Quote from: Mad

Perhaps it depends on the level at which you have PN's spam filter set - ours is set at 3, which still catches some genuine mail from addresses that we haven't yet added to the whitelist.

My level is at whatever the default was when I joined Postini, presumably the lowest level. I run a small, but international, home business and have to be able to accept emails from all over the world and from all sorts of people - so I'd be worried about raising the level because I would likely then lose genuine messages.

Plusnet, with the help of PUG, are currently analysing the X-pstn-filter: header to ensure that the minimum of false positives would be identified if they incorporated this check into the Exim configuration.
This would mean that any 'new' spam barrage, such as the CNN one, (and the Adsense one before, and the Wonderxxx before that) could be identified very quickly and automatically blocked.
B.

Quote from: Bookman

My level is at whatever the default was when I joined Postini, presumably the lowest level. I run a small, but international, home business and have to be able to accept emails from all over the world and from all sorts of people - so I'd be worried about raising the level because I would likely then lose genuine messages.

I check webmail morning and evening at least (more on days I'm not at work) to retrieve anything genuine from our spam folders, having set stuff identified as spam to be sent there but unmarked so when I 'release' genuine emails they don't go straight into the spam folders on our computers!
Why not take a look at your spam settings here https://portal.plus.net/my.html?action=myemail ->'manage my mail' -> 'spam'?

This current nonsense is just one more example of why I find the postini service more than a bit of a joke. I have absolutely stacks of these and virtually all of them, despite being quite clearly and 100% obviously blatant spam that is VERY easily detectable as such, by far the vast majority have spam scores of (or approaching) 99.9%.
Yes, I know that postini have another iffy mechanism for filtering these out until such time as they actually get around doing something close to a half-decent job with the normal filters but PN has always ignored these other mechanisms despite their existence being brought to their attention several times. Having said that, historically, the indications are that PN using another postini fudge is just going to mean yet more genuine mail going AWOL and/or being classified as spam in my case unfortunately because, like the normal filters, they're simply not good enough at detecting 100% genuine mail erroneously classified as spam ... that is if they even bother to try to of course.
What really grinds here is the simple fact that the CNN spams are pretty much identical in construction and content to many of the 100% genuine emails that postini decides that I cannot receive. There is some general text followed by several instances of a line of text and a URL and unsub info/links etc. at the end. Just about identical to, say, the regular genuine emails from Argos (*) which postini automatically classify as spam at best or simply refuse on receipt at worst. In fact, unlike the Argos mails which come from a genuine IP and sender address connected with Argos and contain genuine links to genuine Argos servers, the CNN spams are quite blatantly spam of course because they don't even come from an IP or sender address that is even remotely connected to CNN or contain genuine URLs to CNN related servers either !!
However, all of these CNN spams are getting near-perfect spam scores whereas the Argos genuine mails are getting near-zero spam scores. How strange but no doubt quite deliberate as it's a similar story for various other major US organisations such as yahoo, MS etc. all of which supports my long-standing theory that postini is very much more careful not to mess up some genuine messages from some (primarily US) organisations but has a blatant disregard for the vast majority of others and for UK/EU organisations in particular.
Take this message for example,

