Mighty Posted April 29, 2014 Author Share Posted April 29, 2014 SpamCop stops all in "Zen" as zen is the combined spamhaus.org lists You can reduce SpamAssasin level down to stop more spam try 4 Your whitelist http://webmail.spamcop.net/horde/imp/spamcop/whitelist.php overrides ALL Blacklists and Greylisting http://webmail.spamcop.net/horde/imp/spamcop/preferences.php to activate click "Click here to enable greylisting" If spamcop is not reporting YOU (your mail hosts are set-up) you can use Quck-reporting in VER http://mailsc.spamcop.net/reportheld?action=heldlog "Quick report and send to trash" You can also Whitelist emails in you VER (Held) folder by same scroll bar I understand whitelists, greylists and blacklists. I have had senders who I know I"ve whitelisted still get held. I don't think it has happened recently. But, now that I know where to check and maintain my own whitelist, I'll keep an eye out for that. Unfortunately, since I'm redirecting from another server, greylisting won't work for me. I was on a webhost for about a year that implemented greylisting and it was great. I went from 30 held spam per day to about 1 per day. Today, I have another 15 or so cluttering my inbox, and only 1 held, plus one false positive. Frustrating. I might try Mailwasher. I know I looked at it once, a few years ago. Drake Link to comment Share on other sites More sharing options...
Mighty Posted May 1, 2014 Author Share Posted May 1, 2014 Yesterday, I only had about 5 spam altogether, and 1 was held. I guess the jerks took a day off. Today, I've had about 12 spam held and about 12-15 leak through. So, that's encouraging. Anyone know if something has changed? Drake Link to comment Share on other sites More sharing options...
Farelf Posted May 2, 2014 Share Posted May 2, 2014 ... Anyone know if something has changed? Well, the e-mail system stopped working for a while, a new server is being/has been brought on-line, filtering was/is apparently affected as part of that process - http://forum.spamcop.net/forums/index.php?showtopic=14091 - but yes, encouraging if the proportion of spam being diverted has improved. Maybe the deficient filtering performance was related to that former, inadequate server. As seen even in just this topic, others have also had complaints/observations about poor filtering, occurring for several/many months. Just conjecture ... Link to comment Share on other sites More sharing options...
Farelf Posted May 5, 2014 Share Posted May 5, 2014 May be totally unrelated but - a bell has been rung in the world of 'forum spamming' that there has possibly been a recent and massive move by Chinese spammers to use substantial US IP addresses allocations delegated to Chinese owners. Going by the last Chinese comment spammer banned from these pages - okay, a sample of one - that applies also to the 'payload' domains, the spamvertized websites with Chinese registrants (as always, 'follow the money'). Forum spam is a different movie. Many regional/special interest forums have very high memberships but aggressively block membership from whole counties, deemed to have no legitimate interest in such forums and historically associated with spam attacks. Well, some individual e-mail account holders (even whole businesses) have a similar philosophy, compounded in the business case by trade and export restrictions and other difficulties. What seems like a good idea to bypass this by one bunch of spammers might also seem like a good idea to another. 'Whole of country' filtering has always been problematic due to the dynamism of allocations and delegation across national boundaries, and 'professional proxies' have been around 'forever'. But this (possible) spam use of extra-national delegations (and specifically, Chinese ones) appears to be a significant upswing. In forum spamming, the evidence (apart from the fact of Chinese delegations recorded by APNIC) is just 'statistical' - an 11% of total drop in Chinese spam (16% reduction in share) and a 7% of total increase (doubling) of 'US' spam out of 76,848,524 records at the moment. Haven't bothered to do the math but, trust me, those changes have to be highly significant. These Chinese figures are themselves influenced (subdued) by pre-existing filtering and other administrative restrictions. Thanks to stopforumspam.com user crfriend for the observation and suggested mechanism. Back to e-mail spam - even without 'country' filters, I would imagine some heuristic filters might be pushed into short-term 'seek' oscillation if such a change was occurring there too. Must say I had never noticed a lot of Chinese message spam when I used to get spam but that was mostly botnet sourced (unknown owners/hirers) and, yes, there were certainly times when Chinese 'alphabet soup' domains predominated as the 'payload' (though with ostensibly Chines owners? - can't recall). Anyway, not looking good for 'whole country' filtering. Those with their own servers can apparently overcome this by adding a level of scripting to interrogate NICs for organization and/or owner name/address and referencing tables. Link to comment Share on other sites More sharing options...
Mighty Posted May 6, 2014 Author Share Posted May 6, 2014 I'm continuing to see about a 50% stop rate the last coupla days. Including some of the paired-up spam. Hopefully, the server replacement was the issue, and the rates will climb as these continue to be reported. Drake Link to comment Share on other sites More sharing options...
davem4 Posted May 6, 2014 Share Posted May 6, 2014 I'm continuing to see about a 50% stop rate the last coupla days. Including some of the paired-up spam. Hopefully, the server replacement was the issue, and the rates will climb as these continue to be reported. Drake Well that's certainly better than what I was seeing. Since the last outage, my email hasn't been going through Spamcop but if it gets reasonably effective and stays up for awhile, I could be tempted back. Could you tell us what spam cop features are blocking your messages? For example, on my messages prior to the outage, the vast majority of SC blocks were due to spam Assassin. That didn't impress me all that much since I tend to assume that Thunderbird's filtering is likely to get whatever spam Assassin gets. However, if some or all of the block lists are now catching significant amounts, then SC is interesting to me again. Link to comment Share on other sites More sharing options...
