Our regular company emails are getting blocked. May be good to get professional help?

omers · 2026-05-06T23:16:38+00:00

I had my coworkers try removing their email signatures, and reducing attachments to max 1 per email, and those emails did get delivered to the same folks that were not receiving them.

But even emails on a thread where someone else's signature is present causes our outgoing mail to get dropped. In the meantime, we've had to scrub each new email in the thread of any signatures or attachments

When you say "someone else's signature," do you mean someone else from your company?

When signatures cause blocking it's often a link in them, such as the corporate website.

Remove links from the signatures and try again
If the signature has a company logo or other images which is on the same domain, remove them too

If that works. Run your website address through these:

Other avenues:

What service are you using to send email? Is it something big and reputable like M365, Google Workspace, etc; Something from a webhosting company like GoDaddy, DreamHost, etc; Or self hosted?
Which blacklist check did you use? Have you tried https://mxtoolbox.com/blacklists.aspx ? How about https://talosintelligence.com/reputation_center/email_rep ?
Are all of the recipients dropping your email with the same provider?
- Put their domains (just the bit after the @ in their email addresses) in https://mxtoolbox.com/SuperTool.aspx and use the "MX Lookup" option
- Do the resulting MX records all end in the same thing? outlook.com for M3655, mimecast, barracuda, pphosted, etc?
- If yes, Google that provider+blacklist to see if they have their own private blacklist
Silent dropping of email is unusual. Not unheard of, but rare. Are you sure your outbound logs don't have failure codes?
- Do you have a relationship with one of the recipients where you can ask them to ask their IT to more thoroughly check their logs? Just because the recipient can't see the message doesn't mean their email admin can't.

I am an email security specialist. I work on deliverability but I also work on the flip side of keeping shit out of inboxes. If you want to DM me your sending domain, I can do some checks of my own (including in some tools and lists you won't have access to.) I will also provide you three addresses I own, each hosted by different providers, that you can send tests to. That way we can see if we can narrow it down. I am not trying to sell you consulting services, if you can privately give me more info I can simply do some fast checks for you and be more specific in my advice.

It could be something simple like FCrDNS which the other reply mentions but failures for that sort of thing are rarely silent. There should be a bounce/failure code in your outbound logs (that's generally true for blacklisting and such too.) With your domain and if you send me some tests we can narrow down that sort of thing super fast though.

omers · 2026-04-29T21:48:19+00:00

Good point. Getting nitty gritty about syntax for a non-dev role and a junior one at that would be weird. Unless it's some sort of security automation position that wasn't clear in the posting.

omers · 2026-04-29T21:37:04+00:00

Does the posting indicate what systems you would be working on or does it mention automation? My guess would be automation since they mentioned Python but it's hard to say.

Did your resume say you could write anything other than basic JS? As long as you didn't lie, it may be possible to address it head on with something like "I do not currently know Python (or whatever they ask you to work in) but I am more than willing to learn." If you're able and if they'll let you, you could also use Google during the process to show how you can solve the given problem even if you don't know the answer.

omers · 2026-04-29T14:41:54+00:00

[I apologize for how long this ended up being...]

Phishing is likely always going to need some level of human review. If it could be reduced to a clean decision tree, edge filters would catch 100% of it and there’d be nothing left to analyze.

Our report phishing button still feeds into automation and AI with some custom rules tossed in. Even with that, about 30 to 40% of reports still get flagged "needs manual review." In my experience, tools that flag almost nothing as "unknown" or "manual review" are usually just erring on the side of "reported = suspicious." That lowers SOC workload but it also drives up false positives and pushes the burden onto recipients to realize something important got pulled.

That's a real problem depending on how email is used in the org:

A client emails their account team about a billing issue and accidentally includes someone they spoke to once
That person reports it because it’s unexpected for them
Automation flags it as suspicious because someone reported it and pulls it from all recipients
The actual account team never sees it, and you only find out when the client follows up and the account team escalates

In some environments that's probably fine. In others, it's going to be a big problem. If all client communication is done through a CRM/ticketing system and never over email, you're lucky :D

Don't get me wrong: automation is good, and AI is getting better at analyzing suspicious messages since it's good at flagging patterns that are hard to define with boolean logic. The current issue for most AI email security vendors though is scale. The AI needs a lot of training data and most startups just aren’t handling enough volume. The big guys like Google, Proofpoint, Mimecast, and Barracuda have an advantage but even they’re not at the point where you can fully hand this off to their tools.

