cancel
Showing results for 
Search instead for 
Did you mean: 

Increased/over-zealous spam catching

Dizzley
Grafter
Posts: 275
Registered: ‎17-04-2007

Increased/over-zealous spam catching

Since Postini scanning was implemented I elected to redirect spam to a specific spam mailbox. Oh my word! So many innocuous emails are going there from addresses I never had trouble with. It seems that I'm daily adding 3 or 4 entries to my whitelist. Huh
It strikes me that if you haven't chosen the redirect option you are probably missing a shed-load of good mail being marked as spam.
All this is at the least severe setting (1). Is it me?  Wink
Pete.
22 REPLIES 22
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Increased/over-zealous spam catching

Hi Pete,
Might be worth checking the headers of some of these false positives just to make sure things are working as they should. Feel free to post the sanitised headers from a handful of these emails here and I'll be happy to offer my opinion.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

pnf
Grafter
Posts: 269
Registered: ‎07-11-2007

Re: Increased/over-zealous spam catching

Quote from: Dizzley

… All this is at the least severe setting (1). Is it me?  Wink

You're not the only one.  I have been sending emails to another PlusNet customer, some emails get through OK, some get marked as [-SPAM-].  I have no idea why some are getting marked as [-SPAM-], there doesn't seem to be any logic to it.  The Postini settings on both accounts are the default ones, the aggressiveness settings are set to 1 and spam is sent to the spam folder for each mailbox.  Genuine emails that would have previously been delivered without any problem are now being marked as [-SPAM-].  Additionally, if people aren't aware of their spam folder, and I suspect there will be some, they will certainly be missing a lot of genuine emails.
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Increased/over-zealous spam catching

Is the from address on the emails marked as spam  something@username.plus.com or something@mydomain.co.uk ?
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
pnf
Grafter
Posts: 269
Registered: ‎07-11-2007

Re: Increased/over-zealous spam catching

The subject line is tagged as [-SPAM-].  Is there something in the header that would indicate that the from address is marked as spam and if so what should I look for? 
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Increased/over-zealous spam catching

Could you post the entire headers of one marked as spam, there's various bits I'd want to look at to understand what's going on. (Edit the post to take out the user names, but do it in such a way that we can which is which - e.g. name1@username1.plus.com, name2@username2.plus.com - or if it's domains use domain1, domain 2 etc).
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
pnf
Grafter
Posts: 269
Registered: ‎07-11-2007

Re: Increased/over-zealous spam catching

Header is below:
Return-path: <user1@domain1>
Envelope-to: user2@domain2
Delivery-date: Tue, 15 Apr 2008 17:36:25 +0100
Received: from exprod5mx207.postini.com ([64.18.0.66] helo=psmtp.com)
  by pih-sunmxcore10.plus.net with smtp (PlusNet MXCore v2.00) id 1Jlo8v-0007h2-6d
  for user2@domain2; Tue, 15 Apr 2008 17:36:25 +0100
Received: from source ([212.159.14.213]) (using TLSv1) by exprod5mx207.postini.com ([64.18.4.10]) with SMTP;
Tue, 15 Apr 2008 12:36:21 EDT
Received: from [x.x.x.x] (helo=[127.0.0.1])
by ptb-relay02.plus.net with esmtp (Exim) id 1Jlo8q-0000Zc-Qy
for user2@domain2; Tue, 15 Apr 2008 17:36:20 +0100
Message-ID: <4703D975.2000202@domain1>
Date: Tue, 15 Apr 2008 17:36:21 +0100
From: name1 <user1@domain1>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: user2@domain2
References: <001c01c89e6e$7652cb50$06fea8c0@domain2>
In-Reply-To: <001c01c89e6e$7652cb50$06fea8c0@domain2>
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Plusnet-Relay: a889e2dfb7b7e90ea8064fa2130a482b
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels:    (S: 0.10480/99.29812 CV:99.9000 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1
X-pstn-addresses: from <user1@domain1> [db-null]
X-pn-pstn: Spam 1
X-PN-Virus-Filtered: by PlusNet MXCore (v4.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v4.00)
Subject: [-SPAM-] Test Message
X-EsetId: 2CD6DF25FC1A4D6843D1DF72F1401B
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Increased/over-zealous spam catching

Because that was form domain to domain it didn't get picked up as whitelisted.
Postini has scored it
X-pstn-levels:    (S: 0.10480/99.29812 CV:99.9000 )
This is below the 0.15 threshold and so was marked spam. I would suggest that because it was just a test message there wasn't enough content for it to be given a higher score.
Have you any examples of genuine (not test) emails that were marked as spam?
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
waldron
Grafter
Posts: 348
Registered: ‎28-07-2007

Re: Increased/over-zealous spam catching

Quote from: jelv
This is below the 0.15 threshold and so was marked spam. I would suggest that because it was just a test message there wasn't enough content for it to be given a higher score.

