Jump to content

I need more spam protection! SpamCop is not enough!!!


andrewRump

Recommended Posts

:( More and more spam is getting through! :angry:

In SpamCop webmail I have set the SpamAssasin limit to 2 (setting it to 1 only cathes legit mail) and all DNS blacklists has been selected and still more and more spam mail is getting through! Well I do receive more and more spam so it is not because SpamCop is loosing the battle but the bars have to be raised?

What can I do? :huh:

Link to comment
Share on other sites

Are the messages being sent directly to your SpamCop address, or are they being either POPed from, or forwarded from another address or addresses? You can cut down on spam that's sent directly to your SC address by enabling the new Greylisting feature:

http://forum.spamcop.net/forums/index.php?showtopic=8650

However, it won't help for mail that's being sent to other addresses and then accessed in your SC account. If you own a domain, are you perhaps using a "catch-all" (or "default") email address that receives mail to any address a spammer might dream up? If so, you should disable that and you'll see a dramatic decrease in your spam level.

The other solution would be to add some additional filtering, either at an ISP, or at your computer. Depending upon the email software you are using, there are utilities that can filter mail as you're downloading it. I've never used any of those, but if things got bad enough, I'd consider it.

Another choice would be to petition the SC Email system owner to add to the blacklists offered in the account settings. For example, one that slipped by SpamCop into my inbox this morning came from via a relay in Spamhaus PBL (zen.spamhaus.org). I think that a lot of my false negatives would have been caught if the Zen blacklist were added as an option.

DT

Link to comment
Share on other sites

:( More and more spam is getting through! :angry:

In SpamCop webmail I have set the SpamAssasin limit to 2 (setting it to 1 only cathes legit mail) and all DNS blacklists has been selected [...]

Please can we have some numbers ?

My own :-

2684 spams (89/d), 59 leakers (=2.2 %), 0 false positive for September (reduction was due to greylisting)

4369 spams, (140/d) 80 leakers (=1.8 %), 0 false positive(s) August

SA = 3.0 (just gone to 2.0) with bankofamerica.com and such in personal blacklist.

Does spam get though because of low SA or because of a whitelist item ?

Link to comment
Share on other sites

:( More and more spam is getting through! :angry:

In SpamCop webmail I have set the SpamAssasin limit to 2 (setting it to 1 only cathes legit mail) and all DNS blacklists has been selected and still more and more spam mail is getting through! Well I do receive more and more spam so it is not because SpamCop is loosing the battle but the bars have to be raised?

What can I do? :huh:

Tried turning greylisting on (your whitelist overides Greylisting)

Link to comment
Share on other sites

Are the messages being sent directly to your SpamCop address, or are they being either POPed from, or forwarded from another address or addresses? You can cut down on spam that's sent directly to your SC address by enabling the new Greylisting feature:

I would love to use the greylisting but the e-mails are forwarded through SpamCop from my private domain to Gmail!!!

However, it won't help for mail that's being sent to other addresses and then accessed in your SC account. If you own a domain, are you perhaps using a "catch-all" (or "default") email address that receives mail to any address a spammer might dream up? If so, you should disable that and you'll see a dramatic decrease in your spam level.

I was forced to disable the catch-all several years ago - after receiving several thousand spam e-mails every day!

The other solution would be to add some additional filtering, either at an ISP, or at your computer. Depending upon the email software you are using, there are utilities that can filter mail as you're downloading it. I've never used any of those, but if things got bad enough, I'd consider it.

Well I don't want to introduce yet another server into the chain! :-) It is complicated enough already!

Another choice would be to petition the SC Email system owner to add to the blacklists offered in the account settings. For example, one that slipped by SpamCop into my inbox this morning came from via a relay in Spamhaus PBL (zen.spamhaus.org). I think that a lot of my false negatives would have been caught if the Zen blacklist were added as an option.

That is what I am hoping for.

Link to comment
Share on other sites

That is what I am hoping for.
Have you emailed support[at]spamcop.net with this specific request?

Have you started a thread (should this be moved) to the New Features forum? The New Features forum has not usually been the quickest way, but it documents the request and allows others to comment on how widely the change is wanted/needed (sets priority).

I would ask for a Moderator (I have stepped down from that position) to move this to the New Features and then reference the thread in the email request.

Link to comment
Share on other sites

It has not mattered where on the forum it is located.

I disagree. While *most* requests seem to fall on deaf ears, I've seen some action in other forums, especially in the SC Email forum, but YMMV. I hope my other thread gets to stay in the Email forum. However, I do note that Trevor responded to two of the posts in "New Feature Requests" back in August, so maybe there's hope. JT's most recent post in this forum was Jan 20 2005.

DT

Link to comment
Share on other sites

However, I do note that Trevor responded to two of the posts in "New Feature Requests" back in August, so maybe there's hope. JT's most recent post in this forum was Jan 20 2005.

