Supporting Chris's comment why are emails marked with a blatant "x-pstn-xfilter:   y" spam rating by Postini not being marked as Spam 1 (thus being detained in my online IMAP spam folder and not deposited in my Thunderbird Inbox) by Plusnet?

Why is it instead only being marked as Spam 4 by Plusnet?

Not necessarily, apparently ... I've had way more than a few spams in recent weeks that look like they're bounces but they're clearly not genuine bounces at all when you look at them in detail ! They simply appear to be real genuine spam made to look like a bounce message. My address does not appear anywhere in the message apart from as the recipient of the bounce.  I did not send the original message that is apparently being bounced (either genuinely or by way of my address being spoofed) nor does my address appear in reply-to, sender, return-path or any other fields so surely there is absolutely no way that any genuine mail system should bounce the message back to my address.  Oh yeah, and the dead giveaway in most cases of course is that the bounce doesn't come from where it claims to have come from ... it's not from a mailserver at all but often a dodgy dynamic IP somewhere else ! 

I have several others with slightly different content but again, my address appears nowhere in the message other than as the recipient of the bounce.  They sail straight through postini with a very respectable score in most cases needless to say ... in fact, a very significantly higher score than the vast majority of my genuine messages manage to achieve

My previous post omitted the actual body content at the bottom of the email which Thunderbird's Forward email command annoyingly tries to leave out.  In my opinion it is the sending of this link which is the purpose of this new style Spam format.

The attempt to present the email as a returned email from Postmaster to my email address is probably being done purely so as to try to circumvent conventional spam filtering technology.

I see this one was classified as Spam 3 rather than Spam 4.

But Postini have rated it:-

X-pstn-settings:    1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c

and

X-pstn-neptune-cave-rslt:    qtine

Why does Plusnet fail to mark such obvious Spam as being Spam 1 where it belongs?

This latest just received spam email is not masquerading as being returned mail from a Postmaster but has still reached me due to Plusnet ignoring Postini's clear x-pstn=1 and qtine ratings.  Spam 2 by Plusnet is not good enough.  This needs to be marked as Spam 1 or edge filtered by Postini.

The "X-pstn-settings:" header does NOT indicate spam level, it is the "X-pstn-levels:" that indicate the various spam scores. In the example above, the spam score was 0.22246 which warrants the PN "SPAM2" tag that it received.  However, PN did say they were going to be acting on the "neptune" results as well and if this was "quarantine" then I think they said they were going to be tagging the message "SPAM1" regardless of the spam score.

Unfortunately, it would appear that the particular neptune header that PN were (and probably still are) checking for is no longer being used by postini. I haven't seen the original and postini documented "X-pstn-neptune-rslt: qtine" header since mid January, I have only seen the completely undocumented "X-pstn-neptune-cave-rslt: qtine" header appearing in my messages.  This could well explain why messages that postini would normally quarantine have not been tagged as "SPAM1" since January ... assuming that PN did actually implement all the filtering they said they were going to of course.

Select the message and press CTRL+U which gives the entire source of the message.

Although various Plusnet staff who sometimes post in this thread have alleged that they are still taking an active interest in the evolution of the Spam tagging project the recent evidence is in fact to the contrary.

Bob has been assigned to other matters by the management of the company and in his absence there have since been no significant developments in the implementation of the rollout of the promised further spam tagging features by Plusnet.

How do I know that this is Spam Simple I never use the term webmaster

Black hole webmaster then!

Why should I, Why didnt postini find it

Here is another spam just received masquerading as a legitimately returned email.  Its obvious there is a problem but Plusnet seems to have lost all interest in trying to deal with this new spam outbreak

Note that the alleged originating email address this is being returned to, of js@grsu.by, is not my email address.

I think that's a little unfair.  There have been developments but they have not been shared with the community as a whole because they're simply not finished yet.  Certainly progress has been made and when all the development work has been signed off then it will be deployed.

B.

Whilst it's quite obvious that there is a problem, in fact there are a number of apparent problems, in all fairness to PN, there is nothing much if anything that they can do directly to resolve them.  The service is run and to all intents and purposes controlled entirely by a 3rd party - postini.  If postini screw up then the best that PN can do is whine at them.  If postini don't react to new threats in a timely manner then the best PN can do is whine at them.  If postini don't meet their own SLAs then the best PN can do is whine at them.  That's how it is when you out-source or otherwise sub-contract any manufacture or service to a 3rd party never mind something as fundamental and notoriously difficult to deal with as email.  After all, one man's spam is another man's Sunday roast so keeping everyone happy is always going to be next to impossible.