Quote

Return-path: <gbounce-7053301368-7081-700077033-1217532301323@bounce.email-argos.co.uk> Envelope-to: argos@My_Postinied_Account.plus.com Delivery-date: Thu, 31 Jul 2008 20:26:59 +0100 Received: from exprod5mx213.postini.com ([64.18.0.72] helo=psmtp.com)   by pih-sunmxcore19.plus.net with smtp (Plusnet MXCore v2.00) id 1KOdne-0003Go-2j   for argos@My_Postinied_Account.plus.com; Thu, 31 Jul 2008 20:26:59 +0100 Received: from source ([195.140.186.64]) by exprod5mx213.postini.com ([64.18.4.10]) with SMTP; Thu, 31 Jul 2008 12:26:55 PDT Received: from app22.muc.ec-messenger.com (app22.muc.ec-messenger.com [172.16.8.52]) by mta90-2.muc.ec-messenger.com (READY) with ESMTP id 4ECA8180031FB for <argos@My_Postinied_Account.plus.com>; Thu, 31 Jul 2008 21:25:01 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email-argos.co.uk; s=ecm1; t=1217532301; bh=ap+ve+1A82utFIfA6NSo7GA2rHlndTjP3FOtC/VfHR 8=; h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version: Content-Type; b=hOtszauRGM0D8NcKTgfO9rlxPBhIDuqBGf8UuIWh8oWsqOAgli 5HH/ApCgAqLclw2G00UtRYNU2xCIDlm12mKwPZivLlhP7kXr06cw50PsXNlrhQDasg4 DKSzcSSQHYlGZJhssXeqReWWqDtqpZNTbhXWf/wyVoxmPKWVGzLwTU= DomainKey-Signature: a=rsa-sha1; s=ecm1; d=email-argos.co.uk; c=nofws; q=dns; h=date:from:reply-to:to:message-id:subject:mime-version: content-type:x-ec-messenger-mid:x-ec-messenger-cid: x-ec-messenger-sender-domain:x-ec-messenger-ip:x-mailer:x-ec-messenger-email; b=jJvTR98Jp9xk/ZBKchF24W/cUPlmlFK5L9ZPUiHdQdtNSO/tuhuSayszosbe9d5h+ dDfgOlsG96CwCbaJCyoyLOCHr+oSO2xHHeCL668fpxpfqh3/mufgQViN3YoFs4ytR0F MmzdvmZ3oJ/hA6fr1LsF1eY1Uhj0CayV1zme7JM= Date: Thu, 31 Jul 2008 21:25:01 +0200 (CEST) From: Argos <argos@email-argos.co.uk> Reply-To: Argos <smartlve@argos.co.uk> To: argos@My_Postinied_Account.plus.com Message-ID: <10651427.159456071217532301323@ecmessenger> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_5660121_17977383.1217532301321" X-eC-messenger-mid: 700077033 X-eC-messenger-cid: 7081 X-eC-messenger-sender-domain: bounce.email-argos.co.uk X-eC-messenger-IP: 9/DEFAULT X-Mailer: eC-Messenger : v5_02r4 X-eC-messenger-email: argos@My_Postinied_Account.plus.com X-pstn-neptune: 19/14/0.74/36 X-pstn-levels: (S: 0.01960/98.11394 CV:99.0000 ) X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 X-pstn-addresses: from <argos@email-argos.co.uk> [db-null] X-pstn-neptune-cave-rslt: qtine X-pn-pstn: Spam 1 X-PN-Spam-Filtered: by Plusnet MXCore (v4.00) Subject: Enjoy the outdoors with our great value offers and price cuts X-Agent-Received: from PN POP My_Postinied_Account (mail.plus.net); Thu, 31 Jul 2008 21:35:44 +0100 X-Agent-Junk-Probability: 0 ======================================================= The Gos Must haves, special offers and hot off the press deals (just between us). http://email-argos.co.uk/re?l=bkt2w9I38ncq60I0 ======================================================= ======================================================= SEASONAL OFFERS Take advantage of our great value seasonal offers and price cuts Have fun and enjoy the great outdoors this summer Whether you want to kick back and relax or get active with the kids, we have it all at Argos ======================================================= Click here to see our great range of outdoor living products http://email-argos.co.uk/re?l=bkt2w9I38ncq60I1 ------------------------------------ Click here to see our great range of outdoor toys http://email-argos.co.uk/re?l=bkt2w9I38ncq60I2 ------------------------------------ =================================================================== WIN £10,000 Take part in the ARGOS CATALOGUE CHALLENGE Pick up the new Argos Catalogue for a chance to WIN £10,000 Click here http://email-argos.co.uk/re?l=bkt2w9I38ncq60I3 =================================================================== =================================================================== Feeling the heat? Click here to see our full range of air conditioning, coolers and fans http://email-argos.co.uk/re?l=bkt2w9I38ncq60I4 ========================================= ========================================= SEND THIS EMAIL TO A FRIEND. CLICK HERE: http://email-argos.co.uk/re?l=bkt2w9I38ncq60I5&req=gid%3D700000494%26mid%3D700077033%26referredURL%3... ========================================= Delivery Standard/next day delivery charge is £5.95. Saturday delivery charge only £8.90. Why this email was sent This email was sent to you by Argos Limited because you gave us your email address along with permission to contact you. If you require further information please click here to view our terms and conditions: http://email-argos.co.uk/re?l=bkt2w9I38ncq60I6 Email delivery At Argos we never send out unsolicited emails. To make sure news of all our latest products, sales and offers reaches your inbox, please add argos@email-argos.co.uk to your contacts or buddy list. Privacy Policy We want you to feel confident about the privacy of your personal information, so all the details we hold on you are protected by our strict Argos Privacy Policy: http://email-argos.co.uk/re?l=bkt2w9I38ncq60I7 See our Security Pages for more details on how we make online shopping secure: http://email-argos.co.uk/re?l=bkt2w9I38ncq60I8 Contact us Please do not reply to this email. If you wish to contact us about this email or any other matter please contact customer services. Click here: http://email-argos.co.uk/re?l=bkt2w9I38ncq60I9 Unsubscribe If you want to unsubscribe from the Argos email newsletter, just click here: http://email-argos.co.uk/public/unsubscribe.jsp?gid=700000494&uid=7053301368&mid=700077033&sig=MFHBC... But you will miss out on all the latest products, offers and competitions. This is an email from Argos Limited. Registered in London (Company Number: 1081551). Registered Office: Avebury, 489-499 Avebury Boulevard, Milton Keynes, Buckinghamshire MK9 2NW. VAT Registration Number: GB 145 8990 25

