In the last two days my Spam folder has filled up with 50 blatant spam messages from Viagra and pirate software sellers, all of a type that I would expect to be bounced by Ironport's reputation based screening systems.  Until very recently only one or two spam messages a day were reaching my spam folder as I have spam filtering set at strength 5.

Have the spammers embarked on an ingenious new tack by sending traditional spam message from new sources not yet classed as having a bad reputation or has something drastic gone wrong with Ironport's reputation based screening systems?

I have also noticed a small but significant increase.

I have "Discard Obvious Spam" set to Off but "Should Spam filtering be enabled"? is set to "Yes" and at Strength 5 and up to now having "Discard Obvious Spam" set to Off brought me so little spam that I though I would leave it at Off rather than risking a genuine sender being accidentally bounced.

I strongly suspect Plusnet have inadvertently changed something in their Ironport spam filtering settings without meaning to do so.

I've certainly noticed an increase in spam in my Quarantine reports - which of course uses Ironport, but only very few got through to my email accounts on PN -

but I would be interested to read Bob's comments on Monday

I'm only a free email account user so I don't have the Quarantone option any longer and only have the online spam folder.

The spam email has not been getting through to my Inbox but my online spam folder has been filling up with oodles of spam of a very blatant kind that should just be being bounced by Ironport at the perimeter.

My spam folder has collected only 7 messages in the last two weeks (still a higher rate than normal), but 3 of these messages show as though received today, though they are from previous days. I haven't looked in detail but I assume they've managed to obfuscate the date strings to produce that behaviour (viewed with Thunderbird IMAP and webmail).

From the headers of two messages I think the spammers may have found some low-volume mail servers that I suspect were not rated at the time, but one now is - rated  'poor' and on a third-party blocklist. The other is 'neutral' which I think can mean 'unrated'. I think messages via the first mail server would now be rejected but those via the second pass through to spam checking (and both were caught there even at Level1).

Just got a Quarantine e-mail - with 76 e-mails listed, and reporting 142 in Ironport. Normally there's one or two a week!

Is it just Xmas, or is there something wrong? Nothing is actually getting past Ironport!

I've just had the same as Tigger today – slightly different numbers, but the gist's the same. Never received such a long quarantine notification before.

I haven't received any more messages since the slightly raised number I mentioned a couple of days ago. I think the spammers may have exploited newly discovered mail servers that IronPort have now blocked. Hopefully the numbers entering the Spam folder will now reduce again.

No spam got through to my Inbox.

I had an unusual number of quarantined messages this morning - mostly phishing for my Plusnet account name and password with links something like (x's replacing key parts to prevent link being followed):

http://accounts.myusername.plus.com.xxxxxxx.be/webmail/settings/noflash.php?mode=standart&id=0619063656215494345821209313744556&email=xxxx@myusername.plus.com

I've just had my first spam message for about eight months, all properly tagged and handled.  The SenderBase Reputation Filter marked it "none", so I suspect the spammers have gone in search of new servers to handle their Christmas rush.

Chris

We've not made any changes to the way we use the senderbase info. It's more than likely that the emails being sent from servers that don't yet have a bad reputation and as soon as this changes you'll stop seeing this coming through.

I am in the happy position of seeing a 20 fold increase in spam over the last week or so and despite my NEVER using the quarateen option, in amongst it, a number of emails sent from plusnet to a non existant email addy telling me I have some in my quaranteen folder.  Bless your incompetance Plusnet.

I turned on the function to discard obvious spam 11 days ago but despite this have still had another 179 blatant spam emails arrive in my online plusnet spam box in the last 11 days and turning on "Discard Obvious Spam" seems to have made no difference at all.

Before this problem started I was only getting three or four spam emails per week in my online spam folder and the new spam emails arriving are all selling various dubious pharmaceuticals or pirate software etc, etc.  That is the same old, same old type of spam but now not being bounced as coming from a server with a poor reputation by Ironport.

What has happened to Ironport when they have now not now reacted to this problem in over three weeks.  It seems that their decent techies must have all now have left them and that the company is not now interested in taking the proactive approach towards blocking spam for which it was previously justly famous.

The IronPort filters seem to be doing their job to me, the spam is being identified as such and delivered to your spam folder. I would expect any spammer to ensure their text doesn't look like obvious spam (to a computer system) since they want it to be delivered.

My spam folder collected just 8 spam messages in the last 10 days, a higher rate than 'normal' but satisfactory nevertheless.

The problem so far as I can see it is that due to the recession Ironport must have fired a load of staff responsible for running its sender reputation database so it is no longer actively updates it and hence a spammer can now get spam through to your online spam folder that was previously blocked at the initial gateway as having a bad sender reputation.

The rules for then placing the emails that get through the initial Ironport reputation based filtering gateway in to the online spam folder do seem to still be working successfully on the whole. I had a small spate of two or three spams a day getting through to my Inbox a week or so back but that seems to have now stopped.  But I see no effort being made at all by Ironport to put the new servers now being used to send out the same old spam that has been going on for years (Viagra, pirate software and bank details scams) in to the blacklisted bad sender reputation database.  This is why around 17 spams a day are now hitting my spam folder compared to only two or three before Ironport decided that it clearly cost too much money to go on properly maintaining its sender reputation database.

Or have the spammers now invented a new technique where they keep changing the servers they are sending out their bulk spam from every few hours so that Ironport can never keep up?

I may pick up more spam than some of the rest you as one of my main email addresses has been published on a number of websites (including Ofcom's) so is regularly being picked by software used by the spammers that crawls websites looking for email addresses.  Despite that I was getting almost no spam at all in even my online spam folder after Ironport was introduced until standards of maintenance of the reputation based sending database at Ironport apparently recently began to fall?