear as blacklisted. In this phase, we want to verify if the IP address that appear in the NDR message that we got (or the E-mail message that was sent to the junk mail folder of the destination recipient) is the “formal IP address” of the Exchange Online server who represents our domain. Note – the scenario in which the Exchange Online IP address that represent our domain name is blacklisted is quite rare. A more common scenario, is a scenario in which the IP address that appear in the E-mail message belong to the Exchange Online- High Risk Delivery Pool IP address range.
  • 13. Page 13 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com After we got the IP address that are mapped to the Exchange Online server who represents our domain, the next step is – use online tools, which will help us to check if one of the IP addresses of our Exchange Online mail server name appears as blacklisted. In the following example, we will use a free on-line tool that is offered by mxtoolbox. 1. Go to the mxtoolbox site and choose the Blacklists menu. 2. In our example, our Exchange Online host name is mapped to the following IP address: 213.199.154.87 and 213.199.154.23 In the box: Server IP or domain we will enter the IP: 213.199.154.87 Choose: Blacklists check.
  • 14. Page 14 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com In the following screenshot, we can see the result. In our scenario, it appears that the IP address of our mail server (o365info-com.mail.protection.outlook.com) is “green and clean” meaning; the domain IP Address doesn’t appear in well-known blacklists.
  • 15. Page 15 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com The scenario in which the “formal IP address” of the Exchange Online server who represents our domain name could be considered as rare scenario.
  • 16. Page 16 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com In case that you experienced the above scenario, the only available option is to report this problem to the Office 365 technical support. Get more information about the Exchange Online IP address Just a short recap about the troubleshooting path that we’ve been through so far: 1. We got an NDR message which informs us that our mail server is blacklisted. 2. We have already verified that our “formal Exchange Online IP address” doesn’t appear as blacklisted. 3. We have “fetch” from the NDR message the IP address that is blacklisted. 4. We want to get more detailed information about this specific IP address. In this phase, we can assume that the IP address that appears in the NDR belong to the Exchange Online- High Risk Delivery Pool IP range. To be able to validate our hypothesis, we can use the information about the public IP range of Office 365 and Exchange Online that was published by Microsoft. How do I know, if the IP address of the “mail server” is Office 365 Exchange Online IP address?
  • 17. Page 17 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com Microsoft publishes a set of articles that include detailed information about the public IP range and the URL address of all Office 365 infrastructures. The main article or the index for all the different Office 365 infrastructure is an article: Office 365 URLs and IP address ranges This article includes a detailed information about all the “different parts and infrastructures” of Office 365 such as – Exchange Online, EOP (Exchange Online protection), SharePoint Online, Lync Online etc. In our scenario, our main Interest is regarding the Exchange Online public IP range and the EOP (Exchange Online Protection) public IP range. The information about the EOP public IP range appears in a separate article: Exchange Online Protection IP addresses In the following screenshot, we can see an example of the information about the public IP range of EOP (Exchange Online protection).
  • 18. Page 18 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com In case that the IP address that appear in the NDR is not our “formal Exchange Online IP address” and in case that the IP address appears in the “Office 365 and Exchange Online” public IP range, you cannot be sure 100 percent that the IP address belongs to the Exchange Online High Risk Delivery Pool, but It is very likely to assume. In this case, we already know, that the issue is not related to a problem with the IP address of the Exchange Online server,
  • 19. Page 19 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com but instead, to the E-mail message content that was sent by our organization user. The E-mail address in the NDR doesn’t appear in the Office 365 public IP range. This scenario is quite rare, but I think that it’s important that you will be aware of all the possible scenario and tools that you can use in the different scenarios. The charters of this scenario are as follows:  The NDR message that we got informed us that our mail server is blacklisted. The IP address in the NDR is not the formal IP address of the Exchange Online that representative our domain.  We have performed a search for the IP address in the NDR in the public IP address range of Office 365 and Exchange Online by using the public articles: o Office 365 URLs and IP address ranges o Exchange Online Protection IP addresses  And we didn’t find the IP address. The main question now is: who is the “owner” of the IP address that appear in the NDR message? To be able to get the required answers, we can use public site that can provide us information about the owner of a specific public IP address. Using a public website that can provide is information about the “owner” of a specific Public IP address.
