<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal>I find it interesting that we expect our ISP or hosting provider to screen our mail for us, but don’t expect the post office to do the same.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>People are lazy. They should be willing to just delete a certain amount of unwanted mail. And to use a “throwaway” email account for all those things that don’t need their permanent email address but that get them on spam lists. And if their past behavior has led to an intolerable level of spam despite the effort of spam filters, the only answer may be to change their email address.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Spam filtering is a damned-if-you-do, damned-if-you-don’t affair, customers complain about false positives and false negatives. And it’s a constant battle between filtering software and the spammers. Whatever the filtering community does, they counter with techniques like image spam and word salad. I see email accounts that get 1000 spam emails per day. If a spam filter blocks 95% of the spam with negligible false positives, 50 unwanted emails per day still get through. At that point, manual deletion risks accidentally deleting an important email, and the email address may be hopelessly tainted, the spammers are not going to stop. On the other hand, some customers will complain about having to delete 5 spam messages per day. Get over it! Just delete them, be happy you’re not the guy with a 10 times worse problem, and stop using your permanent email address to confirm hotel reservations and package shipments, use a throwaway address for those.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The type of spam you are encountering may require IP address blocklists, but that’s a very crude technique, especially since a lot of spam these days is sent through legitimate mailservers using authenticated SMTP and compromised email credentials. From a Bayesian filter’s perspective, how does it know you don’t want Chinese language emails?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>If this is a company, not personal account, I see many companies outsourcing their spam and malware filtering to a service like Microsoft or Barracuda. These likely have a big enough customer base to constantly update both their Bayesian and IP reputation databases. They can still flow the mail to their regular hosted mailserver.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Blueonyx <blueonyx-bounces@mail.blueonyx.it> <b>On Behalf Of </b>Richard Sidlin<br><b>Sent:</b> Wednesday, August 19, 2020 8:08 AM<br><b>To:</b> 'blueonyx@mail.blueonyx.it' <blueonyx@mail.blueonyx.it><br><b>Subject:</b> [BlueOnyx:24194] AVSpam<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-GB>One of my clients seems to be getting a lot of obvious spam but it’s not being seen as spam by the software. I detail part of the headers from one below. It is mainly in Chinese with the senders name forged and is quite obviously spam. Are there any further settings I can change to eliminate more of this junk?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>Thanks <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>Received: from pop1.helpinternet.co.uk (192.168.200.90) by<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>WIN-QIQN22G6LHP.helpinternet.com (192.168.200.1) with Microsoft SMTP Server<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>15.1.1034.26 via Frontend Transport; Tue, 18 Aug 2020 19:14:11 +0100<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>Received: from wrqvrtcx.outbound-mail.sendgrid.net<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>(wrqvrtcx.outbound-mail.sendgrid.net [149.72.87.202]) by<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>pop1.helpinternet.co.uk (8.15.2/8.15.2) with ESMTPS id 07IIEXrw464121<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><<a href="mailto:alister.xxxx@xxxx.co.uk">alister.xxxx@xxxx.co.uk</a>>; Tue, 18 Aug 2020 19:14:35 +0100<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>Received: by filter0410p1iad2.sendgrid.net with SMTP id<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>filter0410p1iad2-32474-5F3C1A88-D 2020-08-18 18:14:32.749396382 +0000<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>UTC m=+85512.410289618<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>Received: from service.com (unknown) by ismtpd0008p1maa1.sendgrid.net (SG)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>with ESMTP id O8IISi4gTSm0UkF2jKkTUA for <<a href="mailto:alister.xxxx@xxxx.co.uk">alister.xxxx@xxxx.co.uk</a>>; Tue, 18<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>Aug 2020 18:14:31.838 +0000 (UTC)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>From: xxxx.co.uk <<a href="mailto:passport@service.com">passport@service.com</a>><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>To: Alister xxxx <<a href="mailto:alister.xxxx@xxxx.co.uk">alister.xxxx@xxxx.co.uk</a>><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>Subject: =?utf-8?B?4p224pyJIOaCqOaciVsxMl3kuKrmnKrpgIHovr7pgq7ku7Y=?=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>Thread-Topic: =?utf-8?B?4p224pyJIOaCqOaciVsxMl3kuKrmnKrpgIHovr7pgq7ku7Y=?=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>Thread-Index: AQHWdYtfUbtLMTVjw0iRvqvDemCwEQ==<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>Date: Tue, 18 Aug 2020 18:14:32 +0000<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>Message-ID: <<a href="mailto:20200818111431.32A593EF0D4A7496@service.com">20200818111431.32A593EF0D4A7496@service.com</a>><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>Content-Language: en-GB<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>X-MS-Exchange-Organization-AuthSource: WIN-QIQN22G6LHP.helpinternet.com<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>X-MS-Has-Attach:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>X-MS-TNEF-Correlator:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>x-spam-status: No, score=4.7 required=5.0 tests=BAYES_00,DCC_CHECK,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> DKIMWL_WL_MED,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,FSL_BULK_SIG,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> HEADER_FROM_DIFFERENT_DOMAINS,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> MIME_HTML_ONLY,RATS_SPAM,RCVD_IN_BL_SPAMCOP_NET,SPF_HELO_NONE,SPF_PASS,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> TXREP,UNPARSEABLE_RELAY,URIBL_BLOCKED autolearn=no autolearn_force=no<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> version=3.4.2<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>Content-Type: multipart/alternative;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> boundary="_000_2020081811143132A593EF0D4A7496servicecom_"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>MIME-Version: 1.0<o:p></o:p></span></p></div></body></html>