ob1db Posted April 11, 2010 Share Posted April 11, 2010 Is the Spamcop filtering system breaking down? I am suddenly and steadily getting more and more pharma spam in my inbox. It is as though SpamAssassin broke. The spam is VERY obvious and yet gets scored 1.0 to 2.0 consistently. Is anyone else seeing this? I am talking dozens a day or more... It is getting hard to tell what is real email. David Link to comment Share on other sites More sharing options...
Farelf Posted April 11, 2010 Share Posted April 11, 2010 Is the Spamcop filtering system breaking down? I am suddenly and steadily getting more and more pharma spam in my inbox. It is as though SpamAssassin broke. The spam is VERY obvious and yet gets scored 1.0 to 2.0 consistently. Is anyone else seeing this? I am talking dozens a day or more... It is getting hard to tell what is real email.Hi David, yes there are complaints from time to time. The general consensus is you need to use greylisting these days (see the top-most pinned item this forum). Sometimes there are reasons for the 'obvious' spam getting through. If you want some opinions, post a tracking URL of an example. Link to comment Share on other sites More sharing options...
ob1db Posted April 11, 2010 Author Share Posted April 11, 2010 Hi David, yes there are complaints from time to time. The general consensus is you need to use greylisting these days (see the top-most pinned item this forum). Sometimes there are reasons for the 'obvious' spam getting through. If you want some opinions, post a tracking URL of an example. Hmm, doesn't seem like that will help: I POP the mail from another ISP and the bulk of the offensive spam is via that source... I will post some examples. I have only been quick reporting most of it. Will I have to manually report or would posting the headers suffice? David Link to comment Share on other sites More sharing options...
Farelf Posted April 11, 2010 Share Posted April 11, 2010 ...I will post some examples. I have only been quick reporting most of it. Will I have to manually report or would posting the headers suffice?I should think a set of headers might be enough for those familiar with the mail system to mull over in the first instance (hoping some turn up to have a look when you post it). You might like to mention just what filters you are using - everything I should think. Link to comment Share on other sites More sharing options...
ob1db Posted April 11, 2010 Author Share Posted April 11, 2010 I should think a set of headers might be enough for those familiar with the mail system to mull over in the first instance (hoping some turn up to have a look when you post it). You might like to mention just what filters you are using - everything I should think. I have ALL filters on as far as I know! Here are some examples: Return-Path: <robisonvx[at]hpj.co.uk> Delivered-To: spamcop-net-ob1db[at]spamcop.net Received: (qmail 17779 invoked from network); 11 Apr 2010 19:32:43 -0000 X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on blade5 X-spam-Level: X-spam-Status: hits=0.0 tests=DRUGS_SLEEP,STOX_REPLY_TYPE version=3.2.4 Received: from unknown (192.168.1.88) by blade5.cesmail.net with QMQP; 11 Apr 2010 19:32:43 -0000 Received: from smarth-osier.atl.sa.earthlink.net (207.69.195.100) by mxin1.cesmail.net with SMTP; 11 Apr 2010 19:33:41 -0000 Received: from mx-casero.atl.sa.earthlink.net ([207.69.195.34]) by smarth-osier.atl.sa.earthlink.net with smtp (Exim 3.36 #4) id 1O12te-0006UP-00 for ob1db[at]spamcop.net; Sun, 11 Apr 2010 15:32:42 -0400 X-ELNK-Loop: ob1db[at]earthlink.net Received: from mx-casero.atl.sa.earthlink.net ([127.0.0.1]) by mx-casero.