Trevor, being 'new' in here, was apparently not 'warned' about getting involved in 'this' forum section.

Link to comment
Share on other sites

Have you emailed support[at]spamcop.net with this specific request?

Well no because I do not know what is required to get better spam protection. I am asking you and is hoping that SpamCop will be enhanced with whatever is needed to raise the level of protection.

Link to comment
Share on other sites

Have you investigated the headers to see why the messages are getting thrrough?

For some information, see the FAQ: Messages not Filtered - Why?

Sure. The messages that get throught usually get a SA score of zero but are easy (for me) to detect because they are often in Russian (or similar language). Here are a few examples:

http://www.spamcop.net/sc?id=z1493510951z5...1f3ca435187f6az

http://www.spamcop.net/sc?id=z1493510953z3...95d0e06bdb87c5z

http://www.spamcop.net/sc?id=z1493510954z6...fbc2fcb13f020dz

Tried turning greylisting on (your whitelist overides Greylisting)

Unfortunately that is not an option because I forward my mails through SpamCop.

Link to comment
Share on other sites

Andrew,

You might want to check your blacklist settings again...the sending IP of that first sample is currently listed on multiple BLs, including the XBL:

http://www.robtex.com/rbl/74.61.49.208.html

I don't have time to check the details of when it was listed and compare that to when you received the message, but I'm just pointing out that this particular message would currently get caught by the available blacklist filters.

DT

Link to comment
Share on other sites

Please can we have some numbers ?

My own :-

2684 spams (89/d), 59 leakers (=2.2 %), 0 false positive for September (reduction was due to greylisting)

4369 spams, (140/d) 80 leakers (=1.8 %), 0 false positive(s) August

SA = 3.0 (just gone to 2.0) with bankofamerica.com and such in personal blacklist.

SA = 1! And I receive between 1000 and 2000 spam mails every day and about 20 spam mails get through. So our procentage are about the same - but the spammers are just getting better and better.

Does spam get though because of low SA or because of a whitelist item ?

SA is as low as possible! 0! Zero! Nil! :(

Link to comment
Share on other sites

The first and third samples came from the same IP address, which was listed on the CBL 3 and 1/2 hours ago, so it's possible that you received them just before the IP was added to the CBL/XBL. The middle sample is currently on SORBS. Sorry if you already told us this, but have you analyzed the items that wind up in your Held mail, checking the "X-SpamCop-Disposition:" lines to see if your BL filter settings are actually working? Most of my Held mail gets there due to SpamAssassin scores, but some of the items get put there due to BL hits. For example, out of the 49 items I just found in my Held folder, 44 were there due to my SA threshhold, 4 were there due to hits on the SCBL and one due to "Blocked cn.countries.nerd.dk." I'm assuming that the other BL filters are currently functional, but I'll be checking my Held mail to see if that's the case. I might even do something silly like turning off SA on my account to see if the other BLs kick in.

DT

Link to comment
Share on other sites

Well no because I do not know what is required to get better spam protection. I am asking you and is hoping that SpamCop will be enhanced with whatever is needed to raise the level of protection.

Well I have one question to JT! Are SA tweaked or when was the filters last updated?

I would love the SA level to be raised by a factor 10 so I may be able to make use of the SA level! Now having it set to 1 just makes it a flag instead of a adjustable fence! :blush:

Link to comment
Share on other sites

Well I have one question to JT! Are SA tweaked or when was the filters last updated?

I would love the SA level to be raised by a factor 10 so I may be able to make use of the SA level! Now having it set to 1 just makes it a flag instead of a adjustable fence! :blush:

While admittedly, I have little spam hitting my accounts and my "spam footprint" seems to be different than many here, I currently have SA set to 5 and have received 2 false positives in the last week (89 total spam). The 2 that got through had SA ratings of 4.7 (just missed) and 1.5. The 1.5 was an AIDS Walkathon invitation which went to my yahoo address which is primarily used for testing and never used for personal contact (like the message was indicating).
Link to comment
Share on other sites

...and have received 2 false positives in the last week (89 total spam). The 2 that got through...

I'm thinking those should be referred to as "false negatives," then. A "false positive" is generally something that a filter thinks is really spam, but isn't.

DT

Link to comment
Share on other sites

Wazoo...you should probably use some smileys once in a while so people don't think you're serious! ;)

I created this section so as to consolidate these suggestions / requests. The intent was that they'd all be found here, rather than buried in the middle of a newsgroup thread, a Forum discussion, etc. Discussions with various folks got me answers such as;

"I don't need to look in there. If it's a good idea, I'll hear about it."

"I don't want to look in there, as repeatedly telling users 'no way' wouldn't be productive."

and of course, "I don't have the time"

I believe my sense of humor (actually, the lack of one) has been mentioned a time or two in various places.

Looks like we're about to see a few more topics marked "Resolved" in here....see this post in the SC Email forum from Trevor:

That would be nice, to say the least. However, suspecting that it's going to have to be one of the Moderators to do the matching up of solutions and requests to add the [Resolved] tag when and if .....

