Exchange 2010

Managing Inbound Email – Strategies to focus on the important stuff

Do you find that you’re missing emails or you don’t see them until much later? I often get questions on ways to better manage emails to focus on critical ones. You probably get hundreds or maybe even thousands of emails a day, intermingled with solicitations, spam and legitimate emails you need to act on. Many email clients have the capability of creating rules and effectively creating rules will allow you to be notified of the important ones while reviewing the non-important later.

The primary goal of your rules is to allow all the critical/important emails to go into your Inbox while the non-important emails go to sub-folders to review later, whether it be once a day, once a week or never. By doing this, email on your phone or tablet will also show, at a glance, those important emails.

Don’t create a folders for departments or people.

Often times I see 50 different folders with co-workers names or various departments with the thought that they can easily find emails all from a person or from a department. When using this approach, you need to constantly check each email folder for a new email, even with the unread badge count next to the folder. You will quickly learn you’re not responding to or managing emails effectively. Leverage the built in search or column sort feature of your email client to get all the emails together to easily find the one you’re looking for.

Don’t use the setting “Mark As Read” or other client side rules.

You may be tempted to use the Mark As Read option in the rule set but this is a client side rule, meaning the rule will only run when the email client (Outlook) is open. If your computer is off or your email client is closed, the rule will not process until you open the email client. If you don’t receive email on a phone or tablet, this likely won’t have a big impact on you.

Do create folders for “notification” emails.

Email clients are extremely flexible to allow a very specific set of criteria for Sender, Recipient, Subject, Message and Message Header (the message header is information about the email such as where it came from, who it was for, what mail server it went through, etc).

You can create a rule to say any email from [email protected] to go to a folder. Let’s say you receive important emails from this email address but also a lot of notice emails. Do the notices all have a certain keyword in the subject or message body? Pretend the subject line has the word “Alert” in it. You can add a second criteria to your rule to say emails from [email protected] and subject contains “Alert”. This means that the email must come from that email address and anywhere in the subject line have the word “Alert”.

To take this one step further, let’s imagine that you want emails from [email protected] with the word “Warning” in the subject line to stay in your inbox and not hit this rule, and the subject line has the word “Alert” in it as well. By using the exception portion of a rule, you can create the rule to say

From Sender: [email protected]
AND
Subject Contains: Alert
EXCEPT
Subject Contains: Warning

Create a rule to look for the word “unsubscribe” in the email body and redirect it to a folder.

Most marketing and solicitation emails have to contain a method for the user to be able to easily remove themselves from a mailing list. This is the CAN-SPAM law enforced Federal Trade Commission (FTC).

Keep in mind that if a co-worker receives an email that contains the word “unsubscribe” and forward it to you to review, this rule will also catch it. You may want to also add an Exception to this rule to look for message headers that contain your email domain name.

Continually monitor the folders that your rules are putting emails into to be sure they are setup correctly. Adjust them as necessary by adding additional clarifying criteria or exceptions.

Managing Inbound Email – Strategies to focus on the important stuff Read More »

Email Phishing Mitigation Technique

Phishing and credential leaks have always been difficuilt to block with technology that’s currently available. Relying on email spam filters might reduce the volume to a point but are likely noticing some still come through. While all of the mitigation techniques you have will offer protection, user education and simulated phishing emails are extremely important too.

One mitigation technique is to create a rule and route emails for approval coming from the outside your domain that contain attachments with the following file extensions .html, .htm, .aspx, .asp, .shtml, .zip and .one. As you monitor the emails to approve you can add exceptions to your rule. Some secure email systems, like Cisco, send a html attachment for to view the secure email.

Phishers are getting creative and they often embed your domain name in the link of the URL so when the unsuspecting employee clicks on it, it will show your domain name on the web site. This way they can send a mass phishing campaign and don’t need to change their code. You can create a rule and route emails for approval from outside your domain that contain your domain name within the href tag of the link. Add the rule that matches the pattern in the message subject or body to be: <a [^>]*\bhref\s*=\s*”[^”]*YOURDOMAINNAME.*?<\/a>

Have other suggestions, leave a comment!

Email Phishing Mitigation Technique Read More »

Apple Account Auto Verify

 

A tool I wrote in C# that automatically verifies apple accounts. Below is a link to the source code (Visual Studio 2010), however if you meet the following criteria, you can use it without modifying the code.

  1. Windows computer running .Net 4.0
  2. Running Exchange 2010
  3. Know the username and password to the mailbox that the verification email from apple is in, or you know the username and password to an elevated account that has permission to view the mailbox that the verification email from apple is in.

https://www.brandonclaps.com/downloads/AppleAccountVerify.zip – Includes source code too

If you meet the above criteria, unzip and browse to AppleAccountVerify > bin > Release > and run AppleAccountVerify.exe

 

Code:

   1: private void button_Verify_Click(object sender, EventArgs e)

   2:        {

   3:            string Log = string.Empty;

   4:            using (StreamReader sr = new StreamReader(textBox_CSVFile.Text))

   5:            {

   6:                string line;

   7:                while ((line = sr.ReadLine()) != null)

   8:                {

   9:                    string[] data = line.Split(',');

  10:  

  11:                    string ExchAuthUsername = data[0];

  12:                    string ExchAuthPassword = data[1];

  13:                    string ExchAuthDomain = data[2];

  14:                    string Exch_User_Email = data[3];

  15:                    string AppleUsername = data[4];

  16:                    string ApplePassword = data[5];

  17:  

  18:                    string Verify = GetAppleVerifyURL(ExchAuthUsername, ExchAuthPassword, ExchAuthDomain, Exch_User_Email);

