Blog

Global up-tick in spam volume

Over the past few weeks, there's been a general up-tick in the volume of spam being sent, and many of our users have confirmed receiving more spam messages. This new wave of spam reflects changes made by spammers to work around many existing filtration methods.

Based on how spam filters work, the filters will adapt over time. Since some 98% of the mail is already being blocked, as spam volume increases, users will see more spam in their mailboxes.

Of course we're always working to improve such things and no one likes spam in their mailboxes, including us! :)

As ever, do please contact us if you have questions. 

Have a super day! :)

 

Internal Internet squabbles that affect everyone

Over the past few months, you might've heard about, or even experienced, issues with poor Netflix streaming performance. This is especially true on certain ISPs, like Comcast & Verizon.

While terms like "net neutrality" get tossed around, the entire problem stems from an issue that, from the end-user perspective, is technical and obscure. It's an issue called "peering". Basically, peering is where one ISP (like Verizon) exchanges traffic bound for another ISP (like Comcast). 

Historically, ISPs exchange traffic with each other at no charge, and that made sense since, more-or-less, the amount of traffic coming and going between the two ISPs was equal. With the advent of video streaming services like Netflix, that 50/50 balance is no often not to equitable.

Netflix primarily uses an ISP called Level 3, and Netflix/Level 3 is in a squabble with other ISPs over no-charge peering. Verizon & Comcast are refusing to carry all of Netflix/Level 3's traffic at no charge, and Netflix/Level 3 is refusing to pay for something that has historically been free. In the meantime, the end-user experiences poor internet performance as ISPs refuse to upgrade internet links between each other, the "peering" links.

You might be thinking now, "I don't even use Netflix. How is this relevant to me?". It's relevant to you because lots of other services, like VoIP providers, are caught in similar situations.

Specifically, many of our clients use a VoIP carrier called Bandwidth.com and are sometimes experiencing issues related to calls connecting and call quality. The root cause is "high up the chain", that is, it's an issue that stems from the disputes between these ISPs. Sadly, there isn't much for anyone, even Exigent, to do at the moment. There's certainly nothing to be done at your site or on your equipment that will help. 

We're all hoping these parties will sort out their issues soon, as it affects our phone service (and Netflix!) too. :(

 

More scam emails

Here are a few scam emails, each making an attempt to infect you with malware but in different ways.

Example 1:

This one is pretty legitimate looking, other than the fact that I have no relationship with Lloyds Commercial Banking. 

Do note the following:

  1. The "From:" address has been spoofed (faked) and appears legitimate. Remember: falsifying the "From:" address on an email is trivial to do. It's in no way trustworthy.
  2. The message appears to be a forward. Clever. It lends to the message's credibility.
  3. Here's where our filter removed the malware and replaced it with a notice that a potentially dangerous attachment was removed.
  4. Bad grammar. A common feature of scammy emails.
  5. This one I point out just because I laughed a little when I read it. Remember: just because someone says it, even in email, doesn't mean it's true. :)

Here's another:

I should point out the FedEx logo isn't even correct, but there are more telling signs.

  1. The "From:" address isn't even in the fedex.com domain!
  2. Bad grammar.
  3. This is the URL the "Get Shipment Label" would take you to. Do you think "byroadstravel.com" is a domain FedEx would use? I don't. 

Clicking that link downloads a .zip file containing malware, for those of you that were curious. Our email filter can't stop malicious downloads, only attachments, so be safe and don't click on suspicious links. :)

An introduction to Exigent: tickets

You'll often hear us, or really any technical organization, refer to a "ticket". Sometimes we'll ask you to "email in a ticket" or hear us say we'll "open a ticket". So... what's a ticket?

Basically, a ticket is an entry in our helpdesk system, and is made up of comments & documents related to a single issue that we're working on. It's identified with a unique number (e.g., 22450), and, if things go as we intend, in the end, represents an immutable record of the work we performed and when we did it.

Our helpdesk system (Zendesk) is what we us to receive, organize, track, assign, document, and bill about 99% of the work that we do everyday. It also helps us keep you up-to-date on the status of your issue by emailing you each and every time we have relevant information for you. 

Though there is a web interface that Exigent uses, most of our clients just see our helpdesk system as email, because that's how they interface with it: via email.

When you email support@exigent.com, the email goes to the helpdesk software, which, if the ticket doesn't reference an existing issue:

  1. creates a new entry in the system
  2. assigns it an ID number
  3. emails you
  4. emails each and every one one of us at Exigent

When you reply to an email from an existing ticket, the helpdesk system adds your new message onto the (perhaps long, long) running conversation and history of the ticket. It also, again, emails you with a confirmation, and emails each and every one of us with your update.