PN are no doubt having to jump through a very similar set of hoops that PN users generally tend to have to do whenever they raise a ticket if they're experiencing some problem or other.  The first hurdle being getting anyone to listen because "no one else is having problems so it must be at your end" or "yes, we know and our network engineers are looking into it" or "it's only affecting a very small number of users but we're working on it" or "have you tried rebooting all your routers" or "what about reinstalling your OS" and so on 

Having said that, there is a lot that PN could be doing to mitigate a fair few of the apparent problems but don't appear to be and yes, I would agree that it's all gone *very* quiet on the postini front for reason or reasons unknown.

However, any development work that is ongoing is unlikely to resolve some/most/all of the apparent problems in any case - it will simply hand some control of the postini system back to individual users so that they too can mess around with all the various configuration options in the same way that PN no doubt are at the mo.  If you think postini is 'broken' or doesn't quite do what you want in some way then that's just tough I'm afraid.  It's a proprietary system - take it or leave it and all that !  If you're expecting major changes or improvements then the most helpful configuration option of all will be the "OFF" button when it appears because expecting postini to resolve false negatives/positives in any way other than they currently are doing is a complete non-starter IMHO.  I can't see how there could possibly be anything in the PN implementation or controls that could help in any way in this respect ... other than the off button if you don't like how postini normally does it's stuff.  The ability to white/black list as/when required is obviously a very useful facility when used with care but has it's own set of associated potential problems of course. 

The postini service as-is is the most lenient it can be without turning fundamental bits off. The sensitivity can only be tweaked in an upwards direction.  If you choose to make it more aggressive (when that facility exists) then that also comes with it's own set of associated potential problems. You cannot make it less aggressive (in general) without turning certain aspects off although you will presumably be able to whitelist ALL your legitimate senders and blacklist ALL your spammy senders (subject to the max number of list entries being sufficient).  Which kinda begs the question why postini the service when comprehensive white/black lists could have been relatively easily implemented by PN without postini's 'help' and without the no doubt shedloads of do$h heading in a postini direction !

Edited to add: BTW, just had a quicky look and the spam detection rate on my postinied A/C so far today is down to around 80% with the total volume heading off the scale once again.  Expect some well stuffed mboxes today chaps

I'm back up to 700+ in my work Spam folder over a weekend from around a couple of dozen.

Looks like the spammers have found Postini's weaknesses.

I should probably mention that this is a lengthy post. Having said that I think I've answered most of the questions posed since I last had the chance to direct any attention at this thread.


Because it's hasn't been assigned a spam score low enough to trigger the filter. See here for more detail.


No they don't unfortunately.


We were incrementing the spam score where the X-pstn-neptune: qtine header was present as per the details here.
This would seem to have been replaced by X-pstn-neptune-cave-rslt: qtine. It's a 5 minute job to update the config but we need to be sure both headers serve the same purpose.


It's no so much a lack of interest rather a lack of time Capvermell. I spent two weeks over in South Africa towards the end of February/beginning of March and since then have unfortunately not had as much time as I would have liked for the forums.


I'm not sure that would be a very good idea. You mention that nobody would ever email a link to a Google search but I've done this myself in the past!


It shouldn't have been marked as spam as the S score was way above the thresholds used for marking.


That is odd, is anybody else seeing this?


We've actually disabled this rule Jelv.


*grabs tinfoil hat*


Sending to the notspam@ address is *not* an immediate solution. These messages are simply made available for Postini to use for training/refinement purposes. The introduction of the up-and-coming Manage My Mail improvements will no doubt help you address this issue.


This is far from a new technique. Spammers have been spoofing addresses for years.


I have a theory about this and it may explain some of the disparity between headers as reported by mikeb. Bear in mind this is a theory, so it will be interesting to see how things pan out. Whilst investigating this problem we discovered that an error had led to a number of domains being present without many of the mail filtering options enabled. This seems to have been accounts added *since*1st February. It could be that these accounts did not have BSB switched on. I'm wondering whether or not some of the unusual headers people have been seeing are those that are present in mail that's normally blocked as Blatant Spam?


Capvermell, as mikeb has said, I think you're confusing our use of the x-pstn-settings and the x-pstn-levels headers.


That info is here. The quarantine header was being used to increment the spam score by one eg. change it from Spam 2 to Spam 1.


As mentioned elsewhere Mike, this is easy enough to fix. We just need to be sure before we change anything.


The features are on our Gamma platform undergoing testing as we speak.


That's a relatively fair summary Mike.


What account Mike?


I'll take a quick look at your account to make sure there's nothing untoward.

On a final note, I think I'm going to work on a blog update about the proposed changes and when we expect them to be launched. Once published, I'm going to start a new thread with a link to this and some other helpful articles/FAQ's etc. As soon as this is done I'm going to ask the mods to lock this thread as it's almost impossible to follow from start to finish now and is most probably deterring others from contributing to the discussion.

I fully agree this thread has become somewhat lengthy.
I switched the spam on my work account (fceluk) to Inbox but found it too much work. Also my various customers on our network complained so I switched it back to Spam Folder.