Not the most important of messages I would agree but not exactly dissimilar to the CNN spams that come sailing straight through classified as 100% genuine either is it ? I mean, it even uses the Domain Keys system as well and yet still gets an unreasonably low score if not getting rejected on receipt. How strange that very similar style messages from CNN or Yahoo et al come straight in with the postini seal of approval eh ? I wonder if that's because Mr.CNN and Mr.Yahoo (amongst others) would be straight on the 'phone to Mr.Lawyer to claim 'n' Billion dollars in compensation if postini tried to screw up their business in the same way as they do for the great many other (particularly non-US) companies or organisations that postini absolutely refuse to handle messages sensibly for 
Can you imagine what Mr.CNN for instance would have to say if postini started rejecting all their genuine messages to subscribers ? Can you imagine how they would react to postini suggesting that "sorry but it's just one of those things and all your subscribers need to make other arrangements or whitelist the various IPs and addresses because there's nothing we can do about it" or something similar ?  They'd soon tell Mr.Postini to **** off and get it sorted like NOW or we'll see you in court I reckon !!

(*) I only mention Argos as an example not because it's particularly important but because postini has always refused or incorrectly classified these mails and despite the problem being reported at day 1, nothing has really changed since then. They are by no means the only example of a 100% genuine UK/EU company trying (and failing) to send 100% genuine messages to 100% genuine customers who have subscribed to such messages. postini is effectively preventing them from contacting their customers in an appropriate manner and is making absolutely no effort to resolve the known problems with their poor filtering. 

It would be a simple process to stop messages with the words 'Daily Top 10' being downloaded if there were message filters, but Plusnet email set-up only seems to allow blocking from specific addresses which is no good for most spam as the originating address is different every time. You can do this sort of filtering with other email companies, but I can't find anywhere to do this on Plusnet.

@mikeb
Quite agree with you Mike, I posted here recently again criticising this lack of checking genuine sender addresses. I expect you've read the rest of the thread.  Postini / PN's answer is to whitelist which is all very well if you know who is sending you a mail and it is going to get treated as spam, which you may not discover for weeks if it is only an occasional contact, certainly no good for business.
As a number of people on this forum have posted many of their mails may just consist of a bit of text and a link.
A lot of spam comes from non-existant addresses at non-existant domains in conjunction with a lot of predictable subject lines. I know that spam filtering rules are not easy to set up, but this is now getting beyond a joke. I'm even coming to the conclusion that maybe DSPAM did it better!?
I had to turn off the edge filter as a lot of my regular mail was goung AWOL. I'm lucky not to get bucket loads of spam as some poor people, but things seem to have got worse not better since the start of the postini trial (apart from the period ~mid-Jan - ~start April)

Difficult to disagree, but I think part of the problem is the number of people who complain about advertising emails instead of unsubscribing. Postini seems geared up to identify all sales pitches as spam, leaving it to users' whitelists to determine whether they are 'unsolicited' or not.  Argos haven't helped their case by including this:

=========================================
SEND THIS EMAIL TO A FRIEND. CLICK HERE:
http://email-argos.co.uk/...%26sig%3DADBCDDKICGFDDAIC
=========================================

Anybody interested in the future of email is going to shudder at this!
The latest ploy by real spammers is to make sure their content is 'news' and not advertising. Spam filters are always playing catch-up.

For what it is worth there have been no CNN Daily Top 10 spam delivered to accounts here.  Checking via postini there are a heap of them that have been quarantined, the first dated/timed before the start of this thread - so postini is certainly doing something right.
Envelope From:
Envelope To:
Content-Type: multipart/alternative; boundary="888otwjmy521"
Date: Mon, 4 Aug 2008 15:56:10 -0500
From: "Daily Top 10"
MIME-Version: 1.0
Message-ID: <20080801155902.cnn-dailytop10@mail.cnn.com>
Received: from source ([201.233.153.102]) by exprod5mx232.postini.com ([64.18.4.13]) with SMTP; Mon, 04 Aug 2008 16:56:11 EDT
To: xxxx@yyyy.plus.com
X-Job: 20080801155902.cnn-dailytop10.6466
X-Mailed-To: xxxx@yyyy.plus.com
X-PSTN-Addresses: from [db-null]
X-PSTN-Disposition: quarantine
X-PSTN-Levels: (S:71.78846/99.90000 CV:99.0000 )
X-PSTN-Neptune: 457/438/0.96/72
X-PSTN-Settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1
X-PSTN-Xfilter: y
X-To: cnn-dailytop10#*#xxxx@yyyy.plus.com
bobp

Hi, bobp, do I gather that you have opted for Postini quarantine?  The reason Postini has quarantined the cnn spams is shown by the X-PSTN-Xfilter: y header.  But Plusnet is ignoring this header at the moment because they're worried about it catching genuine emails.
Do you get false positives in your quarantine and, if so, could you check their headers to see if they are getting this X-PSTN-Xfilter: y ?

