Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by jmclusky

  1. Would be nice to have the option to remove all held mail (similar to the option to remove all unreported spam) - can build up quite a bit when away for a few days. Would be happy to have the option either on the reporting system or in webmail.
  2. Unfortunately, whitelisting won't really help here - I only get one such mail on behalf of each customer (further contact is direct, rather than via PayPal's payment systems). As I see, this was an unfortunate combination of the following: Customer's email address ending with numbers (useful when avoiding dictionary attacks, though!) The words 'Money Back Guarantee' in the mail. Perfectly legitimate in context, though! PayPal's (quite justified) 'PROTECT YOUR PASSWORD' line Not quite sure how the mail could have looked like a Nigerian Scam, but I don't know quite how the rule is defined. I always take great care with my held mail - anything that looks remotely non-spammy I'll preview to make sure. But I'm still surprised that this mail would get a SA score of 8. I'll perhaps swing by the SA forums and see what they think. Perhaps SA could do with a 'GENUINE_PAYPAL' test with a negative score ;-)
  3. Hi, I was rather surprised today to find an email from PayPal blocked by SA (score was 8). The specific tests triggered were: FROM_ENDS_IN_NUMS,LINES_OF_YELLING,MAILTO_TO_SPAM_ADDR,MONEY_BACK,NIGERIAN_BODY1,NO_REAL_NAME I've put a mildly munged (to protect my customer's identity!) version of the email up here (4kb). The FROM_ENDS_IN_NUMS and MAILTO_TO_SPAM_ADDR tests are unfortunate because the customer's email address was in the form name2000[at]example.com. Such mails will never have a display name as well as the email address. Is there anything that can be done to tune SA rules to avoid this happening again? Thanks, John.
  4. Whoops, that was my fault - mclusky.co.uk is my domain and I must have been the first to set up Fasthosts' servers in my config. Looks like someone's renamed it 'livemail' now, which is appropriate as FH's mail servers are at livemail.co.uk.
  5. Hi, Spamcop isn't just a list of open relays - the SC list includes any IP addresses that have sent spam. Your server may not be an open relay, but one of your users may have sent spam regardless. Without the IP address that is listed, it's impossible to tell what's happening, sorry.
  6. Hi, If you send mail that could potentially hit a spamtrap address (e.g. mailing lists that do not use confirmed-opt in), this could be the cause. In this case, your only course of action is to sort out your lists. Spamtraps are email addresses that are never used to sign up to anything - they may be seeded on web pages or seeded in other ways - I don't know for sure. They would never have sent 'real' email, though. It is possible that the machine compromised with MyDoom could have been the cause of the problem - if this is the case (and the machine is now secured), you will drop from the list in a maximum of 48 hours from when you were listed. If you cannot wait, drop a line to deputies at admin.spamcop.net with the IP address - they will be able to check to see if the mail was indeed a MyDoom mail. Hope this helps!
  • Create New...