Skip to main content

Why Hotmail SmartScreen Should do Better


Got this spam mail that looks as if its from my other email account (Yahoo Mail).

Further inspect on the header reveals that the mail is from hotmail_631448ecb4add0e [at] hotmail.com. And the mail server is actually from the IP 179.89.131.27.

Why Hotmail SmartScreen not doing its job

SmartScreen should have filtered the email content, based on EITHER one of the following criteria, that can be implemented by checking just the email header.

1. The email content is obviously spam content. Nuff said.

2. The sender is obviously from a "anonymous" email that pretends to be another email.

3. The IP (179.89.131.27) of the mail server is OBVIOUSLY hosted on a spam source. This can be easily detected by cross-check with one of the spam database out there. For example http://www.dnsbl.info/.

These are simple methods to provide minimal layers protection for Hotmail users. 

(Notice I haven't even go into advanced SPAM fighting techniques like using DMARC)

Takeaway

SmartScreen team should learn from Gmail, and Facebook. Gmail did VERY well in filtering spam mails, and automatically categories emails for users.

Comments

Popular posts from this blog

225019099301.apps.googleusercontent.com

Recent activity on my Gmail just revealed that there's this app "Authorized Application (225019099301.apps.googleusercontent.com)" from IP address 54.235.159.144 assessing my Gmail.

The IP address is from a Amazon server ec2-54-235-159-144.compute-1.amazonaws.com. (IP Lookup).

And blacklist check (http://whatismyipaddress.com/blacklist-check) shows that the IP is clean too.

Clicking on the "Manage Account Access" didn't give any information on the application "225019099301.apps.googleusercontent.com".


After Googling, it appears that the app is Mailbox (source: http://productforums.google.com/forum/#!topic/gmail/9LVW_etXyTE)

To make things easy, Google should show the applications with their ID.


Backup MySQL to Azure Storage in 30 Seconds

Step 1. Disable password prompt for "mysqldump command"mysqldump: Got error: 1045: Access denied for user 'root'@'localhost' (using password: NO) when trying to connect 1. Run "vi ~/.my.cnf"
2. Add the following lines

[mysqldump]user=mysqluser password=secret
3. For Bitnami, you'll need to append the following line in "/opt/bitnami/mysql/my.cnf"

!include ~/.my.cnf
4. Try running to see if the command works.
mysqldump --all-databases > /home/bitnami/backups/db-backup.sql



Step 2(a). Install Azure-CLI Prerequisites: Installing npm.sudo apt-get update sudo apt-get install nodejs sudo apt-get install npm Note: If you facing issue while installing nodejs/npm on Ubuntu 12.04, you can refer to his article for alternative way to install https://rtcamp.com/tutorials/nodejs/node-js-npm-install-ubuntu/, or this http://stackoverflow.com/questions/16302436/install-nodejs-on-ubuntu-12-10#comment32247107_16303380

Install Azure CLI.npm install azure-cl…

Generate GoDaddy SSL Certificate (.crt) for Azure Websites (.pfx)

Step 1: Getting GoDaddy SSL cert.
Let's say you have a domain name of my_domain.com. You'll first need to generate the the .csr file for GoDaddy with the following command:

openssl req -new -newkey rsa:2048 -nodes -keyout my_domain.com.key -out my_domain.com.csr


This gives you 2 files:
my_domain.com.key - This is the private key
my_domain.com.csr - This is the Certificate Signing Request


Copy the content of my_domain.com.csr file to the SSL signing authority (GoDaddy).



Once approved, GoDaddy give you back a .zip file with the following 2 files:

18f1c77f369c0b59.crt - This is your cert
gd_bundle-g2-g1.crt - This is the GoDaddy Certificate Chain


Step 2: Convert a CERT/PEM certificate to a PFX certificate
openssl pkcs12 -export -out my_domain.com.pfx -inkey my_domain.com.key -in 18f1c77f369c0b59.crt


Step 3: Certificate to Upload to Azure.


Step 4: Assign SSL Bindings.




Step 5: Done!


References:

http://azure.microsoft.com/en-us/documentation/articles/web-sites-configure-ssl-certificate…