  • 20. Page 20 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com As mentioned, an additional option that we can use to get information about a specific public IP address is by using different free services. In the following example, we will use a website named: https://db-ip.com/ In the following screenshot, we can see the result of the query for the IP address that appear in our results when using the mail header analyzer forms the former step: Additional reading  DB-IP – IP Geolocation and Network Intelligence  utrace  myip  reputationauthority Additional information
  • 21. Page 21 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com  dnsbl  Blacklist Check Internal outbound spam in Office 365 environment | Article series index A quick reference for the article series My E-mail appears as a spam | Article series index | Part 0#17 The article index of the complete article series Introduction to the concept of internal outbound spam in general and in Office 365 and Exchange Online environment My E-mail appears as a spam – Introduction | Office 365 | Part 1#17 The psychological profile of the phenomenon: “My E-mail appears as a spam!”, possible factors for causing our E-mail to appear a “spam mail”, the definition of internal outbound spam. Internal spam in Office 365 – Introduction | Part 2#17 Review in general the term: “internal outbound spam”, miss conceptions that relate to this term, the risks that
  • 22. Page 22 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com are involved in this scenario, outbound spam E-mail policy and more. Internal spam in Office 365 – Introduction | Part 3#17 What are the possible reasons that could cause to our mail to appear as spamjunk mail, who or what are this “elements”, that can decide that our mail is a spam mail?, what are the possible “reactions” of the destination mail infrastructure that identify our E- mail as spamjunk mail?. Commercial E-mail – Using the right tools | Office 365 | Part 4#17 What is commercial E-mail? Commercial E-mail as part of the business process. Why do I think that Office 365 Exchange Online is unsuitable for the purpose of commercial E-mail? Introduction if the major causes for a scenario in which your organization E-mail appears as spam My E-mail appears as spam | The 7 major reasons | Part 5#17 Review three major reasons, that could lead to a scenario, in which E- mail that is sent from our organization identified as spam mail:
  • 23. Page 23 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com 1. E-mail content, 2. Violation of the SMTP standards, 3. BulkMass mail My E-mail appears as spam | The 7 major reasons | Part 6#17 Review three major reasons, that could lead to a scenario, in which E- mail that is sent from our organization identified as spam mail: 4. False positive, 5. User Desktop malware, 6. “Problematic” Website Introduction if the subject of SPF record in general and in Office 365 environment What is SPF record good for? | Part 7#17 The purpose of the SPF record and the relation to for our mail infrastructure. How does the SPF record enable us to prevent a scenario in which hostile elements could send E-mail on our behalf. Implementing SPF record | Part 8#17 The “technical side” of the SPF record: the structure of SPF record, the way that we create SPF record, what is the required syntax for the SPF record in an Office 365 environment + mix mail environment, how to verify the existence of SPF record and so on.
  • 24. Page 24 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com Introduction if the subject of Exchange Online - High Risk Delivery Pool High Risk Delivery Pool and Exchange Online | Part 9#17 How Office 365 (Exchange Online) is handling a scenario of internal outbound spam by using the help of the Exchange Online- High Risk Delivery Pool. High Risk Delivery Pool and Exchange Online | Part 10#17 The second article about the subject of Exchange Online- High Risk Delivery Pool. The troubleshooting path of internal outbound spam scenario My E-mail appears as spam – Troubleshooting path | Part 11#17 Troubleshooting scenario of internal outbound spam in Office 365 and Exchange Online environment. Verifying if our domain name is blacklisted, verifying if the problem is related to E-mail content, verifying if the problem is related to specific organization user E-mail address, moving the troubleshooting process to the “other side.
  • 25. Page 25 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com My E-mail appears as spam | Troubleshooting – Domain name and E-mail content | Part 12#17 Verify if our domain name appears as blacklisted, verify if the problem relates to a specific E-mail message content, registering blacklist monitoring services, activating the option of Exchange Online outbound spam. My E-mail appears as spam | Troubleshooting – Mail server | Part 13#17 What is the meaning of: “our mail server”?, Mail server IP, host name and Exchange Online. One of our users got an NDR which informs him, that his mail server is blacklisted!, How do we know that my mail server is blacklisted? My E-mail appears as spam | Troubleshooting – Mail server | Part 14#17 The troubleshooting path logic. Get the information from the E-mail message that was identified as spamNDR. Forwarding a copy of the NDR message or the message that saved to the junk mail
  • 26. Page 26 of 26 | My E-mail appears as spam | Troubleshooting - Mail server | Part 15#17 Written by Eyal Doron | o365info.com My E-mail appears as spam | Troubleshooting – Mail server | Part 15#17 Step B – Get information about your Exchange Online infrastructure, Step C – fetch the information about the Exchange Online IP address, Step D – verify if the “formal “Exchange Online IP address a De-list your organization from a blacklist | My E-mail appears as spam | Part 16#17 Review the charters of a scenario in which your organization appears as blacklisted. The steps and the operations that need to be implemented for de-list your organization from a blacklist. Summery and recap of the troubleshooting and best practices in a scenario of internal outbound spam Dealing and avoiding internal spam | Best practices | Part 17#17 Provide a short checklist for all the steps and the operation that relates to a scenario of – internal outbound spam.