During a cloud migration from a on-premise Exchange server behind a commercial firewall to a full Office365 Exchange we noticed the amount of spam that was getting through. Here is an example of the email.
The phishing email looks very genuine, but isn’t. We hope you find this information prior to an incident at your facility and it helps you thwart any attempt at gaining access to your facilities network.
Let us know if this helped you…
Had a user who started to get this message. “Your message couldn’t be delivered because you weren’t recognized as a valid sender”. Logged into their Office 365 Admin account and went to Protection >> Action Center. Saw the user there and clicked “unblock” them. It took a minute, and came back with the user still in the list. I tried to send an email at the user and got the same error. In the Admin panel >> Action Center the user was still listed. I clicked “unblock” again and this time the user wasn’t listed. I tried to send another email, and got the same error again. I see a alert on the Action Center page to go to the new “Restricted Users page“. This page didn’t show the user being blocked.
I looked at the error in the Non-Deliverable Report in the returned email. The error in the message is “550 5.1.8 Access denied, bad outbound sender“.
This page was a help to let me know it could take a few hours for the email to resume.
Let us know if this helped you…
I recently had to remove permissions from a mailbox where another user had “Full Access” or “Full Permissions” over. The original setup was done on the old Exchange 2010 server that was upgraded to 2016.
Let us know if this helped you…
We have been moving some customers over to Office 365.
Here are some of the steps required to do this.
Let us know if this helped you…
We needed to put together of list of email accounts a customer has in their Office 365 account. The following article was a huge help.
Let us know if this helped you….
We had a customer complaining about emails stuck in the spam filter. They were getting an email with the subject line “(3) Incoming messages failed to sync”. In the email was a button to “Restore Messages”; however, when we hovered over the link the web address was for “https://cheapfixerproperties.com/…”.
We told the customer this was a Phishing attempt, and to not click on that button. They are ready had. We ran a full Vipre scan on their machine.
The URL takes you to a site that Google has already flagged.
Let us know if this helped you…
We recently had a customer get a ISP change and on the same day were moving their DNS to Godaddy. A few weeks later they noticed a bunch of emails bouncing back with a lot of the email addresses being for Comcast. We weren’t sure if this was a Godaddy,DNS, Exchange, or ISP issue.
It turned out to be the ISP needed to a PTR (pointer record) to the IP address.
This link helped us know that the PTR record is set by the ISP.
https://community.spiceworks.com/topic/1212792-ptr-record-in-godaddy-not-working
Here are some of the other things we had tried.
Let us know if this helped you…
We recently set up a new Godady CPanel hosting and set up the main email account for this domain. We didn’t want to miss any emails so the email account was set up just like the old hosting CPanel email. We were hoping for a quick switch.
We were able to send from this new email account, but couldn’t receive email. We used the website http://www.mailtester.com and it was showing an error that the email address didn’t exist.
Back in the CPanel account I clicked on MX Entry and we could see it was set for “Remote Exchanger” we changed this to “Local Exchanger” and everything was working.
Let us know if this helped you…
We received an email from a old customer who got an email with the following message.
“I do know, xxxxxxx, is your password. You don’t know me and you are probably wondering why you are getting this e-mail, correct?
actually, I actually installed a malware on the adult vids (sexually graphic) site and do you know what, you visited this web site to have fun (you know what I mean). While you were watching video clips, your web browser started out functioning as a RDP (Remote Desktop) having a key logger which provided me access to your display screen as well as cam. after that, my software obtained all of your contacts from your Messenger, FB, as well as email.
What exactly did I do?
I created a double-screen video. 1st part displays the video you were watching (you’ve got a nice taste lol . . .), and 2nd part shows the recording of your web camera.
exactly what should you do?
Well, in my opinion, $2900 is a fair price for our little secret. You will make the payment through Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).
BTC Address: 149EV7BbQSuJTS8mHJ5kdjGBvSKMFu7tob
(It is cAsE sensitive, so copy and paste it)”
There was more to the email. The point is this email is a SCAM.
The biggest question was it was a password the customer had used in the past. Our best guess is someone gained access to an account they had and was able to capture name, email address and password. With this information they were able to get the scam started.
A Google search lead me to others that have received this email, and they all confirmed it was a scam.
Let us know if this helped you…
Had a customer and the newer employee was getting a error that they didn’t have permission to send email from a shared mailbox. Here is how we were able to resolve this.
Let us know if this helped you…