Yes I have opted for Quarantine.  Very, very few false positives.  I click to Deliver in postini.  Because there are so few it is hard to go back to them all once they are delivered, but in none of those that have been delivered is X-PSTN-Xfilter: y in the header.  AT LEAST not once I have asked for them to be delivered.  I will have to check the header pre-delivery the next false positive, and I don't know how long that will be.
The most recent false positive was:
Return-path: <team@waterstones.chtah.com>
Envelope-to: xxxx@yyyy.plus.com
Delivery-date: Wed, 06 Aug 2008 15:49:52 +0100
Received: from exprod5mo1.postini.com ([64.18.0.128] helo=exprod5mo105.postini.com)
  by pih-sunmxcore15.plus.net with esmtp (PlusNet MXCore v2.00) id 1KQkKk-0001Wh-1j
  for xxxx@yyyy.plus.com; Wed, 06 Aug 2008 15:49:51 +0100
Received: from postini.com (exprod5mc126.postini.com [64.18.0.238])
by exprod5mo105.postini.com (Postfix) with ESMTP id 3F6F04E56B2
for <xxxx@yyyy.plus.com>; Wed,  6 Aug 2008 07:49:49 -0700 (PDT)
Received: from source ([66.165.100.123]) by exprod5mx217.postini.com ([64.18.4.13]) with SMTP;
Mon, 04 Aug 2008 08:32:26 EDT
Date: Mon, 4 Aug 2008 12:32:48 -0000
Message-ID: <bvqp27aakhzmzcaxsy5paae96zbd1p.1629211388.4661@mta122.waterstones.chtah.com>
List-Unsubscribe: <mailto:rm-0bvqp27aakhzmzcaxsy5paae96zbd1p@waterstones.chtah.com>
From: =?iso-8859-1?q?Waterstone's?= <team@waterstones.chtah.com>
To: xxxx@yyyy.plus.com
MIME-Version: 1.0
Reply-To: =?iso-8859-1?q?Waterstone's?= <support-bvqp27aakhzmzcaxsy5paae96zbd1p@waterstones.chtah.com>
Content-type: multipart/alternative; boundary="=bvqp27aakhzmzcaxsy5paae96zbd1p"
X-pstn-neptune: 53/11/0.21/35
X-pstn-levels:    (S: 0.02137/98.42916 CV:99.0000 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1
X-pstn-addresses: from <team@waterstones.chtah.com> [db-null]
X-pstn-disposition: quarantine
X-PN-Virus-Filtered: by PlusNet MXCore (v4.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v4.00)
Subject: =?iso-8859-1?q?Great_savings_on_this_summer's_new_releases?=
bobp

I retrieve my PN mail by POP3 from my gmail account. Gmail is intercepting these CNN mails and placing it in my spam folder. Here is a messge from Gmail ---
The message "CNN.com Daily Top 10" from Daily Top 10 (dist{vin_1962@tonnerre-sa.fr) contained a virus or a suspicious attachment. It was therefore not fetched from your account ************ and has been left on the server.
If you wish to write to Daily, just hit reply and send Daily a message.
Thanks,
The Google Mail Team

Dev, AFAIK gmail uses Postini too, so you'd expect the cnn spams to be getting caught.
bobp's most recent false-positive got a bulk filter score of S: 0.02137 -- treated as spam by Postini like a lot of commercial mailings.  From memory, I think  X-pstn-xfilter: y only gets added to the headers if the email passes the bulk filter, but Postini wants to quarantine it for some other reason.
I think Plusnet should be marking anything with that header as spam, but we'll need to be sure doing that won't add much to the problem of false positives.

Since putting a filter on my Mac's Mail earlier today to direct anything with X-Pstn-Xfilter: y in its header to a special folder, the CNN stuff is all that's been caught. No false positives with the 'y', only 'Spam 1' which I retrieved from the Spam folders.

Thanks, that's useful information.
Are you able to run the filter retrospectively on your Mac Mail Inbox to check if you have any older (legitimate) mail with the Xfilter header?
David