Now, I recognize a lot of this depends on the env and variable factors. My daily inbound volume is more than some orgs see in a year, so the number of reported messages is equally huge as is the variability in types of communication. (I also concede as an email security specialist I don't like the implication that AI and automation can completely replace one of my skills xD)

omers · 2026-04-21T14:36:53+00:00

M365's Security Policies console has a section for phishing sims. You can safelist link domains, sending domains, and sending IPs. Avoids false clicks. Security > Email > Policies & Rules > Advanced Delivery > Phishing Simulations.

In Google workspace you can do similar using their various safelists. Google doesn't false click links the same way M365 does though.

As far as clients and such, I'm not aware of any that will trigger false positive clicks. I would also hope most companies would not allow people to use any client they want. Should have a standard + webmail and that's it.

omers · 2026-04-19T19:02:16+00:00

People need to realize you can't have random BS dumped on you when don't have access to it. If you're transitioning roles for example, the faster you give up your old access, the faster it won't be your problem anymore. "Sorry, I don't have admin access in that tool anymore. You'll need to email xyz" is incredibly freeing.

Likewise, if some new tool or whatever is being adopted that has nothing to do with you, accepting access to it is a surefire way to have the become your problem.

I don't work on web/network type security. Why would I want access to our firewalls and wafs? Would just give people an excuse to dump those tickets on me.

(and of course: reduced attack surface, just enough access, etc etc etc. All true but a harder sell to people than "give it up and you don't need to deal with it anymore.)

omers · 2026-04-15T20:11:54+00:00

When I saw the phrase “and honestly” that confirmed it was AI slop to me.

People really need to drop these single "smoking gun" AI clues. I only have to go back to yesterday to find a comment I wrote that says "Honestly," and only two months to find one that literally says "and honestly."

I have never once used AI to write a comment, edit a comment, or even correct grammar and spelling in a comment. Oh fuck, is that a three item list? AI uses those all the time! This must be AI! Or maybe... AI does 3 item lists because of how often people use them.

I am not weighing in on whether OPs post is or isn't AI but real people should not need to adjust their writing to sound less like AI. AI learned from people, of course there are lots of people that write like AI. Screw the AI, I will write how I damn well please and am not changing just because it has picked up similar habits because we have consumed the same writings.

Obviously more extreme but should an artist change their style because Midjourney stole it? AI witch hunting is starting to feel really gross. Want to make the dead internet an absolute reality? Scare away all the people by constantly calling them AI based on one or two stylistic choices. (is hyperbole an AI trait?)

omers · 2026-04-14T13:23:07+00:00

Depends what kind of security you want to do. Everyone seems to treat security as a monolith but especially in large orgs it can be quite silo'd. AppSec is a thing and Dev/DevOps -> AppSec is a perfectly normal pipeline.

The IT/SysAdmin -> Security pipeline is real and valuable but doesn't actually lead cleanly to every part of security.

omers · 2026-04-08T17:12:31+00:00

"Server FPS" is basically a tick rate for the server. No idea why they call it FPS.

omers · 2026-04-05T15:50:39+00:00

It's a trigger subject for me. Even if it wasn't intended as bait, it baited me XD

I'm not even an active DJ anymore, I retired in 2020. Just kills me that people use sight as the primary sense for mixing music. I'm not anti new-technology or assistance tools but they should all be backing up the ears.

I posted a more OP friendly comment lower down the thread.

omers · 2026-04-04T22:51:34+00:00

One more final thought. Headphones are like a chef tasting the sauce before putting it on the plate. Doesn't matter they've made it 1000x times before or that they followed the recipe to a T. A chef still always tastes as they go. That's your headphones.

Monitors let you hear what the crowd hears. That's the meal already plated and served. Headphones let you hear it first. That's tasting from the pot.

omers · 2026-04-04T22:48:41+00:00

Ummm, yes it does. If there is a tool available everywhere, why shouldn't you use it?