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1o12Tr7rn3Nl34m0; Sun, 11 Apr 2010 15:32:29 -0400 (EDT) Received: from 8yspu9h ([86.173.110.55]) by mx-casero.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1o12Ti6v33Nl34m0; Sun, 11 Apr 2010 15:32:20 -0400 (EDT) Message-ID: <000701cad9ad$755932b0$ae78fbb2[at]hpj.co.uk> Reply-To: "Cruz Robison" <robisonvx[at]hpj.co.uk> From: "Cruz Robison" <robisonvx[at]hpj.co.uk> To: <ob1db[at]earthlink.net>, <obobooks[at]earthlink.net>, <ocwalls[at]earthlink.net> Subject: Having trouble falling asleep? Get ambien Date: Sun, 11 Apr 2010 14:30:35 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1250" reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807 X-ELNK-Received-Info: spv=1; X-ELNK-AV: 0 X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000; X-SpamCop-Checked: 207.69.195.100 207.69.195.34 86.173.110.55 Return-Path: <chaskins_ct[at]e.kth.se> Delivered-To: spamcop-net-ob1db[at]spamcop.net Received: (qmail 1647 invoked from network); 11 Apr 2010 19:33:01 -0000 X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on blade4 X-spam-Level: X-spam-Status: hits=0.0 tests=STOX_REPLY_TYPE version=3.2.4 Received: from unknown (192.168.1.86) by blade4.cesmail.net with QMQP; 11 Apr 2010 19:33:01 -0000 Received: from smarth-shelduck.atl.sa.earthlink.net (207.69.195.97) by mxin2.cesmail.net with SMTP; 11 Apr 2010 19:31:35 -0000 Received: from mx-mcdonald.atl.sa.earthlink.net ([207.69.195.177]) by smarth-shelduck.atl.sa.earthlink.net with smtp (Exim 3.36 #4) id 1O12tx-0000im-00 for ob1db[at]spamcop.net; Sun, 11 Apr 2010 15:33:01 -0400 X-ELNK-Loop: ob1db[at]earthlink.net Received: from mx-mcdonald.atl.sa.earthlink.net ([127.0.0.1]) by mx-mcdonald.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1o12TT2re3Nl36F3; Sun, 11 Apr 2010 15:32:57 -0400 (EDT) Received: from oaret6a ([178.124.146.74]) by mx-mcdonald.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1o12TI6wl3Nl36F0; Sun, 11 Apr 2010 15:32:46 -0400 (EDT) Message-ID: <000701cad9ac$e6704480$ae796c72[at]e.kth.se> Reply-To: "Carmen Haskins" <chaskins_ct[at]e.kth.se> From: "Carmen Haskins" <chaskins_ct[at]e.kth.se> To: <ob1db[at]earthlink.net>, <objen[at]earthlink.net> Subject: Have Great Long Spicy Nights in Bed! Date: Sun, 11 Apr 2010 14:26:35 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1250" reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807 X-ELNK-Received-Info: spv=0; X-ELNK-AV: 0 X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000; X-SpamCop-Checked: 207.69.195.97 207.69.195.177 178.124.146.74 Return-Path: <t.rosahs[at]parnet.fi> Delivered-To: spamcop-net-ob1db[at]spamcop.net Received: (qmail 6821 invoked from network); 11 Apr 2010 19:25:02 -0000 X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter8 X-spam-Level: *** X-spam-Status: hits=3.6 tests=DIET_1,DRUGS_ERECTILE,FS_WEIGHT_LOSS, SARE_OBFU_HYDROCODONE,STOX_REPLY_TYPE version=3.2.4 Received: from unknown (192.168.1.86) by filter8.cesmail.net with QMQP; 11 Apr 2010 19:25:02 -0000 Received: from smarth-marmette.atl.sa.earthlink.net (207.69.195.101) by mxin2.cesmail.net with SMTP; 11 Apr 2010 19:23:36 -0000 Received: from mx-pinchot.atl.sa.earthlink.net ([207.69.195.25]) by smarth-marmette.atl.sa.earthlink.net with smtp (Exim 3.36 #4) id 1O12mD-00041M-00 for ob1db[at]spamcop.net; Sun, 11 Apr 2010 15:25:01 -0400 X-ELNK-Loop: ob1db[at]earthlink.net Received: from mx-pinchot.atl.sa.earthlink.net ([127.0.0.1]) by mx-pinchot.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1o12Mb5is3Nl34d2; Sun, 11 Apr 2010 15:24:59 -0400 (EDT) Received: from b0beju6 ([186.87.154.133]) by mx-pinchot.