That's the reason we all know whenever a ticket is opened or updated by you: because we all get emailed. There's no "shared mailbox" that here that you just have to pray gets checked; support emails comes right to us. :)

You might notice each ticket has a "status". The status means the following:

  1. New: your request has been received and Exigent has not actioned it yet.
  2. Open: Exigent has actioned your new ticket in some way.
  3. Pending: Exigent is waiting on something from you, e.g., more information, testing, confirmation, etc.
  4. Solved: Exigent believes the issue you've contacted us about has been solved. Replying to a ticket in the Solved state will automatically re-open it, and that's OK: maybe you have more to say. :)
  5. Closed: tickets enter this state after being marked Solved . Once Closed, they cannot be re-opened.

For a bunch of reasons, we need there to be just one issue in each ticket. When there are multiple issues in a ticket, we can't effectively assign the work to be performed, which means your issue's resolution gets delayed, or worse, we just flat out forget about a secondary (or tertiary, etc.) issue that happened to get mentioned somewhere in the pages and pages of text that the ticket is now comprised of. It also makes it hard for our clients to manage their bills, and hard for us to have any meaningful performance metrics for ourselves.

We're 100% A-OK with you sending 2, 3, 4, 10, or 20 separate emails if you have 2, 3, 5, 10, or 20 separate issues. It's easy for us to merge tickets that should be just one ticket; it's more work to separate out issues that should be multiple tickets. If you're in doubt, compose separate emails to support@exigent.com and we'll sort it out. Your issue will get handled more quickly, and besides: we don't charge by the ticket. :)

9/4/2014 Outage Postmortem

There was a brief outage today in the Exigent private cloud affecting some clients. The outage started at approximately 10:50am and ended at 11:06am, at which point systems began coming back online. Services that failed to start automatically were worked on and repaired. No Exigent labor that was expended on issues relating to this outage will be billed.

The cause was a hard lock of the primary storage system's controlling server. We've noted some oddities with this unit and, in the interest of not risking another outage, we've ordered entirely new hardware. Installation will take place during a future Monday maintenance period.

We understand outages are disruptive to your business and feel your pain: out systems run on the same infrastructure that experienced this unplanned downtime today. :(

Testing & User Acceptance

One of the things that drive us crazy is when a vendor says something like "OK - it's all fixed!!", then we try it and it doesn't work. Clearly, the person doing the work didn't actually take the time to test the work they performed. We think it implies a carelessness, too. Either way, this experience makes us sad. :(

At Exigent we really, desperately try to make our clients happy, and one of the ways we do that is by:

  1. testing the work we do, to see that it's working properly, or as intended
  2. have you test and confirm it's working to your satisfaction or expectations

These are both important steps in the support process.

Regarding step number one, because we often work remotely, depending on the work being performed, the amount of testing we can do is limited. Setting up a new printer for example: we really don't consider the work complete until we actually print something and see that it printed correctly. That's pretty hard to do from two-hundred miles away. :)

Step number two is just as important. There are often things that you'll want done, and we'd like to do them for you, but that didn't get communicated to us. Having you test it for yourself let's us discover those things that maybe weren't initially stated.

We don't like to just assume things are correct once we finish our work; it's something we internally deride as "IT hubris". No one is so good at what they do that testing isn't necessary, so while we check our work, we're going to ask you to check our work to. We really, really appreciate it when you're to test and confirm the changes we make when you have a moment. We leave issues (tickets) set to "Pending" to give you time to do this and let us know that we got it right. :)

Office closed on Monday 9/1/2014 for Labor Day

Exigent's office will be closed for normal business on Monday September 1 2014 in observance of Labor Day. We'll resume our normal schedule on 8am - 5pm on Tuesday September 2 2014.

As ever, contract labor clients can contact us via phone to reach our on-call engineer for support with emergency needs 24/7 365. 

Do please enjoy your holiday. :)

How our spam filtering works

As we've noted in earlier posts, Exigent provides spam & malicious attachment filtering for most of its clients. We sometimes get questions regarding a new influx of spam or an email that was reportedly sent but never arrived. I'll provide some insight into how the spam filtering works. Let's start with this illustration:

For security, the internet never talks directly to your mail server. Instead, all mail is delivered to our filtering server first. In fact, there's even a spam check that occurs before the mail arrives at our filter.