Does that imply that (genuine) short messages are liable to be flagged as spam?
pnf
Grafter
Posts: 269
Registered: ‎07-11-2007

Re: Increased/over-zealous spam catching

The message was a short message but it was a genuine message, I just changed the header to ‘Test Message’ as it was the second time that it had been sent.
The header below relates to a totally different message, not a short one but not a particularly long one either, which scores even less (a big fat zero)! 
Return-path: <user1@domain1>
Envelope-to: user2@domain2
Delivery-date: Tue, 15 Apr 2008 20:07:34 +0100
Received: from exprod5mx246.postini.com ([64.18.0.166] helo=psmtp.com)
  by pih-sunmxcore12.plus.net with smtp (PlusNet MXCore v2.00) id 1JlqVC-0000Yf-4e
  for user2@domain2; Tue, 15 Apr 2008 20:07:34 +0100
Received: from source ([212.159.14.212]) (using TLSv1) by exprod5mx246.postini.com ([64.18.4.10]) with SMTP;
Tue, 15 Apr 2008 15:07:31 EDT
Received: from [x.x.x.x] (helo=[127.0.0.1])
by ptb-relay01.plus.net with esmtp (Exim) id 1JlqV8-0003IR-FM
for user2@domain2; Tue, 15 Apr 2008 20:07:30 +0100
Message-ID: <2845FCF3.2070401@domain1>
Date: Tue, 15 Apr 2008 20:07:31 +0100
From: name1 <user1@domain1>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: name2@domain2
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Plusnet-Relay: 7cfc850f6a006ff6feebd59aa3d5fba0
X-pstn-levels:    (S: 0.00000/97.26685 CV:99.9000 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1
X-pstn-addresses: from <name1@domain1> [db-null]
X-pn-pstn: Spam 1
X-PN-Virus-Filtered: by PlusNet MXCore (v4.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v4.00)
Subject: [-SPAM-]  Checking your email via Webmail
X-EsetId: 4BG7AA17EA2D5AB4A2A3F415H2532H
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Increased/over-zealous spam catching

That looks a far better example. I suggest you PM Bob with the full unadulterated message (headers and body) for him to investigate.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
pnf
Grafter
Posts: 269
Registered: ‎07-11-2007

Re: Increased/over-zealous spam catching

jelv, I have PM’d Bob with the relevant details.  Thanks for your help.
For interest, the message contained instructions on how to access email via Webmail.  The irony of this is that it went into the Spam folder which is only accessible via Webmail!
Dizzley
Grafter
Posts: 275
Registered: ‎17-04-2007

Re: Increased/over-zealous spam catching

Hi - I've been way to busy In Real Life so here eventually are typical header from mail that used to get through and now is marked Spam.