Link to comment
Share on other sites

The first and third samples came from the same IP address, which was listed on the CBL 3 and 1/2 hours ago, so it's possible that you received them just before the IP was added to the CBL/XBL. The middle sample is currently on SORBS. Sorry if you already told us this, but have you analyzed the items that wind up in your Held mail, checking the "X-SpamCop-Disposition:" lines to see if your BL filter settings are actually working? Most of my Held mail gets there due to SpamAssassin scores, but some of the items get put there due to BL hits. For example, out of the 49 items I just found in my Held folder, 44 were there due to my SA threshhold, 4 were there due to hits on the SCBL and one due to "Blocked cn.countries.nerd.dk." I'm assuming that the other BL filters are currently functional, but I'll be checking my Held mail to see if that's the case. I might even do something silly like turning off SA on my account to see if the other BLs kick in.

I am fairly confident that SpamCop works as expected. I have selected all (of the following) DNS Blacklists:

DNS Blacklist		DNS Zone			Website
SpamCop Blacklist 		bl.spamcop.net 		www.spamcop.net/bl.shtml
DSBL open relays 		list.dsbl.org 		dsbl.org
Spamhaus Blacklist 		sbl.spamhaus.org 		www.spamhaus.org/sbl/
South Korea (the country) 	korea.services.net 		korea.services.net
China (the country) 		cn.countries.nerd.dk 		countries.nerd.dk/more.html
Nigeria 			nigeria.blackholes.us 		www.blackholes.us
Argentina 			argentina.blackholes.us 	www.blackholes.us
Brazil 			brazil.blackholes.us 		www.blackholes.us
Composite Blocking List 	cbl.abuseat.org 		cbl.abuseat.org
Spamhaus XBL 		xbl.spamhaus.org 		www.spamhaus.org/xbl/

And going to report held spam (http://mailsc.spamcop.net/reportheld?action=heldlog) show all kind of reasons to why the e-mails where caught by SpamCop [NOTE: Please be warned. Some subjects are not appropriate for minors]:

[1123243] nugvacanszep[at]vacans.com (Dear Customer Feel Good Now! Preview )

Wed, 24 Oct 2007 20:09:00 +0100 (Blocked bl.spamcop.net)

[1123244] ikjzmjlsnc[at]mts-nn.ru (=?koi8-r?B?K+Hm6fvhK8vPzsPF0tTZIMkg28/VICj+OTUpIDIy+i05Mi36Nw==?= Preview )

Wed, 24 Oct 2007 23:15:09 +0300 (Blocked SpamAssassin=7)

[1123245] setiathome[at]rump.dk (October 78% OFF Preview )

Wed, 24 Oct 2007 21:17:21 +0200 (CEST) (Blocked SpamAssassin=5)

[1123246] andi[at]dmatrans.com (Turn your penis from a peasant to a Nobel. Preview )

Wed, 24 Oct 2007 17:51:34 +0000 (Blocked SpamAssassin=19)

... A lot Blocked SpamAssassin ...

[1123277] oyj[at]brainfingers.com (Pakistan Interior Minister Sherpao says no foreigners will be brought into inquiry Preview )

Wed, 24 Oct 2007 14:53:37 -0600 (Blocked cbl.abuseat.org)

[1123278] smeqeg[at]easyrentacar.com (Bright side Preview )

Sun, 20 Jan 2002 04:19:09 -0100 (Blocked SpamAssassin=15)

[1123279] phrrc[at]bankofky.com (Get the right stuff Preview )

Wed, 24 Oct 2007 16:47:46 -0500 (Blocked SpamAssassin=13)

[1123280] "dona hammer" (RE:Why You Should Personalize Your Diet Preview )

Wed, 24 Oct 2007 22:58:23 +0200 (Blocked SpamAssassin=20)

[1123281] aloysius[at]ohiohills.com ( Preview )

Wed, 24 Oct 2007 19:11:08 +0000 (Blocked SpamAssassin=4)

[1123282] andrewrump[at]spamcop.net (October 70% OFF Preview )

(Blocked SpamAssassin=17)

[1123283] ttogmbnqfeop[at]bpshopfitting.com.au (Chinese agency cracked down on polluters in September Preview )

Wed, 24 Oct 2007 17:57:49 -0300 (Blocked brazil.blackholes.us)

[1123284] ttogmbnqfeop[at]bpshopfitting.com.au (Chinese agency cracked down on polluters in September Preview )

Wed, 24 Oct 2007 17:57:49 -0300 (Blocked brazil.blackholes.us)

[1123285] ttogmbnqfeop[at]bpshopfitting.com.au (Chinese agency cracked down on polluters in September Preview )

Wed, 24 Oct 2007 17:57:49 -0300 (Blocked brazil.blackholes.us)

... A lot more Blocked SpamAssassin ...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...