[BlueOnyx:24195] Re: AVSpam

Ken Hohhof khohhof at kwom.com
Wed Aug 19 09:05:56 -05 2020 

I find it interesting that we expect our ISP or hosting provider to screen
our mail for us, but don't expect the post office to do the same.

 

People are lazy.  They should be willing to just delete a certain amount of
unwanted mail.  And to use a "throwaway" email account for all those things
that don't need their permanent email address but that get them on spam
lists.  And if their past behavior has led to an intolerable level of spam
despite the effort of spam filters, the only answer may be to change their
email address.

 

Spam filtering is a damned-if-you-do, damned-if-you-don't affair, customers
complain about false positives and false negatives.  And it's a constant
battle between filtering software and the spammers.  Whatever the filtering
community does, they counter with techniques like image spam and word salad.
I see email accounts that get 1000 spam emails per day.  If a spam filter
blocks 95% of the spam with negligible false positives, 50 unwanted emails
per day still get through.  At that point, manual deletion risks
accidentally deleting an important email, and the email address may be
hopelessly tainted, the spammers are not going to stop.  On the other hand,
some customers will complain about having to delete 5 spam messages per day.
Get over it!  Just delete them, be happy you're not the guy with a 10 times
worse problem, and stop using your permanent email address to confirm hotel
reservations and package shipments, use a throwaway address for those.

 

The type of spam you are encountering may require IP address blocklists, but
that's a very crude technique, especially since a lot of spam these days is
sent through legitimate mailservers using authenticated SMTP and compromised
email credentials.  From a Bayesian filter's perspective, how does it know
you don't want Chinese language emails?

 

If this is a company, not personal account, I see many companies outsourcing
their spam and malware filtering to a service like Microsoft or Barracuda.
These likely have a big enough customer base to constantly update both their
Bayesian and IP reputation databases.  They can still flow the mail to their
regular hosted mailserver.

 

 

From: Blueonyx <blueonyx-bounces at mail.blueonyx.it> On Behalf Of Richard
Sidlin
Sent: Wednesday, August 19, 2020 8:08 AM
To: 'blueonyx at mail.blueonyx.it' <blueonyx at mail.blueonyx.it>
Subject: [BlueOnyx:24194] AVSpam

 

One of my clients seems to be getting a lot of obvious spam but it's not
being seen as spam by the software. I detail part of the headers from one
below. It is mainly in Chinese with the senders name forged and is quite
obviously spam. Are there any further settings I can change to eliminate
more of this junk?

 

Thanks 

 

 

Received: from pop1.helpinternet.co.uk (192.168.200.90) by

WIN-QIQN22G6LHP.helpinternet.com (192.168.200.1) with Microsoft SMTP Server

(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.1.1034.26 via Frontend Transport; Tue, 18 Aug 2020 19:14:11 +0100

Received: from wrqvrtcx.outbound-mail.sendgrid.net

(wrqvrtcx.outbound-mail.sendgrid.net [149.72.87.202]) by

pop1.helpinternet.co.uk (8.15.2/8.15.2) with ESMTPS id 07IIEXrw464121

                (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NO) for

<alister.xxxx at xxxx.co.uk <mailto:alister.xxxx at xxxx.co.uk> >; Tue, 18 Aug
2020 19:14:35 +0100

Received: by filter0410p1iad2.sendgrid.net with SMTP id

filter0410p1iad2-32474-5F3C1A88-D        2020-08-18 18:14:32.749396382 +0000

UTC m=+85512.410289618

Received: from service.com (unknown) by ismtpd0008p1maa1.sendgrid.net (SG)

with ESMTP id O8IISi4gTSm0UkF2jKkTUA             for
<alister.xxxx at xxxx.co.uk <mailto:alister.xxxx at xxxx.co.uk> >; Tue, 18

Aug 2020 18:14:31.838 +0000 (UTC)

From: xxxx.co.uk <passport at service.com <mailto:passport at service.com> >

To: Alister xxxx <alister.xxxx at xxxx.co.uk <mailto:alister.xxxx at xxxx.co.uk> >

Subject: =?utf-8?B?4p224pyJIOaCqOaciVsxMl3kuKrmnKrpgIHovr7pgq7ku7Y=?=

Thread-Topic: =?utf-8?B?4p224pyJIOaCqOaciVsxMl3kuKrmnKrpgIHovr7pgq7ku7Y=?=

Thread-Index: AQHWdYtfUbtLMTVjw0iRvqvDemCwEQ==

Date: Tue, 18 Aug 2020 18:14:32 +0000

Message-ID: <20200818111431.32A593EF0D4A7496 at service.com
<mailto:20200818111431.32A593EF0D4A7496 at service.com> >

Content-Language: en-GB

X-MS-Exchange-Organization-AuthSource: WIN-QIQN22G6LHP.helpinternet.com

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

x-spam-status: No, score=4.7 required=5.0 tests=BAYES_00,DCC_CHECK,

 
DKIMWL_WL_MED,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,FSL_BULK_SIG,

 
HEADER_FROM_DIFFERENT_DOMAINS,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,

 
MIME_HTML_ONLY,RATS_SPAM,RCVD_IN_BL_SPAMCOP_NET,SPF_HELO_NONE,SPF_PASS,

                TXREP,UNPARSEABLE_RELAY,URIBL_BLOCKED autolearn=no
autolearn_force=no

                version=3.4.2

Content-Type: multipart/alternative;

                boundary="_000_2020081811143132A593EF0D4A7496servicecom_"

MIME-Version: 1.0

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20200819/5d1193ca/attachment.html>

More information about the Blueonyx mailing list