	From: 	newsletters@techrepublic.online.com
Subject: [-SPAM-]  [TechRepublic] Fast, flexible compact graphic viewer performs many common tasks
Date: 15 April 2008 08:56:21 BST
To: techr@xxxxxx.plus.com
Reply-To: newsletters@techrepublic.online.com
Return-Path: <newsletters@techrepublic.online.com>
Envelope-To: techr@xxxxxx.plus.com
Delivery-Date: Tue, 15 Apr 2008 08:56:25 +0100
Received: from exprod5mx201.postini.com ([64.18.0.60] helo=psmtp.com) by pih-sunmxcore13.plus.net with smtp (PlusNet MXCore v2.00) id 1Jlg1e-00040k-UC  for techr@xxxxxx.plus.com; Tue, 15 Apr 2008 08:56:24 +0100
Received: from source ([216.239.114.167]) by exprod5mx201.postini.com ([64.18.4.14]) with SMTP; Tue, 15 Apr 2008 01:56:21 MDT
Received: from c17-ave-nemoe2.cnet.com ([10.15.9.79]) by alias4.c17-ave-mta4.cnet.com with ESMTP; 15 Apr 2008 07:56:21 +0000
Message-Id: <1389884314.1208246181540.JavaMail.app@c17-ave-nemoe2.cnet.com>
Mime-Version: 1.0
Content-Type: multipart/related;  boundary="----=_Part_28835987_1484093188.1208246181531"
X-Sbi: nemoe-nl
X-Nemoetrack: 3022372
X-Pstn-Neptune: 47/6/0.13/30
X-Pstn-Levels: (S: 0.14446/99.40554 CV:99.9000 )
X-Pstn-Settings: 1 (0.1500:0.0750) cv GT3 gt2 gt1
X-Pstn-Addresses: from <newsletters@techrepublic.online.com> [727/34]
X-Pn-Pstn: Spam 1
X-Pn-Virus-Filtered: by PlusNet MXCore (v4.00)
X-Pn-Spam-Filtered: by PlusNet MXCore (v4.00)


	From: 	zopalenderemail@messages.zopa.com
Subject: [-SPAM-]  Your personal Zopa email
Date: 11 April 2008 15:37:45 BST
To: zopa@xxxxxx.plus.com
Reply-To: contactus@zopa.com
Return-Path: <gbounce-931542785-9067-900187940-1207924665950@bounce.messages.zopa.com>
Envelope-To: zopa@xxxxxx.plus.com
Delivery-Date: Fri, 11 Apr 2008 15:37:50 +0100
Received: from exprod5mx245.postini.com ([64.18.0.165] helo=psmtp.com) by pih-sunmxcore16.plus.net with smtp (PlusNet MXCore v2.00) id 1JkKNx-00015z-0A  for zopa@xxxxxx.plus.com; Fri, 11 Apr 2008 15:37:49 +0100
Received: from source ([195.140.185.196]) by exprod5mx245.postini.com ([64.18.4.13]) with SMTP; Fri, 11 Apr 2008 09:37:46 CDT
Received: from app32.muc.ec-messenger.com (app32.muc.domeus.com [172.16.8.62]) by aps69.muc.ec-messenger.com (READY) with ESMTP id E89546E53EF for <zopa@xxxxxx.plus.com>; Fri, 11 Apr 2008 16:37:45 +0200 (CEST)
Message-Id: <15065604.1530071207924665950@ecmessenger>
Mime-Version: 1.0
Content-Type: multipart/alternative;  boundary="----=_Part_42739_30426555.1207924665947"
X-Ec-Messenger-Mid: 900187940
X-Ec-Messenger-Cid: 9067
X-Ec-Messenger-Sender-Domain: messages.zopa.com
X-Ec-Messenger-Ip: 9/DEFAULT
X-Mailer: eC-Messenger : v5_01r3
X-Ec-Messenger-Email: zopa@xxxxxx.plus.com
X-Pstn-Levels: (S: 0.00000/96.96317 CV:99.9000 )
X-Pstn-Settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1
X-Pstn-Addresses: from <zopalenderemail@messages.zopa.com> [380/17]
X-Pn-Pstn: Spam 1
X-Pn-Virus-Filtered: by PlusNet MXCore (v4.00)
X-Pn-Spam-Filtered: by PlusNet MXCore (v4.00)
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Increased/over-zealous spam catching

The first headers are a perfect examples of where Postini has got it right and Plusnet has got it wrong!
If you copy those headers in to http://www.postini.com/support/header_analyzer.php you will see that Postini does not think they are spam. However Plusnet don't interpret the Postini headers correctly and have decided they are spam.
If you had changed the How would you like us to deal with messages identified as spam? setting to Quarantine spam, it would have been delivered.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
ChrisL
Rising Star
Posts: 760
Thanks: 4
Fixes: 1
Registered: ‎13-12-2007

Re: Increased/over-zealous spam catching

I don't understand what you're saying, jelv  Huh
Quote
X-Pstn-Levels: (S: 0.14446/99.40554 CV:99.9000 )
X-Pstn-Settings: 1 (0.1500:0.0750) cv GT3 gt2 gt1

0.14446 < 0.1500 therefore Spam 1/Quarantine, surely?