Let’s start with the most obvious question – why should I try to simulate spam mail?
And the answer is – to test our existing mail security infrastructure.
In a modern mail environment, the need for implementing some “security mechanism” which will protect our mail infrastructure from spam mail and other threats, consider as a mandatory need.
Given that we implement a mail security gateway; the big question could be – how do I know if our mail security gateway is functioning and how he “react” to the event of spam mail?
For example, a scenario in which we define a particular rule in which, when our mail security gateway recognizes spam mail, a notification will be sent to a designated recipient and so on.
The good news is that the option of creating an email message that will be identified as – “spam mail” is existing, and the implementation of simulating a scenario of “spam mail,” is quite simple.
All we need to do is to create an E-mail message that includes a predefined text string and sends this E-mail message to the destination recipient which is “protected” by our mail security gateway.
This nice trick is implemented via a special procedure that was defended by Apache SpamAssassin organization.
[Source of information – GTUBE]
his is the GTUBE — the Generic Test for Unsolicited Bulk Email.
If your spam filter supports it, the GTUBE provides a test by which you can verify that the filter is installed correctly and is detecting incoming spam, in a similar fashion to the EICAR anti-virus test file.
Spam filter developers should add a rule, where possible, to recognize the following 68-byte string in the message body, and trigger on it:
Note that this should be reproduced in one line, without whitespace or line breaks. A suitable mail message in RFC-822 format can be downloaded here.
This string and mail can be reproduced freely, without attribution; they are hereby placed in the public domain.
Simulate spam mail
In the following section, we will simulate a scenario in which recipient A send spam E-mail message to recipient B
simulate spam mail | Scenario description
In our scenario, Justin will send “spam mail” (Justin@thankyouforsharing.org ) to a recipient in another organization named – Bob (firstname.lastname@example.org).
Bob is a user whom his mailbox is hosted in Office 365 (Exchange Online server).
Sending the spam mail
In the mail body, we will add the following text string:
And send the E-mail message.
Receiving the spam mail
In the following screenshot, we can see the E-mail message that was sent to Bob.
As we can see, the E-mail message was sent to the Junk mail folder.
The reason for that is because, in an Office 365 based environment, the component that serves as a mail security gateway is – the EOP (Exchange Online Protection) server.
Each E-mail message that is sent to Office 365 recipient is examined and checked by the EOP server.
EOP recognizes the text string in the E-mail message, and classifies the E-mail message as “spam mail,” by setting the value of the SCL (spam confidence level) to “9.”
When the E-mail message reaches the recipient mailbox, because the high value of the SCL, the mail will be sent to the junk mail folder.
Viewing and analyzing the content of the E-mail message by using E-mail header
In this section, I would like to demonstrate the “behind the scenes” of the spam E-mail message, so we will be able to understand better that way that the Office 365 EOP server use for “stamping” specific E-mail message as “spam mail.”
In Exchange based environment, the method for classifying E-mail message as “spam mail” is, by define a particular value in the SCL parameter.
In our specific scenario, Exchange Online will set the SCL value to “9”.
Viewing the information of the mail header.
To be able to see the information that is included in the E-mail message, we will be using the OWA mail client. We will “fetch” the content of the mail header of the spam mail that was sent to Bob.
Open the specific E-mail message and select the small arrow that appears in the right part of the E-mail message (close the Reply all option).
- Select the menu – View message details.
In the following screenshot, we can see the content if the specific E-mail mail header.
- Select the content of the mail header (CTRL + A)
- Copy the content by using right mouse click and the menu – Copy (or CTRL + A)
Using the Microsoft Remote Connectivity Analyzer | Message analyzer
In the following section, we will demonstrate how to use a very useful web-based tool named – Microsoft Remote Connectivity Analyzer for analyzing the mail header content.
Technically speaking, there are a couple of free web-based tool that we can use for the purpose of analyzing a mail header. The Microsoft Remote Connectivity Analyzer tool is just my personal preference.
- Select the Message Analyzer tab
- Right click on the “white space” and choose – Paste.
- Select the button – Analyze headers
In the following screenshot, we can see the various mail fields that included in the mail header.
The specific mail field that we look for named- X-Forefront-Antispam-Report-Untrusted
In this field, we can see that the SCL value of the E-mail message is “9” meaning the E-mail message was steamed as spam mail by the EOP server.
We really want to know what you think about the article