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1o12M52Fj3Nl34d0; Sun, 11 Apr 2010 15:24:53 -0400 (EDT) Message-ID: <000701cad9ac$9be6ffd0$ae79aeda[at]parnet.fi> Reply-To: "Terrance L. Rosa" <t.rosahs[at]parnet.fi> From: "Terrance L. Rosa" <t.rosahs[at]parnet.fi> To: <ob1db[at]earthlink.net>, <ommandala[at]earthlink.net> Subject: Weight Loss with Viagra Date: Sun, 11 Apr 2010 14:24:30 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1250" reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-ELNK-Received-Info: spv=0; X-ELNK-AV: 0 X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000; X-SpamCop-Checked: 207.69.195.101 207.69.195.25 186.87.154.133 Return-Path: <pat.h_caldwellne[at]dante.de> Delivered-To: spamcop-net-ob1db[at]spamcop.net Received: (qmail 32457 invoked from network); 11 Apr 2010 19:06:19 -0000 X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter8 X-spam-Level: X-spam-Status: hits=0.0 tests=STOX_REPLY_TYPE version=3.2.4 Received: from unknown (192.168.1.88) by filter8.cesmail.net with QMQP; 11 Apr 2010 19:06:19 -0000 Received: from smarth-dorada.atl.sa.earthlink.net (207.69.195.98) by mxin1.cesmail.net with SMTP; 11 Apr 2010 19:07:17 -0000 Received: from mx-emperor.atl.sa.earthlink.net ([207.69.195.33]) by smarth-dorada.atl.sa.earthlink.net with smtp (Exim 3.36 #4) id 1O12U7-0004Mw-00 for ob1db[at]spamcop.net; Sun, 11 Apr 2010 15:06:19 -0400 X-ELNK-Loop: ob1db[at]earthlink.net Received: from mx-emperor.atl.sa.earthlink.net ([127.0.0.1]) by mx-emperor.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1o12tO6Gw3Nl34l0; Sun, 11 Apr 2010 15:06:00 -0400 (EDT) Received: from 4eh6m52 ([188.194.76.1]) by mx-emperor.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1o12tM4xe3Nl34l0; Sun, 11 Apr 2010 15:05:58 -0400 (EDT) Message-ID: <000701cad9a8$e37cf1f0$ae78fbba[at]dante.de> Reply-To: "Pat H. Caldwell" <pat.h_caldwellne[at]dante.de> From: "Pat H. Caldwell" <pat.h_caldwellne[at]dante.de> To: <nvbarkerbunch[at]earthlink.net>, <nspangenburg[at]earthlink.net>, <ob1db[at]earthlink.net> Subject: Highly sought after Weightl0sS Rxmed! Date: Sun, 11 Apr 2010 13:57:52 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1250" reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807 X-ELNK-Received-Info: spv=1; X-ELNK-AV: 0 X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000; X-SpamCop-Checked: 207.69.195.98 207.69.195.33 188.194.76.1 Return-Path: <isaacmadison_ve[at]bowe.no> Delivered-To: spamcop-net-ob1db[at]spamcop.net Received: (qmail 3965 invoked from network); 11 Apr 2010 18:24:01 -0000 X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on blade1 X-spam-Level: * X-spam-Status: hits=1.1 tests=FB_GET_MEDS,STOX_REPLY_TYPE version=3.2.4 Received: from unknown (192.168.1.86) by blade1.cesmail.net with QMQP; 11 Apr 2010 18:24:01 -0000 Received: from smarth-dorada.atl.sa.earthlink.net (207.69.195.98) by mxin2.cesmail.net with SMTP; 11 Apr 2010 18:22:34 -0000 Received: from mx-clapper.atl.sa.earthlink.net ([207.69.195.23]) by smarth-dorada.atl.sa.earthlink.net with smtp (Exim 3.36 #4) id 1O11pA-0000uN-00 for ob1db[at]spamcop.net; Sun, 11 Apr 2010 14:24:00 -0400 X-ELNK-Loop: ob1db[at]earthlink.net Received: from mx-clapper.atl.sa.earthlink.net ([127.0.0.1]) by mx-clapper.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1o11P456U3Nl34b0; Sun, 11 Apr 2010 14:23:54 -0400 (EDT) Received: from etbsbqm ([83.185.34.103]) by mx-clapper.