  19:  

  20:                    if (Verify != string.Empty)

  21:                    {

  22:                        WebBrowser web = new WebBrowser();

  23:                        web.ScriptErrorsSuppressed = true;

  24:                        web.Navigate(new Uri(Verify));

  25:  

  26:                        while (web.ReadyState != WebBrowserReadyState.Complete)

  27:                        {

  28:                            Application.DoEvents();

  29:                        }

  30:                        try

  31:                        {

  32:                            HtmlElement el = web.Document.All["appleID"];

  33:  

  34:                            el.SetAttribute("value", AppleUsername);

  35:                            el.SetAttribute("text", AppleUsername);

  36:  

  37:                            HtmlElement el2 = web.Document.All["accountpassword"];

  38:  

  39:                            el2.SetAttribute("value", ApplePassword);

  40:                            el2.SetAttribute("text", ApplePassword);

  41:  

  42:                            foreach (HtmlElement el3 in web.Document.All)

  43:                            {

  44:                                if (el3.GetAttribute("className") == "btn bigblue")

  45:                                {

  46:                                    if (el3.InnerText.ToLower() == "verify address")

  47:                                    {

  48:                                        el3.InvokeMember("click");

  49:                                    }

  50:                                }

  51:                            }

  52:                            Log = Log + Environment.NewLine + AppleUsername + " - Verified successfully.";

  53:                        }

  54:                        catch (Exception Ex)

  55:                        {

  56:                            Log = Log + Environment.NewLine + AppleUsername + " - " + Ex.Message.ToString();

  57:                        }

  58:  

  59:                        Log = Log + Environment.NewLine + AppleUsername + " - Finished reading line";

  60:                    }

  61:                }

  62:            }

  63:            Log = Log + Environment.NewLine + " - Complete";

  64:            textBox_Log.Text = Log;

  65:        

  66:        }

Updated 12/29/14 – Updated code below (source code includes update)

   1: private static string GetAppleVerifyURL(string ExchangeAuthUsername, string ExchangeAuthPassword, string ExchangeAuthDomain, string EmailAddressToLookIn)

   2:        {

   3:            string URL = string.Empty;

   4:            try

   5:            {

   6:                ExchangeService ExchService = new ExchangeService(ExchangeVersion.Exchange2010_SP2);

   7:                ExchService.Credentials = new WebCredentials(ExchangeAuthUsername, ExchangeAuthPassword, ExchangeAuthDomain);

   8:                ExchService.AutodiscoverUrl(EmailAddressToLookIn);

   9:  

  10:                FolderId InboxID = new FolderId(WellKnownFolderName.Inbox, EmailAddressToLookIn);

  11:                ItemView view = new ItemView(50, 0, OffsetBasePoint.Beginning);

  12:                view.OrderBy.Add(ItemSchema.DateTimeReceived, SortDirection.Descending);

  13:                view.PropertySet = new PropertySet(BasePropertySet.IdOnly, ItemSchema.DateTimeReceived, ItemSchema.Subject);

  14:                FindItemsResults<Item> findResults = ExchService.FindItems(InboxID, view);

  15:  

  16:                if (findResults != null && findResults.Items != null && findResults.Items.Count > 0)

  17:                    foreach (Item item in findResults.Items)

  18:                    {

  19:                        EmailMessage message = EmailMessage.Bind(ExchService, item.Id, new PropertySet(BasePropertySet.IdOnly, EmailMessageSchema.IsRead, ItemSchema.Body, ItemSchema.Subject, ItemSchema.Categories));

  20:  

  21:                        if (message.Subject.ToLower().Contains("verify your apple"))

  22:                        {

  23:                            string body = message.Body.Text;

  24:                            string[] AfterVerifyText = Regex.Split(body, "To verify this email address belongs to you");

  25:                            string[] BeginningOfURL = Regex.Split(AfterVerifyText[1], "<a href=\"");

  26:                            int Location_EndOfUrl = BeginningOfURL[1].IndexOf('"');

  27:                            URL = BeginningOfURL[1].Substring(0, Location_EndOfUrl);

  28:                            message.IsRead = true;

  29:                            message.Update(ConflictResolutionMode.AutoResolve);

  30:                        }

  31:                    }

  32:            }

  33:            catch (Exception)

  34:            {

  35:                return URL;

  36:            }

  37:  

  38:            return URL; 

  39:        }

Apple Account Auto Verify Read More »

OABGen will skip user entry…SMTP address is invalid

 

Receiving an error message on your mailbox server…

Source:      MSExchangeSA
Event ID:    9325, 9320, 9327
Message:   OABGen will skip user entry ‘Display Name’ in address list ‘\Address List’ because SMPT address ‘’ is invalid.

This was happening on my server, however the names that were shown didn’t have mailboxes. This is how I fixed it.

  1. If using Windows 2008 Directory Services open Active Directory Users and Computers if not open ADSI (adsiedit.msc) and browse to the user in the error message.
  2. Browse the user’s attributes and go to ‘showInAddressBook’ attribute. This should be blank if the user does not have a mailbox. If it isn’t, remove any entry listed in here and click OK.

Update: I found out why this is even happening in the first place. Consider this scenario; You need to create a new user account that won’t be mail enabled. You copy an existing user that is mail enabled to create the new user account. The showInAddressBook attributes are copied from the existing mail enabled user over to the new non-mail enabled user, causing this issue.

Solution: Create a template user that is not mail enabled to create new users from.

OABGen will skip user entry…SMTP address is invalid Read More »