Jump to content

spam in my Inbox isn't addressed to me


amenex

Recommended Posts

Here are the headers:

> Return-Path: <rampartsm9[at]oaline.com>

> Delivered-To: spamcop-net-[munged][at]spamcop.net

> Received: (qmail 7207 invoked from network); 3 Feb 2009 11:59:12 -0000

> X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on blade4

> X-spam-Level: ****

> X-spam-Status: hits=4.5 tests=MIME_QP_LONG_LINE,RDNS_NONE,TW_WT,URIBL_SBL

version=3.2.4

> Received: from unknown (192.168.1.107)

> by blade4.cesmail.net with QMQP; 3 Feb 2009 11:59:12 -0000

> Received: from unknown (HELO PHRRDKTQ) (210.3.53.30)

> by mx70.cesmail.net with SMTP; 3 Feb 2009 11:59:10 -0000

> Received: by VKQCR.nmroqoauvrd.com (Postfix, from userid 80)

> id KK42SRAP3M; Tue, 3 Feb 2009 19:59:09 +0800

> To: shinybluegrasshopper[at]spamcop.net

> Subject: Give your couple some heat wtvoxu boeih

> Reply-to: rampartsm9[at]oaline.com

> From: "Noe Grimes" <31tcmcfq2723[at]oaline.com>

> Message-ID: <527032188.70702468046195[at]rampartsm9>

> MIME-Version: 1.0

> Content-type: text/plain; charset=windows-1251

> Date: Tue, 3 Feb 2009 19:59:09 +0800

> X-Priority: 3

> X-MSMail-Priority: Normal

> X-Mailer: PHP

> X-MimeOLE: Produced By phpBB2

> Content-Transfer-Encoding: quoted-printable

> X-SpamCop-Checked: 210.3.53.30

> X-SpamCop-Disposition: Blocked cbl.abuseat.org

I'm not grumbling about the fact that it's been tagged as blocked by cbl.abuseat.org.

It's the addressee: shinybluegrasshopper[at]spamcop.net - my spamcop username

appears only in the [munged] second line of the headers:

> > Delivered-To: spamcop-net-[munged][at]spamcop.net

Why am I receiving this email ? It's not been filtered because I've set the filter

trigger at five *'s (*****) and this spam has only four. There seems to be no hint as to why my Inbox is the lucky recipient.

The first "received by" is nmroqoauvrd.com, a nonexistent domain ...

George Langford

amenex

Link to comment
Share on other sites

Your question about the addressing is easily explained....a lot of spam gets sent out using the BCC (blind carbon copy) method, so anyone's address could appear in the "To" box and yet your address was on a BCC list that you're not seeing.

However, the message in question should have wound up in the Held mail folder...not in your Inbox, unless perhaps you haven't got all of the Blacklists selected in your options?

I'd also recommend a SpamAssassin setting of 4, rather than the default of 5. That should help route more stuff to your Held folder as well.....but do go into your options and make sure that all of the Blacklists are turned on.

DT

Link to comment
Share on other sites

DavidT wrote:

> Your question about the addressing is easily explained....a lot of spam gets

> sent out using the BCC (blind carbon copy) method, so anyone's address

> could appear in the "To" box and yet your address was on a BCC list that

> you're not seeing.

Arghhh.

> However, the message in question should have wound up in the Held mail

> folder...not in your Inbox, unless perhaps you haven't got all of the Blacklists

> selected in your options?

I've got the relocation to Held Mail on hold - I checked the "Tag Only" box so my

filters will intercept the stuff that's guaranteed to be spam.

> I'd also recommend a SpamAssassin setting of 4, rather than the default of 5.

> That should help route more stuff to your Held folder as well.....but do go into

> your options and make sure that all of the Blacklists are turned on.

They're all on - but just tag the spams. I'm trying to design the filters so they

don't mis-identify legitimate emails. I've got mail coming from several domains,

and they all receive this BCC junk, so I'm filtering mail to "[at]domain" that has

a SpamAssassin rating of ***** and worse. If I relax that, then a playful email

might end up in my PsuedoHeldMail box.

Is there any other way of catching BCC mail with a filter setting ?

Thanks,

George Langford

amenex

Link to comment
Share on other sites

They're all on - but just tag the spams. I'm trying to design the filters so they

don't mis-identify legitimate emails. I've got mail coming from several domains,

and they all receive this BCC junk, so I'm filtering mail to "[at]domain" that has

a SpamAssassin rating of ***** and worse. If I relax that, then a playful email

might end up in my PsuedoHeldMail box.

Is there any other way of catching BCC mail with a filter setting ?

You could just as easily 'hold' the suspect messages since they aren't reported or deleted automatically. Just held in the 'Held Mail' folder. You can check them out there before deciding how to process them.

Works just fine... In addition to DavidT's recommendations I'd suggest you apply grey-list filtering once you're happy with the other filters. This drops the load significantly and will catch almost all the BCC type mail. BUT you'll never see it in your mailbox so be sure everytin else is working OK first :)

Andrew

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...