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1o11OL1YU3Nl34b0; Sun, 11 Apr 2010 14:23:35 -0400 (EDT) Message-ID: <000701cad9a3$e1caa050$ae78fbb2[at]bowe.no> Reply-To: "Isaac Madison" <isaacmadison_ve[at]bowe.no> From: "Isaac Madison" <isaacmadison_ve[at]bowe.no> To: <ob1db[at]earthlink.net>, <njpsunshine[at]earthlink.net>, <obharris[at]earthlink.net> Subject: Wanna get hot and sweaty from amazing bedroom fun? Date: Sun, 11 Apr 2010 13:22:02 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1250" reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807 X-ELNK-Received-Info: spv=1; X-ELNK-AV: 0 X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000; X-SpamCop-Checked: 207.69.195.98 207.69.195.23 83.185.34.103 Return-Path: <wanda.dobsonti[at]teletekno.fi> Delivered-To: spamcop-net-ob1db[at]spamcop.net Received: (qmail 13149 invoked from network); 11 Apr 2010 18:10:22 -0000 X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter8 X-spam-Level: X-spam-Status: hits=0.0 tests=STOX_REPLY_TYPE version=3.2.4 Received: from unknown (192.168.1.88) by filter8.cesmail.net with QMQP; 11 Apr 2010 18:10:22 -0000 Received: from smarth-dorada.atl.sa.earthlink.net (207.69.195.98) by mxin1.cesmail.net with SMTP; 11 Apr 2010 18:11:20 -0000 Received: from mx-emperor.atl.sa.earthlink.net ([207.69.195.33]) by smarth-dorada.atl.sa.earthlink.net with smtp (Exim 3.36 #4) id 1O11by-00088W-00 for ob1db[at]spamcop.net; Sun, 11 Apr 2010 14:10:22 -0400 X-ELNK-Loop: ob1db[at]earthlink.net Received: from mx-emperor.atl.sa.earthlink.net ([127.0.0.1]) by mx-emperor.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1o11BS6ri3Nl34l0; Sun, 11 Apr 2010 14:10:16 -0400 (EDT) Received: from 1snt4v2 ([94.233.220.133]) by mx-emperor.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1o11BO2sL3Nl34l0; Sun, 11 Apr 2010 14:10:13 -0400 (EDT) Message-ID: <000701cad9a0$fcfb68d0$ae794a32[at]teletekno.fi> Reply-To: "Wanda Dobson" <wanda.dobsonti[at]teletekno.fi> From: "Wanda Dobson" <wanda.dobsonti[at]teletekno.fi> To: <papendickr[at]earthlink.net>, <ob1db[at]earthlink.net> Subject: Have Great Focus with Adderall! Date: Sun, 11 Apr 2010 13:01:19 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1250" reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807 X-ELNK-Received-Info: spv=1; X-ELNK-AV: 0 X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000; X-SpamCop-Checked: 207.69.195.98 207.69.195.33 94.233.220.133 Hits score as low as 0.0? How is this possible? HELP! David Link to comment Share on other sites More sharing options...
petzl Posted April 11, 2010 Share Posted April 11, 2010 I have ALL filters on as far as I know! Here are some examples: X-spam-Level: X-SpamCop-Checked: 207.69.195.100 207.69.195.34 86.173.110.55 X-spam-Level: X-SpamCop-Checked: 207.69.195.97 207.69.195.177 178.124.146.74 X-spam-Level: *** X-SpamCop-Checked: 207.69.195.101 207.69.195.25 186.87.154.133 X-spam-Level: X-SpamCop-Checked: 207.69.195.98 207.69.195.33 188.194.76.1 X-spam-Level: * X-SpamCop-Checked: 207.69.195.98 207.69.195.33 94.233.220.133 Hits score as low as 0.0? How is this possible? HELP! David Bit sus? When reporting refresh the "cache" for source IP in "Full reporting" (if you can, gets a bit hard when popping email from another email account, forwarding is a bit better) Check the "Dot" Show Technical Details during reporting Simple output Show technical data Make sure "mail hosts" are set correctly This re-checks if abuse address is current (used to be SpamCop would auto recheck/refresh after a time?) Now it don't? (I refreshed the cache on last checked IP's which now will go to latest abuse address. You may wish to resubmit your spam that went nowhere) Most/all of the email source IP abuse desks seem reputable and will act on reports closing spammer use, also perhaps informing police Link to comment Share on other sites More sharing options...
