If it has "Angelina Jolie" in the :Subject line it's spam

[cherrick]

I'm pretty much 100% certain.

[Farelf]

I'm pretty much 100% certain.

I'm with you. Or worse than spam even:

Daily Mail article. Not that the Daily Mail is necessarily a reliable source about such things (though better than the Daily Mirror, perhaps) but, in truth, I have myself received numerous offers to become better acquainted with the lady and which I am fairly sure would lead to no such outcome nor would she necessarily welcome it even if they did, in fact the odds would be vanishing slight on the latter matter, in my estimation.

[Wazoo]

I'm pretty much 100% certain.

Wondering just what exactly this Topic/subject matter has to do with a SpamCop.net e-mail account. Moving it to the Lounge with this post.

On the flip side ... I was simply amazed with this girl when I saw the movie Hackers. Years passed, she grew up, matured (?), played much more 'serious' roles (is that the right word for TombRaider?) .. I lost interest years ago.

[cherrick]

Short of building my own filter, isn't there some way to get the SpamCop system to automatically move emails with "Angelina Jolie" in the Subject: line to Held Mail?

[Farelf]

Ah, *that's* what you were getting at. I would love to look but, unprecedentedly, Google seems to have died at this time (globally, including the search functions on these pages), we need another mail user to answer that one.

[cherrick]

I'm pretty sure it's not a matter of googling but one of getting the SpamCop developers to tweak their rules.

Of course I could be wrong.

[DavidT]

Short of building my own filter, isn't there some way to get the SpamCop system to automatically move emails with "Angelina Jolie" in the Subject: line to Held Mail?

Nope. And if you build a filter, it's only useful if you log into the webmail system....not if you POP your mail from the SC mail server.

DT

[rconner]

Short of building my own filter, isn't there some way to get the SpamCop system to automatically move emails with "Angelina Jolie" in the Subject: line to Held Mail?

Maybe or maybe not, but you then have to deal with the people who misspell her name -- I've already seen it in spam. Could turn into a sort of Idiot's Delight for RegEx writers.

-- rick

[Farelf]

...I'm pretty sure it's not a matter of googling ...

I was thinking particularly what insights I might gain to get a handle on your question by searching the pages "here" (which is a Google search function). Like Search forum.spamcop.net webmail + filter. Google is talking to me again and I might have found something to contribute amongst the resulting hits. But others with more direct knowledge have now responded (above).

[Miss Betsy]

I don't think the spammer can't spell her name. I think that the spammer has discovered that others besides the OP have tried to filter out using her name. The same phenomenon as the various spellings of Viagra.

It is a powerful argument for the inadequacy of filtering on content and the use of DNSBLs to block spam. Block the IP addresses that those emails come from. Eventually, the spammers will run out of IP addresses that allow them to spam that are not blocked by those who don't want spam. If the spammers are using IP addresses that legitimate senders are using, then eventually the legitimate senders will find IP addresses that are administered by those who do not allow spammers to operate on their networks. There may always be mistakes or spammers who can find ways to get around the rules (i.e. the 419 scammers who are willing to invest more time in sending email because the rewards are greater), but in general, the interruption of service would not be more irritating or costly than the spam now being delivered or legitimate mail being lost because of content filters.

Miss Betsy

[cherrick]

Got another one this morning.

[cherrick]

Just sayin' but you know if the Subject: line reads "Discounted drugs at discount pharmacy" I'm pretty sure SpamCop can figure it's a spam and move it to my Held Mail box without much concern.

Just sayin'.

Moderator Edit: Merged this "new" Topic into an existing Discussion that covers the same ground.

[StevenUnderwood]

Just sayin' but you know if the Subject: line reads "Discounted drugs at discount pharmacy" I'm pretty sure SpamCop can figure it's a spam and move it to my Held Mail box without much concern.

SpamCop can not "read" your subject as it is a computer program and as such would likely put ANY message with the words drugs or pharmacy into your held mail causing more problems.

[cherrick]

SpamCop can not "read" your subject as it is a computer program and as such would likely put ANY message with the words drugs or pharmacy into your held mail causing more problems.

What?

Computer programs have been reading the Subject: line since email was invented.

Hello? Surely, you jest.

Got another 3 this morning.

Would it really be that hard to tweak CESmail?

[StevenUnderwood]

Computer programs have been reading the Subject: line since email was invented.

Would it really be that hard to tweak CESmail?

No, programs tdo NOT read the subject line... they match characters or patterns. Someone would need to program the search to find the words you are complaining about, but that would likely cause many false positives. You can read and understand that "Discounted drugs at discount pharmacy" is likely spam, but a program would need to at best weigh the words discount, drugs, and pharmacy and would then likely mark some valid messages from real pharmacies as spam. Then of course you have all the modified spellings, and the search becomes so slow that you then complain that you are not getting your email in a timely fashion.