When a random internet computer contacts our filter with mail for your domain, our filter first checks the general reputation of the sending computer. If it's particularly bad, usually for sending large quantities of spam, its address will appear on a public blacklist. In this event, the mail isn't accept for further handling, but rather is rejected outright and the sender (in the "From:" line) is notified.

Assuming the sending computer isn't on a blacklist, the mail is accepted by our filter, at which point it undergoes a statistical analysis of the body and other information. Forbidden (that is, potentially dangerous) attachments are removed and replaced with a notice at this stage too.

Our filter's analysis issues it a spam score based on the characteristics of the message. These characteritsics include things like: are prescription drugs discussed? Big flashy headlines? Lots of all-capital lines? Is the entire message body an image, or mostly images? Have lots of other filters on the internet seen a very similar message recently? Are there links to known malicious or spammy sites in the message? All of these things contribute to a higher spam score.

If the message's spam score exceeds a threshold we set for your organization, it's never delivered to your email server, and thus, if by chance a message is being blocked at our filter, adding the sender to the "Safe Sender" or similar list in Outlook won't help. 

Fortunately, over 98% of the inbound mail we filter for all of our clients is already filtered as spam. That's a lot!

We sometimes get asked to "block this example of spam", especially when a new wave of spam starts being sent, with slightly different characteristics in order to slip past everyone's spam filters. Sadly, we're usually unable to instantly block these things, since things like the "From:" address is set to a random and phony address for each and every message. The spammers even send from many, many computers, many hijacked with malware,  in order to make the job of blocking spam harder. We just have to give the whole internet and our filter a little time to examine many examples of this kind of spam and catch up. The spammers know this too, and thus they craft new kinds of spam every so often as filters improve their effectiveness.

We do have some a few individuals that end up preferring to have the most egregious spam filtered by our filter, but then let everything else through and let their copies of Outlook sort it out. This helps ensures they never have legitimate mail marked as spam when it wasn't. In this scenario they are still protected by our malicious attachment filtering.

For the time being, with the current design of the internet, there's no easy fix for spam, and thus you can expect to see a little spam, sometimes more, on any given day. Of course, we're always tweaking and taking efforts to improve the effectiveness of the filter, because it filters our mail too, and we don't like spam either. :)

As ever, if you have questions, please feel free to contact us. :)

 

Dangerous attachments automatically removed from email :)

One of the services we provide for most every client, and certainly every contract client, is email filtering. While spam is filtered as a part of this service, perhaps one of the most important features of this service is the automatic removal of potentially dangerous attachments.

These potentially dangerous attachments are usually .exe files, which should generally never be sent via email or run when received via email, as their source cannot be readily verified. Our filter even removes .zip and other archive files that contain potentially dangerous files.

It's a common tactic for scammers to send malware via an email attachment, usually in the guise of a photo, an invoice, a court summons, a funeral notice, or some other "important" or "interesting" piece of information.

Below is an example of an email, suspicious at its face, with its dangerous attachment removed:

A few things of note:

  1. Incredibly suspicious email address. 
  2. Exigent's notice that attachments were removed.
  3. The names of the files that were removed. photo.exe? Come on. :)

In the event you needed a file attachment that our filter removed, forwarding the email to our support email address is the easiest way for us to help, as it contains all the information we need to assist you.

Finding TeamViewer on your computer

We use TeamView for in order to provide remote support. It lets us see what's on your screen and control the mouse & keyboard. It's really invaluable for us and dramatically shortens the time necessary for us to resolve your issue, often saving a trip on site. You just give us the 9 digit "Partner ID" and we can start helping.

One small challenge we often face is that TeamViewer may be running, but it's hard to locate, and thus you might be unable to find that all-important 9 digit number.

Here are a few pictures and steps you can take that might help you help us so we can help you. ;)

If TeamViewer is running, it'll be down in the "system tray", which is what Windows calls the place where the little icons live down my the clock, usually in the lower right-hand corner of the screen.

The TeamViewer icon is a little blue box with a white circle, and looks like this:

Despite all your looking, though, you may not immediately see it, because Windows likes to hide icons that it thinks you don't need to see all the time. TeamViewer is one of those programs, so your TeamViewer might be running but your system tray looks like this:

No TeamViewer icon visible, is there? However, that little "up" arrow (sometimes is a "left" arrow, in some versions of Windows) on the left tells us that Windows has more icons to show, and clicking it reveals this:

There's what we're looking for!!

If you double-click the icon, you'll get a window with a the "Your ID" that we're looking for. Just give us that 9 digit number and we'll usually be able to help right away.