cancel
Showing results for 
Search instead for 
Did you mean: 
jlockie
Level 7

Dealing with ConstantContact Service Users....

Jump to solution

Ok, I have a problem I'm not quite sure how to deal with.

One of our senior level management people keeps receiving spam from an organization.  He has tried to unsubscribe without success.  They send him multiple emails a day, and so he added their domain to his denied senders list (McAfee SaaS).

But email kept coming from them.  So he asked me to look in to it.  I used message tracking feature to find the emails.  I discovered that the emails are coming to McAfee as from "a6cqgv6+vt1gx892vdybjaq==_1112375229771_e815ul7oeeo/mdsuunvx6g==@in.constantcontact.com".  I am assuming that this as a totally random address generated by ConstantContact.  For obvious reasons I cannot block their domain (in.constantcontact.com) because they send a lot of legitimate email.  At least I discovered why the denied sender list is not helping (there's no match!). 

McAfee appears to trust ConstantContact, so I have no way to straight up block someone who might be using ConstantContact. 

Or do I?

I am thinking maybe using SPF enforcement, but I think the check would be made against ConstantContact not their customer.

0 Kudos
1 Solution

Accepted Solutions
kwidhalm
Level 11

Re: Dealing with ConstantContact Service Users....

Jump to solution

Good afternoon,

In your example:

  1. User receives spam from "sales@annoyingbusiness.com".
  2. User logs in to their McAfee portal and adds sales@annoyingbusiness.com to their blocked senders list.
  3. User continues to receive emails from sales@annoyingbusiness.com and cannot figure out why.
  4. I discover that the emails are not blocked, because McAfee sees it as an email from garbage@constantcontact.com and therefore it does not match blocked senders list.

Adding the address sales@annoyingbusiness.com to your user level or policy level deny list should block the messages from being delivered.  If that is not happening, please contact your support team so the issue can be further investigated!

Karen Widhalm

System Support Specialist

SaaS Email and Web Security

McAfee. Part of Intel Security.

Edited to correct: deny lisy (was allow list)

0 Kudos
10 Replies
jlockie
Level 7

Re: Dealing with ConstantContact Service Users....

Jump to solution

Doing a little more research, I think that the email address ConstantContact uses contains a unique 13 digit account number that is specific to the domain they are sending emails for.  In my case it's 1112375229771.

I added *1112375229771*@in.constantcontact.com to the denied sender list.  That should work I think.....?

0 Kudos
kwidhalm
Level 11

Re: Dealing with ConstantContact Service Users....

Jump to solution

Hello jlockie,

If that 13 digit number is constant on all emails from this sender, your deny list entry should work.  However, as the unsubscribe requests are not being honored, I would like to encourage you to report these emails as spam.  You can open a request with your support team and provide message examples (full messages including all attachments and full internet headers) or you can send the examples directly to our Messaging Security team at SaaS_spam@mcafeesubmissions.com.

Best regards,

Karen Widhalm

System Support Specialist

SaaS Email and Web Security

McAfee. Part of Intel Security.

0 Kudos
jlockie
Level 7

Re: Dealing with ConstantContact Service Users....

Jump to solution

How is this acceptable?

The fact that we cannot block an organization from sending us email because they hide behind a service like constant contact is baffling to me.

We all know that organizations abuse the subscribe/unsubscribe model by using multiple "list" types and resubscribing you to "new" lists.  As soon as you unsubscribe from one, they magically create a new list and place you on it.  Once an organization has your email they often abuse it.  The easiest way to control this spam is to block senders on our end, rather than "asking" them to remove us.  This is the entire point of using a front end service like McAfee (besides virus protection).  So if I cannot block an organization's domain, flat out, then this service is questionable....

It's confusing to our staff that the "from" shows one thing, but in actuality it's from constant contact.  As I begin to ask staff, I am finding that many of them have tried to add senders to their deny list, only to find they keep getting email.  They are no longer trusting McAfee service, and complaining why we moved off our old one.

0 Kudos
frankm
Level 10

Re: Dealing with ConstantContact Service Users....

Jump to solution

It has nothing to do with McAfee or CC. If your requests for unsubscribe is not being honored, I would suggest contacting the sender directly and even CC. McAfee allows for domain blocking, not sure why you say the service is questionable and not a fair statement in my opinion.

If you look at the CC header, the From: will list the sender and that can be blocked, without blocking the whole domain. CC does use DKIM, however the FQDN in.constantcontact.com, does not have a published SPF.

0 Kudos
jlockie
Level 7

Re: Dealing with ConstantContact Service Users....

Jump to solution

I think it's quite a fair statement, and let me defend it from the way I see it with the information I have currently.....

  1. User receives spam from "sales@annoyingbusiness.com".
  2. User logs in to their McAfee portal and adds sales@annoyingbusiness.com to their blocked senders list.
  3. User continues to receive emails from sales@annoyingbusiness.com and cannot figure out why.
  4. I discover that the emails are not blocked, because McAfee sees it as an email from garbage@constantcontact.com and therefore it does not match blocked senders list.

Think about how this feels from the user's perspective (the people IT is supporting).

The way I see it McAfee is not doing its job in this scenerio.  If a user receives email in their inbox from address #1, they should be able to block address #1 and be done with it.  Instead, there's some sketchy business going on with constant contact hiding the true sender, or McAfee misunderstanding header information and failing to recognize the correct sender.  Either way, it's frustrating.

Using SPF is useless in this scenario as I have investigated the cause of this problem.

0 Kudos
kwidhalm
Level 11

Re: Dealing with ConstantContact Service Users....

