drpol Posted June 9, 2007 Share Posted June 9, 2007 Hi Over the last week or so there seems to have been an increase in spam that is slipping through SpamCop's filters. I have been receiving about 25-30 spam emails a day that have passed through the SpamCop filters. Is there any reason for this? Thanks Link to comment Share on other sites More sharing options...
petzl Posted June 9, 2007 Share Posted June 9, 2007 Over the last week or so there seems to have been an increase in spam that is slipping through SpamCop's filters. I have been receiving about 25-30 spam emails a day that have passed through the SpamCop filters. Is there any reason for this? No? look at headers of email getting through to see if whitelisted Set-up/turn-on all SpamCop filters Set SpamAssasin to no more than 5 (default level) check your "whitelist" is in order (do not whitelist your own email) Add br, cn, ru, it, pl, de as appropriate to your "blacklist" report all spam to get IP's listed and or fixed by ISP (attack is your best defence) VER those making it through (Queue for reporting and move to trash) This will show where reports are going and if there is a common spam source As always check out my signature (particularly security check) Link to comment Share on other sites More sharing options...
drpol Posted June 9, 2007 Author Share Posted June 9, 2007 Thanks for this information! Link to comment Share on other sites More sharing options...
DavidT Posted June 9, 2007 Share Posted June 9, 2007 Over the last week or so there seems to have been an increase in spam that is slipping through SpamCop's filters. I have been receiving about 25-30 spam emails a day that have passed through the SpamCop filters. Is there any reason for this? Petzl's suggestions are fine, but I'm seeing exactly the same thing as the OP.....LOTS more spam in my inbox...WAY too much! My SA setting is 4, but lowering it to 3 or even 2 won't help with this recent flood, because the SA on the SpamCop mail servers isn't scoring things high enough. Here are some of the scores on stuff showing up in my inbox: Subject: please confirm your information! (message id: uw031996481171k) X-spam-Status: hits=0.9 tests=HTML_FONT_LOW_CONTRAST,HTML_MESSAGE, MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MPART_ALT_DIFF version=3.1.8 (obvious phishing scam) Subject: Give your body the chance to lose weight X-spam-Status: hits=0.6 tests=SUBJECT_DIET,UNPARSEABLE_RELAY,URIBL_RED version=3.1.8 Subject: Make bigger your thing! X-spam-Status: hits=1.0 tests=SARE_ADULT2 version=3.1.8 Subject: Can you imagine that you are healthy? X-spam-Status: hits=0.0 tests=HTML_MESSAGE version=3.1.8 Subject: Lower rates have never been easier X-spam-Status: hits=0.7 tests=BAD_CREDIT,J_CHICKENPOX_43,UNPARSEABLE_RELAY version=3.1.8 Up until the last week or two, very few spams were hitting my inbox, and just as the OP has reported, there's been a sudden and noticeable increase. Just wanted to validate his/her experience...it's real. DT Link to comment Share on other sites More sharing options...
StevenUnderwood Posted June 9, 2007 Share Posted June 9, 2007 Up until the last week or two, very few spams were hitting my inbox, and just as the OP has reported, there's been a sudden and noticeable increase. Just wanted to validate his/her experience...it's real. This evidence needs to be brought to JT's attention. I can not confirm this problem. I have only received 2 spam messages in the last 3 days (what I keep in trrash) and while both were low SA scores, they were of the "randon passages of text" types of spam which usually score low on SA. I just got a spam that registered SA:20 http://www.spamcop.net/sc?id=z1322232000zc...712c2415046dfcz Perhaps JT found something or a spammer or 2 have finely tuned their spam for SA???? Link to comment Share on other sites More sharing options...
michaelanglo Posted June 9, 2007 Share Posted June 9, 2007 This evidence needs to be brought to JT's attention. I can not confirm this problem. I have only received 2 spam messages in the last 3 days (what I keep in trrash) and while both were low SA scores, they were of the "randon passages of text" types of spam which usually score low on SA. I just got a spam that registered SA:20 http://www.spamcop.net/sc?id=z1322232000zc...712c2415046dfcz Perhaps JT found something or a spammer or 2 have finely tuned their spam for SA???? If so those spammers havn't found me ! 31 leakers out of 1035 spams so far this month so 3.0% rather than last months 2.1% So some evidence of a slight increase in leakage Link to comment Share on other sites More sharing options...
petzl Posted June 10, 2007 Share Posted June 10, 2007 Thanks for this information! Since writing that "Farelf" pointed out that many of our blocklists are under a DDoS attack "Anti-spam forces must have hit a nerve with their adversaries" Things like SpamAssasin do add a score from each of these blocklists. Plus many of these blocklist's SpamCop email use directly. I doubt if attacks can be kept up Link to comment Share on other sites More sharing options...
dougoriard Posted July 7, 2007 Share Posted July 7, 2007 For the past few months, Spamcop's filtering has been less and less effective. Comcast's spam filter is now catching more of my spam than Spamcop. I've got the spam Assassin threshold set to 4, which is even tighter than normal, I've updated my mailhosts, and I'm using all available filter lists -- but Spamcop still is catching less than half of my spam. Comcast on the other hand, is catching 99% of everything Spamcop misses. What's going on here and what can I do to make Spamcop effective again? Link to comment Share on other sites More sharing options...
Wazoo Posted July 7, 2007 Share Posted July 7, 2007 I fail to see what this has to do with Mailhost Configuration of your Reporting Account .... with this post, Topic will be moved to the E-Mail system & Accounts Forum section. I believe that there are existing Topics/Discussion on the same subject, starting with the same remarks. Later Moderator actions will probably include "merging" this 'new' Topic into one of those previous/existing discsussions ..... Link to comment Share on other sites More sharing options...
Farelf Posted July 7, 2007 Share Posted July 7, 2007 Merged, PM sent. Anyone else seeing this problem again/still? Link to comment Share on other sites More sharing options...
DavidT Posted July 7, 2007 Share Posted July 7, 2007 Anyone else seeing this problem again/still? Am I seeing an "increase in spam slipping through"? YES! And I don't want to lower my SpamAssassin down from 4 to 3, or more false positives will wind up in my Held Mail, which is just as annoying as having more spam slip through. I think the primary problem is that the installation of SA is only a partial one, in that it's not set up to learn or be trained, IIUC. Also, I'm still noting discrepancies in the SA versions installed on the various "blade" and "filter" servers that accept and analyze our incoming mail. DT Link to comment Share on other sites More sharing options...
Farelf Posted July 8, 2007 Share Posted July 8, 2007 Thanks David ... I think the primary problem is that the installation of SA is only a partial one, in that it's not set up to learn or be trained, IIUC. ...And the blocklists referenced are under pressure, as mentioned previously.... Also, I'm still noting discrepancies in the SA versions installed on the various "blade" and "filter" servers that accept and analyze our incoming mail.That's not good. Link to comment Share on other sites More sharing options...
DavidT Posted July 8, 2007 Share Posted July 8, 2007 That's not good. I wouldn't think so...there's a nice long thread about this that has fallen off the first page...maybe I'll give it a little kick: http://forum.spamcop.net/forums/index.php?showtopic=7388 DT Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.