Mighty Posted May 8, 2014 Author Share Posted May 8, 2014 Well, it's dropping back off again. So far today, 14 leaked through and 4 were held. I've been diligently reporting them for the last week and a half or so. Drake Link to comment Share on other sites More sharing options...
davem4 Posted June 11, 2014 Share Posted June 11, 2014 Are you still tracking this? How is it doing lately? Link to comment Share on other sites More sharing options...
Mighty Posted June 11, 2014 Author Share Posted June 11, 2014 My total volume of spam is so low, lately, that it's hard to say. One day, four will leak through with none stopped. Another, two will leak with three stopped. Etc. I think there has only been one or two days in the last month with more than ten total spam in one day. My general impression is that it's stopping something less than 1/3. The spam that does get through it tends to be lumped together, so that most of them show up within an hour or two. Drake Link to comment Share on other sites More sharing options...
davem4 Posted June 12, 2014 Share Posted June 12, 2014 Of the last 32 spam emails I received, my host's free spam filtering found 59% of them and the rest were spotted by Thunderbird. It's probably dangerous to make broad comparisons on such small numbers of messages, but I think I will stick with my host's spam feature for the time being. Thanks for the update! Link to comment Share on other sites More sharing options...
Mighty Posted June 12, 2014 Author Share Posted June 12, 2014 So far today, it stopped 2 and let 11 through. So, still performing very poorly. Drake Link to comment Share on other sites More sharing options...
Mighty Posted June 20, 2014 Author Share Posted June 20, 2014 The scammers seem to have Spamcop all figured out, now. Instead of two at a time, I'm now getting ten at a time. Ten spam at one time, slightly different, all about diabetes. Then, a few minutes later, ten about background checks. And Spamcop is catching none of them. Clearly, these are coming from the same group that has been sending doubles for the last few months. And Spamcop has been helpless to stop them. Link to comment Share on other sites More sharing options...
raydragon Posted June 27, 2014 Share Posted June 27, 2014 I, too, am getting more spam in my Inbox than in my Held Mail. The only spam being "caught" are the typical "your rich Nigerian Uncle has died" and the "low, low loan rates". The ones for used cars, cure diabetes, HARP, etc., are ALL going to Inbox. I have ALL blacklists checked, and no settings have changed. I am getting 15-20 of these daily, all at one time. Maybe 8-10 in Held Mail. Not sure a paid Webmail account is worth it after 10+ years. Link to comment Share on other sites More sharing options...
petzl Posted June 27, 2014 Share Posted June 27, 2014 I, too, am getting more spam in my Inbox than in my Held Mail. The only spam being "caught" are the typical "your rich Nigerian Uncle has died" and the "low, low loan rates". The ones for used cars, cure diabetes, HARP, etc., are ALL going to Inbox. I have ALL blacklists checked, and no settings have changed. I am getting 15-20 of these daily, all at one time. Maybe 8-10 in Held Mail. Not sure a paid Webmail account is worth it after 10+ years. While it is out of touch and getting outdated, it allows unlimited spam reporting Never get spam in my inbox? You maybe have whitelisted your own email address (don't)? check your blacklist settings http://webmail.spamcop.net/horde/imp/spamcop/blacklists.php then click Submit or it won't activate Link to comment Share on other sites More sharing options...
michaelanglo Posted June 27, 2014 Share Posted June 27, 2014 I, too, am getting more spam in my Inbox than in my Held Mail. The only spam being "caught" are the typical "your rich Nigerian Uncle has died" and the "low, low loan rates". The ones for used cars, cure diabetes, HARP, etc., are ALL going to Inbox. I have ALL blacklists checked, and no settings have changed. I am getting 15-20 of these daily, all at one time. Maybe 8-10 in Held Mail. Not sure a paid Webmail account is worth it after 10+ years. If you can summarise the SpamAssassin scores for the ones that make it to your Inbox ? Link to comment Share on other sites More sharing options...
Ex_Brit Posted June 27, 2014 Share Posted June 27, 2014 Eash person's settings may vary of course but in the 10+ years I've used SC it's been excellent and I've hardly ever received any spam in my actual email client inbox. It's blocked everything bad. Settings I have are as follows but as I said, results may vary do play around with them: Options, Select your email filtering blacklists. Block All - yes (checked) Tag Only - blank (unchecked) SpamAssassin - Checked and set to limit '1' Block Russian - yes (checked) DNS Blacklists - all are selected. Click Submit if you changed anything. Try adjusting settings and I think you'll find it works well. I do not use the graylist as it, for me at least, simply adds complication to the equation. Link to comment Share on other sites More sharing options...
davem4 Posted June 27, 2014 Share Posted June 27, 2014 Wow - I've found that a spam assassin score of 3 causes a lot of legit emails to go to held mail and even 4 causes enough to be annoying. I'm amazed that you can use 1. Link to comment Share on other sites More sharing options...
