Jump to content

Increase in spam slipping through


Recommended Posts

Hi

Over the last week or so there seems to have been an increase in spam that is slipping through SpamCop's filters. I have been receiving about 25-30 spam emails a day that have passed through the SpamCop filters. Is there any reason for this?

Thanks

Link to comment
Share on other sites

Over the last week or so there seems to have been an increase in spam that is slipping through SpamCop's filters. I have been receiving about 25-30 spam emails a day that have passed through the SpamCop filters. Is there any reason for this?

No?

look at headers of email getting through to see if whitelisted

Set-up/turn-on all SpamCop filters Set SpamAssasin to no more than 5 (default level)

check your "whitelist" is in order (do not whitelist your own email)

Add br, cn, ru, it, pl, de as appropriate to your "blacklist"

report all spam to get IP's listed and or fixed by ISP (attack is your best defence)

VER those making it through (Queue for reporting and move to trash) This will show where reports are going and if there is a common spam source

As always check out my signature (particularly security check)

Edited by petzl
Link to comment
Share on other sites

Over the last week or so there seems to have been an increase in spam that is slipping through SpamCop's filters. I have been receiving about 25-30 spam emails a day that have passed through the SpamCop filters. Is there any reason for this?

Petzl's suggestions are fine, but I'm seeing exactly the same thing as the OP.....LOTS more spam in my inbox...WAY too much!

My SA setting is 4, but lowering it to 3 or even 2 won't help with this recent flood, because the SA on the SpamCop mail servers isn't scoring things high enough. Here are some of the scores on stuff showing up in my inbox:

Subject: please confirm your information! (message id: uw031996481171k)

X-spam-Status: hits=0.9 tests=HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,

MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MPART_ALT_DIFF version=3.1.8

(obvious phishing scam)

Subject: Give your body the chance to lose weight

X-spam-Status: hits=0.6 tests=SUBJECT_DIET,UNPARSEABLE_RELAY,URIBL_RED

version=3.1.8

Subject: Make bigger your thing!

X-spam-Status: hits=1.0 tests=SARE_ADULT2 version=3.1.8

Subject: Can you imagine that you are healthy?

X-spam-Status: hits=0.0 tests=HTML_MESSAGE version=3.1.8

Subject: Lower rates have never been easier

X-spam-Status: hits=0.7 tests=BAD_CREDIT,J_CHICKENPOX_43,UNPARSEABLE_RELAY

version=3.1.8

Up until the last week or two, very few spams were hitting my inbox, and just as the OP has reported, there's been a sudden and noticeable increase. Just wanted to validate his/her experience...it's real.

DT

Link to comment
Share on other sites

Up until the last week or two, very few spams were hitting my inbox, and just as the OP has reported, there's been a sudden and noticeable increase. Just wanted to validate his/her experience...it's real.

This evidence needs to be brought to JT's attention. I can not confirm this problem. I have only received 2 spam messages in the last 3 days (what I keep in trrash) and while both were low SA scores, they were of the "randon passages of text" types of spam which usually score low on SA.

I just got a spam that registered SA:20

http://www.spamcop.net/sc?id=z1322232000zc...712c2415046dfcz

Perhaps JT found something or a spammer or 2 have finely tuned their spam for SA????

Link to comment
Share on other sites

This evidence needs to be brought to JT's attention. I can not confirm this problem. I have only received 2 spam messages in the last 3 days (what I keep in trrash) and while both were low SA scores, they were of the "randon passages of text" types of spam which usually score low on SA.

I just got a spam that registered SA:20

http://www.spamcop.net/sc?id=z1322232000zc...712c2415046dfcz

Perhaps JT found something or a spammer or 2 have finely tuned their spam for SA????

If so those spammers havn't found me !

31 leakers out of 1035 spams so far this month so 3.0% rather than last months 2.1%

So some evidence of a slight increase in leakage

Link to comment
Share on other sites

Thanks for this information!

Since writing that "Farelf" pointed out that many of our blocklists are under a DDoS attack

"Anti-spam forces must have hit a nerve with their adversaries"

Things like SpamAssasin do add a score from each of these blocklists. Plus many of these blocklist's SpamCop email use directly.

I doubt if attacks can be kept up

Link to comment
Share on other sites

  • 4 weeks later...

For the past few months, Spamcop's filtering has been less and less effective. Comcast's spam filter is now catching more of my spam than Spamcop. I've got the spam Assassin threshold set to 4, which is even tighter than normal, I've updated my mailhosts, and I'm using all available filter lists -- but Spamcop still is catching less than half of my spam. Comcast on the other hand, is catching 99% of everything Spamcop misses. What's going on here and what can I do to make Spamcop effective again?

Link to comment
Share on other sites

I fail to see what this has to do with Mailhost Configuration of your Reporting Account .... with this post, Topic will be moved to the E-Mail system & Accounts Forum section.

I believe that there are existing Topics/Discussion on the same subject, starting with the same remarks. Later Moderator actions will probably include "merging" this 'new' Topic into one of those previous/existing discsussions .....

Link to comment
Share on other sites

Anyone else seeing this problem again/still?

Am I seeing an "increase in spam slipping through"? YES! And I don't want to lower my SpamAssassin down from 4 to 3, or more false positives will wind up in my Held Mail, which is just as annoying as having more spam slip through. I think the primary problem is that the installation of SA is only a partial one, in that it's not set up to learn or be trained, IIUC. Also, I'm still noting discrepancies in the SA versions installed on the various "blade" and "filter" servers that accept and analyze our incoming mail.

DT

Link to comment
Share on other sites

Thanks David

... I think the primary problem is that the installation of SA is only a partial one, in that it's not set up to learn or be trained, IIUC. ...
And the blocklists referenced are under pressure, as mentioned previously.
... Also, I'm still noting discrepancies in the SA versions installed on the various "blade" and "filter" servers that accept and analyze our incoming mail.
That's not good.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...