Word filters are no way to deal with spam, they are very inefficient.

[craigt]

I've received hundreds if not thousands of the "Jolie" trojans recently and don't really pay them any special attention -- they're reported as spam along with the rest of the crap.

A "subject line reader" would be pretty much useless except for the very short term; the subject line sent would mutate as always to something else that had been in recent news to entice the unwary to open the thing. So then you would have the task over the long term of sorting out every phrase possible in the English language and marking them as spam (and possibly the Spanish, German, and Russian language spams that I've been getting).

[cherrick]

"Word filters are no way to deal with spam, they are very inefficient".

Remarkable. Especially since the filters SpamCop enables you to build are ... wait for it ... word filters.

Good grief.

[rconner]

Would it really be that hard to tweak CESmail?

In my experience as a longtime SC user, SC tends to look a the SOURCE of a message, not its CONTENT, in order to judge whether the message is spam. There's now a SpamAssassin filter in SC that I think probably does a bit of content analysis, but most of the spam is nailed by blocklist lookups on source IPs.

What you are suggesting is actually a bit of a step back in time to the days when we scanned mail for content in order to judge it to be spam. Maybe it would not be hard to create an "Angelina Jolie" filter, or maybe it would be, but I'm afraid that Ms. Jolie would have to get in line behind dozens or hundreds of keywords that people would also want blocked in this way ("viagra," "rolex," "diploma," etc.).

This kind of filter is also notoriously short-lived. Let's say we create a filter that nails "Angelina Jolie" (er, that didn't sound right), so next week the spammer switches to "anjelina j0lie" so I have to take time to add another clause to my filter. Perhaps you can see where this would be a gigantic sink for programming labor, most of which would be rendered pointless when the spammer stops using the particular trick that we've just written the code to block.

-- rick

Remarkable. Especially since the filters SpamCop enables you to build are ... wait for it ... word filters.

Perhaps you are confusing the user-defined filtering offered by the SC webmail interface (Squirrelmail or whatever) with the filtering actually used by the SpamCop engine (which as I noted above is based mainly on blocklist queries). You do have some latitutde in tuning these filters, and even adding a whitelist and a blacklist, but as far as I know you cannot add "Angelina Jolie" rules or the like.

-- rick

[StevenUnderwood]

Remarkable. Especially since the filters SpamCop enables you to build are ... wait for it ... word filters.

And those ONLY work inside of Webmail and are not very efficient. SpamCop primarily uses various blocklists and SpamAssassin to mark messages as spam... I have never needed anything more as I receive less than 5 a week that are missed.

You can create your own filter to do what you ask, why don't you do it... and then you need to support it for yourself.

[Miss Betsy]

The basic problem with content filters has already been pointed out. In addition, they often catch legitimate email - the problem, for instance, with sending a chicken breast recipe to someone who is filtering for porn spam.

Spamassassin does use some content filtering which reduces the amount of 'new' spam sources showing up in spamcop email inboxes.

But, on the whole, the only effective way to filter spam is by IP address.

Miss Betsy

[Farelf]

The basic problem with content filters has already been pointed out. In addition, they often catch legitimate email - the problem, for instance, with sending a chicken breast recipe to someone who is filtering for porn spam....

Exactly so - content, even 'bad word' (singular), filters produce unexpected results = false positives. Already related but bears reiteration, I had a message to corporate client blocked for days because I used the standard abbreviation for 'cumulative' in the text. They whitelisted me, worked out the problem and I stopped using that abbreviation (JIC) but what a waste of time and energy.

[cherrick]

The basic problem with content filters has already been pointed out. In addition, they often catch legitimate email ...

I'm pretty sure that if it says "Angelina Jolie" in the Subject: line it's not legitimate email. And if it is (goodness forbid) and it ends up in Held Mail, well then whitelist the sender.

[turetzsr]

I'm pretty sure that if it says "Angelina Jolie" in the Subject: line it's not legitimate email. And if it is (goodness forbid) and it ends up in Held Mail, well then whitelist the sender.

...So we've come full circle:

Short of building my own filter, isn't there some way to get the SpamCop system to automatically move emails with "Angelina Jolie" in the Subject: line to Held Mail?

...Is there any point in continuing this discussion? It seems to me we've pretty much exhausted the topic and anything anyone here can contribute that's of any value has already been said. I'd say your next stop is JT (J.T.) or Trevor (trevorb) (see SpamCop's System & Active Staff User Guide), as they are the SpamCop e-mail admins.

...Although I'm inclined to close this thread, I'll leave it open (at least for a while) just in case.

[Miss Betsy]

I have one more question. Is the OP reporting these spams? The whole purpose of spamcop is to report spam so that the IP addresses are entered on the spamcop blocklist. Some reporters only report spam that makes it to their inbox.

If she is reporting these spam and they are not eventually getting blocked, then there is something else happening here.

