Jump to content

Seemingly Leaky Filter


Recommended Posts

Posted

My spamfilter is set up to send spam from horseloverz.com to my Held Mail folder, but it keeps getting into my Inbox.

First I started out with

"if sender contains horseloverz.com send to Held Mail"

...but it kept getting in.

So I added

or

"if source contains horseloverz.com send to Held Mail"

or

"if body contains horseloverz.com send to Held Mail"

...but it keeps getting in.

Why doesn't it get filtered?

I don't even have a horse!

Posted

How are you accessing your mail? The filters will not work automaticly unless you use the webmail interface.

Also have you tried running the filters manually?

Posted

Thank you dbiel and turetzsr!

dbiel: I access my e-mail by having my e-mail programme automatically and periodically download new mail from my SpamCop.net Inbox only. This works fine; most spam does not get delivered to my computer - it gets sent to the SpamCop Held Mail folder. Lately though, HorseLoverZ.com spam makes it through (other spammers do not).

turetzsr: Thank you for the link; I do not have my own address whitelisted.

My primary e-mail account forwards to my SpamCop account, then is downloaded to my computer. In my SpamCop account, I have all DNS Blacklists checked, SpamAssassin set at 1, and have made many filters over the years, such as the previously mentioned horseloverz.com specific filters. Again, those filters are:

"if sender contains horseloverz.com send to Held Mail"

...but it kept getting in.

So I added

or

"if source contains horseloverz.com send to Held Mail"

or

"if body contains horseloverz.com send to Held Mail"

Sometimes SpamCop weeds out horseloverz, sometimes it lets it through.

Here is the header for one that recently erroneously delivered to my Inbox (I used XXX for my addy):

-----------------------------------------------

Return-Path: <email[at]mailer.horseloverz.com>

Delivered-To: spamcop-net-XXX

Received: (qmail 3003 invoked from network); 13 Nov 2011 22:27:20 -0000

X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter7

X-spam-Level:

X-spam-Status: hits=0.8 tests=HTML_IMAGE_RATIO_02,HTML_MESSAGE,URIBL_GREY

version=3.2.4

Received: from unknown (192.168.1.86)

by filter7.cesmail.net with QMQP; 13 Nov 2011 22:27:20 -0000

Received: from mail4c25.carrierzone.com (64.29.147.14)

by mxin2.cesmail.net with SMTP; 13 Nov 2011 22:29:04 -0000

Received: from chrome-twtwze.cccampaigns.net (chrome-twtwze.cccampaigns.net [81.92.121.220])

by mail4c25.carrierzone.com (8.13.6/8.13.1) with ESMTP id pADMRGau018792

for <XXX>; Sun, 13 Nov 2011 17:27:19 -0500

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=emv; d=mailer.horseloverz.com;

h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:List-Unsubscribe; i=email[at]mailer.horseloverz.com;

bh=BfMhphfYHsuslkmU6G7OwP7kY3I=;

b=djSSmcRLblbzmigeQ7tDgElrA+SN1j/1B1kv1Z0a/CpamQuRhTgA3U8g4xOReXGCWDRIeWPOY1EB

4FvRTCcv9Q==

Received: by chrome-twtwze.cccampaigns.net id ho124e0hubc8 for <XXX>; Sun, 13 Nov 2011 23:27:00 +0100 (envelope-from <email[at]mailer.horseloverz.com>)

Date: Sun, 13 Nov 2011 23:27:00 +0100 (CET)

From: "HorseLoverZ.com" <email[at]mailer.horseloverz.com>

Reply-To: "HorseLoverZ.com Customer Service" <customerservice[at]horseloverz.com>

To: XXX <XXX>

Message-ID: <11077107719.1274474.1321223220135[at]p2enginex2.emv2.com>

Subject: Mane n' Tail Variety Pack with 8 Products, FREE Scoop ONLY $14.95 -

Great Gift for the Holidays

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary=127447411077107719

X-EMV-Platform: p2cce.campaigncommander.com$

X-EMV-CampagneId: 1274474$

X-EMV-MemberId: 11077107719$

List-Unsubscribe: http://p2tre.emv3.com/HD?a=ENX7CquysnHo8SA...qVsje_Hhe-unlLj

X-MMR: 0

X-CSC: 0

X-CHA: v=1.1 cv=8XyDZAikrXz1kY29dwngsk+/ohyqDbPzEkDAPDdartA= c=1 sm=1

a=t-QZDxZ1rQYA:10 a=7+z6xUAKiXTCdJVUQ9cDEw==:17 a=kWGobBnVAAAA:8

a=8pQwB3h7AAAA:8 a=sGsLJnh1AAAA:8 a=ruG7H20Mwa3WOKRP9BEA:9

a=BGUWmSF0LJsFUsU0UtcA:7 a=PUjeQqilurYA:10 a=pR8iRiQCOkYA:10

a=B2id_1FGIicA:10 a=Rz-eOtO4RLYA:10 a=MeI69hvcc6wA:10 a=beIFczt1QKUA:10

a=pVUZFVzKAAAA:8 a=8QRNXwlP57v_I8yKmEAA:9 a=nHH2A627DjzZ9Jw_fVEA:7

a=tXsnliwV7b4A:10 a=9scftgM7MyoA:10 a=7+z6xUAKiXTCdJVUQ9cDEw==:117

X-SpamCop-Checked: 64.29.147.14 81.92.121.220

X-EsetId: 2EA2B02805C37E6931A4B07A0E933339

--127447411077107719

Content-Type: text/plain; charset=iso-8859-15

Content-Transfer-Encoding: 8bit

-----------------------------------------------

btw: when SpamCop reports horseloverz, it is always to a devnull:

abuse#emailvision.com[at]devnull.spamcop.net

I am not complaining about the SpamCop service - it catches the vast majority of spam - I like it very much; I am just curious as to how this particular spammer makes it over all the hurdles and into my Inbox. Prolly something simple that I have overlooked.

Posted

I access my e-mail by having my e-mail programme automatically and periodically download new mail from my SpamCop.net Inbox only.

In this case, the SpamCop filters will never be used. Those filters are client filters and only active if you use the Webmail client. You should be able to program your client to do the same thing, though transfer to your Held Mail folder may not be available unless you are using IMAP.

X-SpamCop-Checked: 64.29.147.14 81.92.121.220

I (as a paid user) see only 5 reports against the second IP address in the last 90 days. If you are the only person reporting them, they will not get listed.

Posted

My spamfilter is set up to send spam from horseloverz.com to my Held Mail folder, but it keeps getting into my Inbox.

Just put

horseloverz.com

on your BlackList

Posted

In this case, the SpamCop filters will never be used. Those filters are client filters and only active if you use the Webmail client. You should be able to program your client to do the same thing, though transfer to your Held Mail folder may not be available unless you are using IMAP.

X-SpamCop-Checked: 64.29.147.14 81.92.121.220

I (as a paid user) see only 5 reports against the second IP address in the last 90 days. If you are the only person reporting them, they will not get listed.

I do not understand - the other spam gets filtered into my Held Mail folder - why not the horseloverz.com spammer? If the filters did not work I should be getting tons of spam in my inbox.

Just put

horseloverz.com

on your BlackList

Thank you for the suggestion :) but I just want to understand why this spammer gets past my filter when other do not.

Posted

I do not understand - the other spam gets filtered into my Held Mail folder - why not the horseloverz.com spammer? If the filters did not work I should be getting tons of spam in my inbox.

Thank you for the suggestion :) but I just want to understand why this spammer gets past my filter when other do not.

The "Webmail Filters" only work when you are online.

The link I gave you is checked by the Mail server on or off line

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...