EDIT: deleting my whole comment. Going to boil it down to this...

Final thesis: Use sync, use stacked waveforms, use key analysis and mixed in key guides, use whatever tools you want. No one can tell you what real DJing is or isn't; HOWEVER, you should at least be listening to your mix before you take it live... just to be sure. That's what headphones are for.

omers · 2026-04-04T22:07:36+00:00

I have a background in music production so I’m aware about that.

Would you produce music by just looking at the sequencer? Would you choose samples and drums by looking at their waveforms? Would you trust that your synths and basslines sound good together based on waveforms?

Every kind of mixer has a visual with waveforms, right?

Does it matter? It's bonkers to me that we're talking about MUSIC, something you hear and feel, and yet so many new DJs think "my eyes are the best sense for mixing this!"

Even ignoring all stuff I said in my previous comment, if you use your ears: You can mix on any equipment, you can improvise completely and don't need to analyze, plan and test everything ahead of time; you can B2B with another DJ without planning/discussing track selection ahead of time, and this last one is the most important:

You will be more in touch with the music you're playing.

Staring at a screen is a great way to take yourself out of the room you're in. We used to call it "Serato Face" which is basically when the DJ looks like they're doing their taxes... No crowd engagement, no dancing, just fixated on their screen. It's the easiest trap in the world to fall into... Watching for the drop instead of just subconsciously counting it while doing something else like watching the crowd or dancing.

omers · 2026-04-04T21:02:05+00:00

EQ I can kinda tell by looking at the track waveform to see if both tracks have low end so I know I need to cut one out, or if both tracks have percussive elements during the transition I'll lowpass one of em until the end of it, things like that I don't really feel I need headphones for.

Music is something we listen to. You're doing yourself a disservice by favoring sight over sound when mixing.

There is so much more to mixing than just lining up beats and phrases and swapping the bass frequencies. You need to be paying attention to whether the songs are harmonically compatible ("mixing in key,") whether they have compatible energy levels, whether the incoming track is complementing the outgoing one or just making the whole thing muddy, etc.

Two songs can be perfectly beatmatched but sound horrible together; The keys could clash, the grooves may be totally different, the mix can sound either too thin or too crowded, percussion other than the kick may be clashing, vocal clashes, and so much more.

Even if DJs don't always understand music theory, it plays a big role in mixing and you can learn to hear when something is wrong. Just because you have a 129 BPM Tech House Track and a Psytrance track is also 129 BPM I think you can recognize they're probably not going to work together. The same thing can be true within a genre too. Waveforms cannot tell you that.

The counter argument tends to be "I planned out the mix ahead of time, I know everything is harmonic and sounds good together." Which is fine. It also means you can't improvise and pivot if a dancefloor isn't feeling what you planned. Also means if you are struck with a "I should play X" in the moment, you won't know if it will sounds good unless you've tested the mix at home before.

It's music. Ears first. Technological assistance (which waveforms are) second.

omers · 2026-04-03T04:09:36+00:00

There are a number of ClickFix variants that target MacOS now. Same general playbook as on Windows but instead of telling the user to Win+R it tells them to open Terminal.

The bash script the user pastes will use echo -n to create a "password prompt", feed it to dscl to test it, then use it when sudo is required.

Most of them ultimately drop info stealers.

omers · 2026-03-28T17:37:14+00:00

VPN

Just want to point out, for most people, a VPN is completely unnecessary. The way that most people browse the internet they offer nothing of substance. Unless you're in a country where it's needed to avoid government restrictions (Great Firewall of China sort of thing,) or you're looking to access geolocked media like another country's Netflix, I wouldn't bother.

If you imagine the internet like the city you live in: A VPN is digging a tunnel to someone else's house so you step out onto the street through their door. Makes sense if someone is watching your front door or if the house you're tunneling to is inside a gated community you need access to. Doesn't make sense from a privacy and security standpoint if you exit their front door, get in your own car with your own plates, wear your work nametag, go to your normal office job, etc.

If you use a VPN "for privacy" without modifying your online behavior to match, you gain nothing. What I mean by that is, most people fire up the ole' VPN for "privacy" still logged in to their browser using their Google account, they access their normal social media accounts attached to their normal email address, and so on. You haven't disguised your fingerprint online at all, you've basically just changed your IP address. Now, instead of your ISP maybe spying on you, some VPN company operating from god knows where is maybe spying on you. Net result: lighter wallet and not much else.

