markbuckles Posted November 12, 2011 Posted November 12, 2011 My spamfilter is set up to send spam from horseloverz.com to my Held Mail folder, but it keeps getting into my Inbox. First I started out with "if sender contains horseloverz.com send to Held Mail" ...but it kept getting in. So I added or "if source contains horseloverz.com send to Held Mail" or "if body contains horseloverz.com send to Held Mail" ...but it keeps getting in. Why doesn't it get filtered? I don't even have a horse!
dbiel Posted November 12, 2011 Posted November 12, 2011 How are you accessing your mail? The filters will not work automaticly unless you use the webmail interface. Also have you tried running the filters manually?
turetzsr Posted November 12, 2011 Posted November 12, 2011 Hi, markbuckles, ...In addition to dbiel's reply, please note DT's post in SpamCop Forum article "How is this possible?"
markbuckles Posted November 14, 2011 Author Posted November 14, 2011 Thank you dbiel and turetzsr! dbiel: I access my e-mail by having my e-mail programme automatically and periodically download new mail from my SpamCop.net Inbox only. This works fine; most spam does not get delivered to my computer - it gets sent to the SpamCop Held Mail folder. Lately though, HorseLoverZ.com spam makes it through (other spammers do not). turetzsr: Thank you for the link; I do not have my own address whitelisted. My primary e-mail account forwards to my SpamCop account, then is downloaded to my computer. In my SpamCop account, I have all DNS Blacklists checked, SpamAssassin set at 1, and have made many filters over the years, such as the previously mentioned horseloverz.com specific filters. Again, those filters are: "if sender contains horseloverz.com send to Held Mail" ...but it kept getting in. So I added or "if source contains horseloverz.com send to Held Mail" or "if body contains horseloverz.com send to Held Mail" Sometimes SpamCop weeds out horseloverz, sometimes it lets it through. Here is the header for one that recently erroneously delivered to my Inbox (I used XXX for my addy): ----------------------------------------------- Return-Path: <email[at]mailer.horseloverz.com> Delivered-To: spamcop-net-XXX Received: (qmail 3003 invoked from network); 13 Nov 2011 22:27:20 -0000 X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter7 X-spam-Level: X-spam-Status: hits=0.8 tests=HTML_IMAGE_RATIO_02,HTML_MESSAGE,URIBL_GREY version=3.2.4 Received: from unknown (192.168.1.86) by filter7.cesmail.net with QMQP; 13 Nov 2011 22:27:20 -0000 Received: from mail4c25.carrierzone.com (64.29.147.14) by mxin2.cesmail.net with SMTP; 13 Nov 2011 22:29:04 -0000 Received: from chrome-twtwze.cccampaigns.net (chrome-twtwze.cccampaigns.net [81.92.121.220]) by mail4c25.carrierzone.com (8.13.6/8.13.1) with ESMTP id pADMRGau018792 for <XXX>; Sun, 13 Nov 2011 17:27:19 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=emv; d=mailer.horseloverz.com; h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:List-Unsubscribe; i=email[at]mailer.horseloverz.com; bh=BfMhphfYHsuslkmU6G7OwP7kY3I=; b=djSSmcRLblbzmigeQ7tDgElrA+SN1j/1B1kv1Z0a/CpamQuRhTgA3U8g4xOReXGCWDRIeWPOY1EB 4FvRTCcv9Q== Received: by chrome-twtwze.cccampaigns.net id ho124e0hubc8 for <XXX>; Sun, 13 Nov 2011 23:27:00 +0100 (envelope-from <email[at]mailer.horseloverz.com>) Date: Sun, 13 Nov 2011 23:27:00 +0100 (CET) From: "HorseLoverZ.com" <email[at]mailer.horseloverz.com> Reply-To: "HorseLoverZ.com Customer Service" <customerservice[at]horseloverz.com> To: XXX <XXX> Message-ID: <11077107719.1274474.1321223220135[at]p2enginex2.emv2.com> Subject: Mane n' Tail Variety Pack with 8 Products, FREE Scoop ONLY $14.95 - Great Gift for the Holidays MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=127447411077107719 X-EMV-Platform: p2cce.campaigncommander.com$ X-EMV-CampagneId: 1274474$ X-EMV-MemberId: 11077107719$ List-Unsubscribe: http://p2tre.emv3.com/HD?a=ENX7CquysnHo8SA...qVsje_Hhe-unlLj X-MMR: 0 X-CSC: 0 X-CHA: v=1.1 cv=8XyDZAikrXz1kY29dwngsk+/ohyqDbPzEkDAPDdartA= c=1 sm=1 a=t-QZDxZ1rQYA:10 a=7+z6xUAKiXTCdJVUQ9cDEw==:17 a=kWGobBnVAAAA:8 a=8pQwB3h7AAAA:8 a=sGsLJnh1AAAA:8 a=ruG7H20Mwa3WOKRP9BEA:9 a=BGUWmSF0LJsFUsU0UtcA:7 a=PUjeQqilurYA:10 a=pR8iRiQCOkYA:10 a=B2id_1FGIicA:10 a=Rz-eOtO4RLYA:10 a=MeI69hvcc6wA:10 a=beIFczt1QKUA:10 a=pVUZFVzKAAAA:8 a=8QRNXwlP57v_I8yKmEAA:9 a=nHH2A627DjzZ9Jw_fVEA:7 a=tXsnliwV7b4A:10 a=9scftgM7MyoA:10 a=7+z6xUAKiXTCdJVUQ9cDEw==:117 X-SpamCop-Checked: 64.29.147.14 81.92.121.220 X-EsetId: 2EA2B02805C37E6931A4B07A0E933339 --127447411077107719 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 8bit ----------------------------------------------- btw: when SpamCop reports horseloverz, it is always to a devnull: abuse#emailvision.com[at]devnull.spamcop.net I am not complaining about the SpamCop service - it catches the vast majority of spam - I like it very much; I am just curious as to how this particular spammer makes it over all the hurdles and into my Inbox. Prolly something simple that I have overlooked.
StevenUnderwood Posted November 14, 2011 Posted November 14, 2011 I access my e-mail by having my e-mail programme automatically and periodically download new mail from my SpamCop.net Inbox only. In this case, the SpamCop filters will never be used. Those filters are client filters and only active if you use the Webmail client. You should be able to program your client to do the same thing, though transfer to your Held Mail folder may not be available unless you are using IMAP. X-SpamCop-Checked: 64.29.147.14 81.92.121.220 I (as a paid user) see only 5 reports against the second IP address in the last 90 days. If you are the only person reporting them, they will not get listed.
SpamCopAdmin Posted November 14, 2011 Posted November 14, 2011 Markbuckles is not the only one reporting 81.92.121.220. It should make its way onto our list soon. - Don D'Minion - SpamCop Admin - - service[at]admin.spamcop.net -
petzl Posted November 14, 2011 Posted November 14, 2011 My spamfilter is set up to send spam from horseloverz.com to my Held Mail folder, but it keeps getting into my Inbox. Just put horseloverz.com on your BlackList
markbuckles Posted November 15, 2011 Author Posted November 15, 2011 In this case, the SpamCop filters will never be used. Those filters are client filters and only active if you use the Webmail client. You should be able to program your client to do the same thing, though transfer to your Held Mail folder may not be available unless you are using IMAP. X-SpamCop-Checked: 64.29.147.14 81.92.121.220 I (as a paid user) see only 5 reports against the second IP address in the last 90 days. If you are the only person reporting them, they will not get listed. I do not understand - the other spam gets filtered into my Held Mail folder - why not the horseloverz.com spammer? If the filters did not work I should be getting tons of spam in my inbox. Just put horseloverz.com on your BlackList Thank you for the suggestion but I just want to understand why this spammer gets past my filter when other do not.
petzl Posted November 15, 2011 Posted November 15, 2011 I do not understand - the other spam gets filtered into my Held Mail folder - why not the horseloverz.com spammer? If the filters did not work I should be getting tons of spam in my inbox. Thank you for the suggestion but I just want to understand why this spammer gets past my filter when other do not. The "Webmail Filters" only work when you are online. The link I gave you is checked by the Mail server on or off line
Recommended Posts
Archived
This topic is now archived and is closed to further replies.