Wazoo Posted April 11, 2010 Share Posted April 11, 2010 I have ALL filters on as far as I know! Why does that sound like you have not checked? Here are some examples: You have most certainly been around the SpamCop Parsing & Reposrting System long enough to know about Tracking URLs. Please use them. ctual details available, without the format mangling involved with the cut/paste/display issues involved on this display screen. Oh yeah, the e-mail addresses would also be munged. However, now that they've been exposed here, what are the odds that you have added your earthlink address to your SpamCop.net e-mail account's whitelist? Link to comment Share on other sites More sharing options...
ob1db Posted April 11, 2010 Author Share Posted April 11, 2010 Why does that sound like you have not checked? You have most certainly been around the SpamCop Parsing & Reposrting System long enough to know about Tracking URLs. Please use them. ctual details available, without the format mangling involved with the cut/paste/display issues involved on this display screen. Oh yeah, the e-mail addresses would also be munged. However, now that they've been exposed here, what are the odds that you have added your earthlink address to your SpamCop.net e-mail account's whitelist? I will post some trackers. I only posted headers because someone else said it should be enough... I have ALL filters active, SA set to 4, my earthlink is not whitelisted... David Link to comment Share on other sites More sharing options...
Farelf Posted April 12, 2010 Share Posted April 12, 2010 I will post some trackers. I only posted headers because someone else said it should be enough...Yeah, sorry David, my fault - I should have made it plainer I meant ONE header just to get things running in case anything was immediately obvious and because you don't routinely have full reports to show. As petzl said, a few of those trackers are what's being asked for now and 'full technical data' turned on will allow you to see whatever is discussed coming out of that. Link to comment Share on other sites More sharing options...
ob1db Posted April 12, 2010 Author Share Posted April 12, 2010 Yeah, sorry David, my fault - I should have made it plainer I meant ONE header just to get things running in case anything was immediately obvious and because you don't routinely have full reports to show. As petzl said, a few of those trackers are what's being asked for now and 'full technical data' turned on will allow you to see whatever is discussed coming out of that. Apology accepted! Something is CLEARLY breaking. I got 43 spams to 12 emails in my inbox this AM!!!! This is getting absurd... I will create some detailed trackers later today. David Link to comment Share on other sites More sharing options...
dra007 Posted April 12, 2010 Share Posted April 12, 2010 snap/ I got 43 spams to 12 emails in my inbox this AM!!!! This is getting absurd... That doesn't sound like a lot to me.. I typically get 200-500spam for every good e-mail and I filter aggressively including grey listing.. Not only that ...as of late, an overwhelming majority of unfiltered spam I get has porn sounding one liners with no spaces and does not seem to sell anything...at least not obviously so (and I am not going to check)... So consider yourself fortunate... As everything else in life it is all relative... Link to comment Share on other sites More sharing options...
ob1db Posted April 12, 2010 Author Share Posted April 12, 2010 That doesn't sound like a lot to me.. I typically get 200-500spam for every good e-mail and I filter aggressively including grey listing.. Not only that ...as of late, an overwhelming majority of unfiltered spam I get has porn sounding one liners with no spaces and does not seem to sell anything...at least not obviously so (and I am not going to check)... So consider yourself fortunate... As everything else in life it is all relative... That wasn't counting the 175 spams in held mail. I meant that many got through to my inbox, all obvious pharma 1 liners. I usually get 1-3 a day like that, already nearly 100 in the inbox today... Some samples as requested: http://www.spamcop.net/sc?id=z3904339138z6...f27d923fc67cfaz http://www.spamcop.net/sc?id=z3904345172ze...78af73e8c97309z http://www.spamcop.net/sc?id=z3904346825z1...8723a3e2e0d56az I hope these help figure this out. David Link to comment Share on other sites More sharing options...
petzl Posted April 13, 2010 Share Posted April 13, 2010 nearly 100 in the inbox today... Some samples as requested: http://www.spamcop.net/sc?id=z3904339138z6...f27d923fc67cfaz I hope these help figure this out. David The problem is that the spam reports are going to wrong source after refreshing cache it will now send to abuse[at]ip.telmexchile.cl instead report went to abuse[at]seabone.net abuse[at]chilesat.net postmaster[at]chilesat.net netadmin[at]chilesat.net Now I refreshed "cache" it is going to latest listed abuse address abuse[at]ip.telmexchile.cl SpamCop did this (periodically) automatically now it doesn't? try it to see. [Edit - quote amended for fidelity - "0" changed to "nearly 100"] Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.