I don't know much about the spamcop email filters, but can't you choose other blocklists to use? I think I have read that some bots time their spam runs so that the IP address has aged off the spamcop blocklist, but there are blocklists that list bot IP addresses indefinitely. Using another blocklist in conjunction with the spamcop blocklist would effectively send these spam to Held mail, I believe, if that is why they aren't going to Held mail.

Another reason that one reporter can't get an IP address blocked is because only she is getting the spam. Usually that's because she has had a prior connection with whomever is sending the spam. That's not likely with this subject line. Since this one apparently tries to infect, perhaps someone she has whitelisted is infected.

I haven't gotten any of this particular spam, but there are some that seem to regularly evade filters - particularly 419. Someone once told me that the reason the 419 ones are not always caught is they come through real email addresses through real email servers which don't catch them as spam because they send them one (or a very few) at a time. They can afford the time because of the huge reward when they catch a fish. As soon as the first report comes in, the legitimate service shuts them down, but there is time to have caught something. But, if that's the case here, then the OP should find that having an obvious subject line is a bonus to pick them out and report them so they are closed down.

I can't think of other reasons why the OP would be bothered by this type of spam going to her inbox and other reporters are not.

The solution the OP is looking for is to get these kind of spam to go to her Held mail. Most of the posters have pointed out that content filters are a pain to maintain and implied that spamcop email administration is not likely to implement them. So, if this is a common problem (that spam with this subject line is not being caught by the DNSBLs and spamassassin), then how are the spammers avoiding getting caught by DNSBLs and spamassassin)? If it is not a common problem, then why is only the OP getting them?

There is little point in arguing any longer about content filters. The OP doesn't understand from the other posts why spamcop doesn't have content filters available and doesn't use them (except for spamassassin which does use some content to filter). However, she still has a problem. Her solution wouldn't work probably, but perhaps there are other solutions - including, at the least, satisfaction at being able to report them.

Miss Betsy

[rconner]

If she is reporting these spam and they are not eventually getting blocked, then there is something else happening here.

It occurred to me to point that out, that reporting to SC might help get the offending addresses on the BL so that the spam will be detained by SpamCop.

I don't know much about the spamcop email filters, but can't you choose other blocklists to use? I think I have read that some bots time their spam runs so that the IP address has aged off the spamcop blocklist, but there are blocklists that list bot IP addresses indefinitely. Using another blocklist in conjunction with the spamcop blocklist would effectively send these spam to Held mail, I believe, if that is why they aren't going to Held mail.

Might be worthwhile to try. In my profile (acessed thru webmail) I see that I have enabled SCBL Spamhaus SBL, and three of the country-oriented blocklists (S. Korea, PRC, Nigeria). I could also turn on CBL, as well as XBL and PBL. The latter two might be more punitive toward botnet or zombie spam, and might have longer listing times than SCBL, but I don't know for sure.

Another reason that one reporter can't get an IP address blocked is because only she is getting the spam. Usually that's because she has had a prior connection with whomever is sending the spam. That's not likely with this subject line. Since this one apparently tries to infect, perhaps someone she has whitelisted is infected.

I've gotten a lot of Jolie spam, but not consistently (much of it may be deleted by my ISP's filter, before it reaches even SpamCop let alone my inbox. I forget what it was promoting, but whatever it was had nothing to do with Jolie. Probably more penis spam, if I had to guess.

I haven't gotten any of this particular spam, but there are some that seem to regularly evade filters - particularly 419. Someone once told me that the reason the 419 ones are not always caught is they come through real email addresses through real email servers which don't catch them as spam because they send them one (or a very few) at a time. They can afford the time because of the huge reward when they catch a fish. As soon as the first report comes in, the legitimate service shuts them down, but there is time to have caught something. But, if that's the case here, then the OP should find that having an obvious subject line is a bonus to pick them out and report them so they are closed down.

Indeed, the 419ers send their mail via webmail hosts, and webmail operations don't normally (or at least aren't supposed to) end up on blocklists. I don't think they are bulk-mailing in a traditional sense

I can't think of other reasons why the OP would be bothered by this type of spam going to her inbox and other reporters are not.

I used to get ticked off by particular varieties of spam, but after the first 50,000 or so I've just decided that it is all crap. I report it and move on to the next item on the agenda.

The solution the OP is looking for is to get these kind of spam to go to her Held mail. Most of the posters have pointed out that content filters are a pain to maintain and implied that spamcop email administration is not likely to implement them. So, if this is a common problem (that spam with this subject line is not being caught by the DNSBLs and spamassassin), then how are the spammers avoiding getting caught by DNSBLs and spamassassin)? If it is not a common problem, then why is only the OP getting them?

I see in Webmail that there is a button under the message display that you can click for "Report as spam." Don't know what it does (I don't want to test it as I have no spam in the queue there), but if it simply passes the message back to the parser to be reported, this might be a relatively painless solution to the problem.

-- rick