Why did this one make it through?

[DavidT]

I have my "SpamAssassin limit" set to the default of 5, and yet, the following message made it past the SC system:

http://www.spamcop.net/sc?id=z787286764zea...0456505ab7bdd0z

In the message headers, you should see the following:

X-spam-Status: hits=5.0

Hmmm... it's been a long time since I took any math classes, but doesn't 5 generally equal 5.0? :-)

Additionally, over the last few days, I'm seeing a noticeable increase in spam slipping past SC's combination of BLs. Almost every time I pop my mail, I'm receiving some new spam, which is not my normal experience with my SC email accounts. Usually, one or two might slip by each day.

I think something isn't working properly at the servers, but I don't have any proof yet.

DT

[Jeff G.]

I got a similar one that had "X-spam-Status: hits=5.0" but only 4 stars in "X-spam-Level: ****" and wasn't held. I suspect that there is a rounding issue, where: the exact level was between 4.950... and 4.999...; "X-spam-Status: hits" uses rounding; and "X-spam-Level" and the comparison to "SpamAssassin Limit" use truncation. I emailed JT about this issue two weeks ago (with details that didn't need to be public), but I haven't heard from him.

[btech]

I have about 9 messages that leaked through.. some have words like "Generic" "medications" in them with :

X-spam-Level:

X-spam-Status: hits=0.0 tests=none version=3.0.3

Others are spam level 2, and the message is something like this:

"Hello

We got thousands software at low low price

visit us now

topwinsoft.com"

It seems that the program isn't catching all that it used to. Time to set the report level to 2, I guess, so these messages make it into the correct box.

[SnowDog]

I'm also seeing a large increase in spam making it past the filters. They were catching > 90% of the spam a month ago, now they're only catching around 65%.

[StevenUnderwood]

I'm also seeing a large increase in spam making it past the filters. They were catching > 90% of the spam a month ago, now they're only catching around 65%.

30388[/snapback]

I am not seeing any change in the percentage of spam getting to my inbox. Over the last 5 days, I have seen only 3 out of 38 total spam messages.

[Jeff G.]

I am starting to keep a closer eye on "X-spam-Status: hits" in spam that makes it past my SpamCop Email System Filters and configured Blocklist and Blacklists.

[DavidT]

I am not seeing any change in the percentage of spam getting to my inbox.  Over the last 5 days, I have seen only 3 out of 38 total spam messages.

OK, but your incoming stream of spam is MUCH lower than the average SC email user, so your stats aren't statistically valid, in that the "sample size" is too small. Your stated "false negative" rate is about 8%, which for most of us wouldn't be acceptable, in that 8% of say, 1000 messages (and that's also a fairly low incoming rate) would be 80 spams slipping through....not good.

DT

[DavidT]

I am starting to keep a closer eye on "X-spam-Status: hits" in spam that makes it past my SpamCop Email System Filters and configured Blocklist and Blacklists.

Thanks, Jeff. It's not a huge problem yet, but I've certainly noticed a marked increase of stuff slipping through, although I made no changes to my settings.

When this happens, I'm inclined to guess that perhaps there's something not quite right between the reporting and the SCBL, in that if that's all functioning efficiently, many of the source IPs of the ones that are getting through would be on the SCBL, but aren't.

DT

[Jeff G.]

You're welcome.

[btech]

Well, I had 10 messages slip through, out of 75 total spam messages in one day.

It seems that the messages are not triggering 'hits'... possibly some updating needs to happen?

[StevenUnderwood]

OK, but your incoming stream of spam is MUCH lower than the average SC email user, so your stats aren't statistically valid, in that the "sample size" is too small. Your stated "false negative" rate is about 8%, which for most of us wouldn't be acceptable, in that 8% of say, 1000 messages (and that's also a fairly low incoming rate) would be 80 spams slipping through....not good.

DT

30397[/snapback]

I have reduced my spam by dropping my most infected account and using spamcop exclusively but I was replying to snowdog's message of:

I'm also seeing a large increase in spam making it past the filters. They were catching > 90% of the spam a month ago, now they're only catching around 65%.

and showing I am still getting greater than 90% of my spam caught. My percentages did not change when my spam messages dropped from ~200-250 per day to about 10 per day.

[SnowDog]

My increase in observed spam is with a fairly large volume, around 1500-2000 messages/day, >90% of which are spam. Spamcop had been picking up over 90% of this leaving me with a manageable number to report manually. The volume making it past the filters is now high enough to make it a pain to report all those that slip through.

[DavidT]

Update on the conditions that generated this topic:

The situation seems to have improved now. Hardly anything is slipping by SC now, which is my normal experience with my SC email accounts. I haven't changed anything, and I doubt that the spammers have made any significant changes to their practices. That leaves only the functionality of the SC system itself as a likely explanation, meaning that something was probably wrong...at least not nominal/optimal, and now it is. I'm sure we'll never know what it was. My speculation is that something was wrong with the connection between the reporting system and the SCBL.

DT