Jump to solution

Good afternoon,

In your example:

  1. User receives spam from "sales@annoyingbusiness.com".
  2. User logs in to their McAfee portal and adds sales@annoyingbusiness.com to their blocked senders list.
  3. User continues to receive emails from sales@annoyingbusiness.com and cannot figure out why.
  4. I discover that the emails are not blocked, because McAfee sees it as an email from garbage@constantcontact.com and therefore it does not match blocked senders list.

Adding the address sales@annoyingbusiness.com to your user level or policy level deny list should block the messages from being delivered.  If that is not happening, please contact your support team so the issue can be further investigated!

Karen Widhalm

System Support Specialist

SaaS Email and Web Security

McAfee. Part of Intel Security.

Edited to correct: deny lisy (was allow list)

0 Kudos
jlockie
Level 7

Re: Dealing with ConstantContact Service Users....

Jump to solution

Karen Widhalm wrote:



Adding the address sales@annoyingbusiness.com to your user level or policy level deny list should block the messages from being delivered.  If that is not happening, please contact your support team so the issue can be further investigated!



I am going to have to do that then.  On the whole, I see this across the board regardless of user, and for other services besides Constant Contact.

Regarding the syntax tip, thanks.  I misunderstood the help file.  We did add the domain using the other 2 methods too.....cause this has always been fuzzy with me, and so we throw a wide net by adding multiple types of entries. =/

0 Kudos
jlockie
Level 7

Re: Dealing with ConstantContact Service Users....

Jump to solution

Here's a detailed example.....hopefully someone can explain to me why this happens, and address this.  Because as far as I am concerned in the below example, I should only need to add *@*.ipswitch.com to my denied sender list and be on my merry way.  Unfortunately, that's not the case.

I receive this spam message:

capture2.JPG

So I add the sender to my denied sender list (in this example, nm_education@ipswitch.com).  I choose not to "unsubscribe" because frankly I'd rather not let them know I'm receiving their stupid emails I never signed up for to begin with.

I still receive spam after adding them to blocked senders!!!!

I look at email header and search McAfee and find the following:


Return-path: <307-tto-181.0.5051.0.0.7384.7.1928281@em-sj-77.mktomail.com>


Received: from p01c12m063.mxlogic.net ([::ffff:208.65.145.247])


  by <removed> with ESMTP; Sat, 02 Aug 2014 04:04:04 -0700


Authentication-Results: p01c12m063.mxlogic.net; spf=pass


Received: from unknown [199.15.215.147] (EHLO elephantseal.mktdns.com)


  by p01c12m063.mxlogic.net(mxl_mta-8.0.0-3)


  with ESMTP id 4a5ccd35.0.1580337.00-2267.2283453.p01c12m063.mxlogic.net (envelope-from <307-tto-181.0.5051.0.0.7384.7.1928281@em-sj-77.mktomail.com>);


  Sat, 02 Aug 2014 05:04:04 -0600 (MDT)


Return-Path: <nm_education@ipswitch.com>


DKIM-Signature: v=1; a=rsa-sha256; d=ipswitch.com; s=m1; c=relaxed/relaxed;


  q=dns/txt; i=@ipswitch.com; t=1406977444;


  h=From:Subject:Date:To:MIME-Version:Content-Type;


  bh=OVqbcjhjeIQGcA4hJYZzWeA+973Dpbz56isLB9LGc94=;


  b=uLDkIzMvhUcaGFlm4SrvBzuHuyzvgCkqR/ogL/6OIfmAuQlmcT7guEiezoRT6VDZ


  +0F69bTysQaTddFn/cGO7aCdELp+i5oH2tlOJhOzgAxFHTG2S/S8uolos4qo9ewd


  7bCwmblK45Z5vro8K+DrpLgPMv2lY/DUMUFo+yGbwQk=;


X-MSFBL: amxvY2tpZUBjZWZjdS5vcmdAZHZwLTE5OS0xNS0yMTUtMTQ3QGJnLXNqZC01MkAz


  MDctVFRPLTE4MTozMjkyNjo1MDUxOjE2MDQ0OjA6NzM4NDo3OjE5MjgyODE=


Received: from [10.0.12.42] ([10.0.12.42:44113] helo=sjmas01.marketo.org)


  by sjmta04.marketo.org (envelope-from <nm_education@ipswitch.com>)


  (ecelerity 3.5.0.35861 r(Momo-dev:tip)) with ESMTP


  id E6/B8-26004-3A5CCD35; Sat, 02 Aug 2014 06:04:03 -0500


Date: Sat, 2 Aug 2014 06:04:03 -0500 (CDT)


From: Ipswitch WhatsUp Gold <nm_education@ipswitch.com>


Reply-To: nm_education@ipswitch.com


.


Capture.JPG

So what's up with this? 

While I added *@*.mktomail.com to my denied sender list, I cannot do it for the entire organization or expect our Sr. Executive team to accept that. 

0 Kudos
kwidhalm
Level 11

Re: Dealing with ConstantContact Service Users....

Jump to solution

Regarding your detailed example.  When adding *@*.ipswitch.com to the deny list:  this entry is looking specifically for information after the '@' but before '.ipswitch.com' and therefore will only block email coming from an address that is from subdomain of ipswitch.com, for example, usera@email.ipswitch.com would be blocked, but userb@ipswitch.com would not.

Adding the entry in any of the following formats would block the message example provided:

1. *@ipswitch.com

2. ipswitch.com

3. nm_education@ipswitch.com

I hope this information helps!

Karen Widhalm

System Support Specialist

SaaS Email and Web Security

McAfee. Part of Intel Security.

0 Kudos