Ex_Brit Posted June 27, 2014 Share Posted June 27, 2014 Then the Whitelist comes into play. I find the combination of SA limit of 1 and the Whitelist works perfectly. It took a bit of playing around before I got it right. As I said, "results may vary"...!! Link to comment Share on other sites More sharing options...
wa3kf Posted July 1, 2014 Share Posted July 1, 2014 I have been seeing similar issues. Spamcop use to block close to all my spam. Now it's in the 20% range. I have all the lists checked, and have spam assassin set to 3. This use to work very well, now it does not anymore. With the recent downtime and now the lack of effective spam blocking, I am starting to think it is time to move on. I use to highly recommend this service because it blocked spam so well. But it is not anymore. And I can report spam until my fingers are blue and it does not help. I also use blacklisting and a whitelisting. But like hasbeen said, my settings are fairly dormant and the effectiveness has gotten sucky the last half a year so . Not sure what to do other then move on. Either the spammers have figuredd out how to get around spamcop, or the various lists are not being updated anymore. Link to comment Share on other sites More sharing options...
Mighty Posted July 1, 2014 Author Share Posted July 1, 2014 In answer to an earlier question, I've looked at a few of the recent spam from the group that gets everything through. It looks like they've managed to tune their spam to hover around a score of 3. I have mine set at 5. If I can conveniently produce a list of my common contacts and add them to my whitelist then I will look at lowering that setting. Drake Link to comment Share on other sites More sharing options...
djporter Posted July 1, 2014 Share Posted July 1, 2014 Spamcop use to block close to all my spam. Now it's in the 20% range. I have all the lists checked, and have spam assassin set to 3. This use to work very well, now it does not anymore. Same thing here, all lists checked, spam assassin set to 3, greylisting enabled, and lots of spam gets through. Then when I do report the spam most of the reports are just devnulled so nothing is really reported by SC. Link to comment Share on other sites More sharing options...
turetzsr Posted July 1, 2014 Share Posted July 1, 2014 <snip> Then when I do report the spam most of the reports are just devnulled so nothing is really reported by SC. ...To those not very familiar with how SpamCop reporting works: please bear in mind that submitting the spam has as many as three possible results: sending a notification to the abuse address of the spam source (IP address). (lowest priority) finding spamvertizing and sending a notification to the abuse address responsible for the spamvertized host(s). (most importantly) contributing to the statistics that SpamCop uses to decide whether to put the spam source on the SpamCop blacklist. "Dev nulling" only means that the first and/ or second of these will not be done; your reports are still contributing to the statistics that SpamCop uses to decide whether to put the spam source on the SpamCop blacklist. Link to comment Share on other sites More sharing options...
Mighty Posted July 2, 2014 Author Share Posted July 2, 2014 "Dev nulling" only means that the first and/ or second of these will not be done; your reports are still contributing to the statistics that SpamCop uses to decide whether to put the spam source on the SpamCop blacklist. This is why I've been reporting them, lately. But, even though these bad ones are on a limited number of subjects, and probably coming from the same zombie farm, I think I've seen about two or three of them held, ever. Out of hundreds. I would expect some improvement, as I see very similar emails come through week after week. That's a big part of what has made this so frustrating, lately. Drake Link to comment Share on other sites More sharing options...
turetzsr Posted July 2, 2014 Share Posted July 2, 2014 <snip> I think I've seen about two or three of them held, ever. Out of hundreds. ...Yes, frustration understood.I would expect some improvement, as I see very similar emails come through week after week. <snip> ...Again for the not yet overly familiar with SpamCop: while one can hope that reporting spam might improve the ability of the e-mail filtering to catch those sources, there's no reason to think that any one person's or a few people's reporting will do that because of how SpamCop determines whether to place any IP address on the blacklist and the nature of how spammers do their work these days (botnets). Reporting seems largely to be a pursuit with little direct benefit to us reporters other than the satisfaction of feeling we've done a bit to fight back against the spam scourge and that we might hit the occasional "white hat" provider who can benefit from a SpamCop report. Link to comment Share on other sites More sharing options...
Mighty Posted July 3, 2014 Author Share Posted July 3, 2014 ...Yes, frustration understood....Again for the not yet overly familiar with SpamCop: while one can hope that reporting spam might improve the ability of the e-mail filtering to catch those sources, there's no reason to think that any one person's or a few people's reporting will do that because of how SpamCop determines whether to place any IP address on the blacklist and the nature of how spammers do their work these days (botnets). Reporting seems largely to be a pursuit with little direct benefit to us reporters other than the satisfaction of feeling we've done a bit to fight back against the spam scourge and that we might hit the occasional "white hat" provider who can benefit from a SpamCop report. I was working under the assumption that, since I get so many of these, that a lot of other people are, too. And, that a useful percentage of those people were reporting them. Maybe not. Or, maybe the spammers have injected enough random text at the bottom to offset their Bayesian score. Drake Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.