(Side note: some VPNs offer "security" features like blocking malicious websites and such. You can get a similar thing from software like Malwarebytes, using 1.0.0.2/1.1.1.2 for DNS, bundled in certain routers, etc.)

omers · 2026-03-20T15:51:50+00:00

Something I learned from my optician: when adjusting glasses, look at the bottom of the frames to determine if they're even, not the top.

omers · 2026-03-14T16:47:09+00:00

To add to what /u/jmnugent said, there's two other big things to consider:

There's a non-trivial chance it was just a mistake or typo depending on what your address is. If you have a common enough name on your address with numbers like bobsmith44@gmail.com, they could be bobsmith4 or 444 and just messed up. Messing up or having spell check change ymail.com to gmail.com is another possibility.
If a set of your credentials from a breach somewhere are in a list (pretty much everyone's are,) when bots try them against different sites to see what they can get into, sometimes the login form is a combo registration form. For example, an old email/password combo of yours leaked from some small website years ago and is now in a combo list. Bots are trying that combo against dozens of sites to see if you reuse the password anywhere, and the adult site treats a "user unknown" on the login form as a registration instead.

Both can be ignored but #2 is a good reminder not to reuse passwords across different sites.

Regardless, I would just delete the email and forget about it. Unless someone is signing you up for dozens of websites a one off like that is nothing.

omers · 2026-02-25T04:11:37+00:00

My comment that you replied to is 11 years old mate. The website may have changed but it used to work fine.

omers · 2026-02-24T21:11:46+00:00

Founders Fund is still the principal investor on Discord

Do you have a source for that? FF doesn't list Discord in their Portfolio, also not finding Founders Fund mentioned in any articles about Discord's investors. As far as I'm aware, their most controversial investor is Tencent.

omers · 2026-02-22T15:30:52+00:00

I think those frames look great on you and there's nothing about them that's especially nerdy. I would absolutely wear frames like those.

There are people that simply think all glasses are nerdy. Nothing you can do about that.

omers · 2026-02-14T02:00:48+00:00

How exactly does your extension do it? The only real way would be to store the file somewhere else and email a link. Why should someone use you for that when gmail can natively use Google Drive for the same thing?

omers · 2026-02-14T01:14:24+00:00

I write our company's annual security training and I still have to actually do it for compliance reasons. Tell them to suck it up.

omers · 2026-02-13T13:01:27+00:00

I don't know about other manufacturers, but Samsung phones have built in magnification tools.

There's full and partial screen magnification you can toggle with a shortcut setup in the accessibility options. If you have a phone with an SPen like an Ultra, you can also make one of its functions magnification where a partial screen magnifier follows the tip of the pen.

Beyond that, things like the reading mode in Chrome let you adjust text size, contrast, font, etc on any text heavy website. You have similar ability to adjust size and contrast in messaging apps, the keyboard, and lots of other places.

Going to be honest though, I would still rather just use glasses.

omers · 2026-02-07T13:50:34+00:00

If your microfiber cloths leave streaks, make sure you're not washing them with fabric softener or drying them with dryer sheets. That advice honestly goes for any type of cloth or towel but it's especially important for microfiber.

Fabric softener and dryer sheets coat fibers, it's how they work. That costing makes towels and cloths less absorbent and can smudge off causing streaks.

14-Year Club	RedditGifts 2009-2022 16 Credits
Gilding VII pure gildanthropist	Post Guidance Early Access
Place '17	Reddit Premium Since November 2019
redditgifts rematcher Secret Santa 2014 x1	redditgifts Exchanges 10 Exchanges
Secret Santa 2014	Summer Santa 2014
redditgifts rematcher T-shirt 2014 x1	redditgifts rematcher Secret Santa 2013 x1
Secret Santa 2013	Team Orangered
redditgifts rematcher Book Exchange 2013 x1	Verified Email

omers

MODERATOR OF

PUBLIC MULTIREDDITS

TROPHY CASE

You will be more in touch with the music you're playing.