cancel
Showing results for 
Search instead for 
Did you mean: 

Cloudmark - slow to learn?

jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Cloudmark - slow to learn?

The last couple of days I've had a load of emails saying:
Quote
Countries of interest: UK, Rep. of Ireland, Germany, Austria, Sweden
A company concerning itself with the advertising, spearheading, and production of web media projects,
we also are involved with today's green technology, recyclable items,
and alternate methods of power and are actively seeking a motivated representative from one of the countries mentioned.
Requirements:
- You need to be the proprietor of a company or willing to start a fresh company fairly fast.
- It is required that you are a citizen of a listed country.
- It is also necessary to hold a completion certificate from a reputable school of higher education.
- Your English accuracy must be pretty good as communicating back and forth for this position is important.
- A long period of good standing with a nearby or international financial entity is a definite bonus.
- Work amount will consist of 3-4 hours every day for the first two months of working and after that period of time, 2-3 hours every day.
- Contract of work between us will be one year, with a good chance of this period extending on as long as 2 years.
Your main job will detail handling receivables from sales.
Amount of pay you will receive is a percentage of the amount of product we sell.

They are correctly being marked as spam, but I would have expected Cloudmark to learn that they are blatant spam and totally block them.
(I'm wondering if the email problems are because of a deluge of this spam?)
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
21 REPLIES 21
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Cloudmark - slow to learn?

Whatever it is that is spewing out this garbage seems to have switched to a new campaign. I'm now getting loads of messages like this:
Quote
I would like to take this time to welcome you to our hiring process
and give you a brief synopsis of the position's benefits and requirements.
If you are taking a career break, are on a maternity leave,
recently retired or simply looking for some part-time job, this position is for you.
Occupation: Flexible schedule 2 to 8 hours per day. We can guarantee a minimum 20 hrs/week occupation
Salary: Starting salary is 2000 GBP per month plus commission, paid every month.
Business hours: 9:00 AM to 5:00 PM, MON-FRI, 9:00 AM to 1:00 PM SAT or part time (UK time).
Region: United Kingdom.
Please note that there are no startup fees or deposits to start working for us.
To request an application form, schedule your interview and receive more information about this position
please reply to Gerry@newengwork.com with your personal identification number for this position IDNO: 8607
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
Anotherone
Champion
Posts: 19,107
Thanks: 457
Fixes: 21
Registered: ‎31-08-2007

Re: Cloudmark - slow to learn?

I don't know about your problem, but I'd agree it's slow to learn. Regular weekly emails that I get from an establish UK concern, with a traceable email address suddenly arrived being tagged SPAM. I marked it NOT spam, OK next week or 2, then tagged again, so marked NOT spam, same issue again, after a 3rd attempt it seems ok at the moment.
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Cloudmark - slow to learn?

Jelv, PM me a handful of the emails complete with headers and I'll see if there's anything I can do.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Cloudmark - slow to learn?

PM sent
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
essexboy
Grafter
Posts: 25
Registered: ‎01-04-2008

Re: Cloudmark - slow to learn?

At the same time as the wave you describe, numbers getting through to here went up at least 5 fold and was enough that the server was complaining about the size of the mails I was forwarding to spamtraining.  Also, all ther other spam to my domain all but stopped.  Add that to the ddos attack and tell me there was no coincidence.
I share peoples concern about the speed at which Cloudmark learns.
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Cloudmark - slow to learn?

Quote from: jelv
PM sent

Thanks. I've ploughed through all of the emails in the Deleted Items folder for one of your mailboxes and every single one of them is now identified as spam by Cloudmark. Looks like it's learnt during the past few days.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Cloudmark - slow to learn?

Bob,
Although they've all been marked as spam, these represent a far higher number of spam emails getting through to me in the first place. I'd normally reckon on only getting a handful of emails marked as spam per week. These are all of such a consistent pattern that I'd have hoped that after the first day or so they would be totally blocked and hence never passed across to the mailboxes at all.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Cloudmark - slow to learn?

Ah sorry - I must learn to read things properly! I was under the impression that they weren't getting identified as spam at all which re-reading your original post I can see was not the case.
Looks like it's still learnt though. I tried forwarding one of the emails to a Plusnet hosted account and received an NDR as follows:
This is the Postfix program at host mxout-07.mxes.net.
I'm sorry to have to inform you that your message could not be
delivered to one or more recipients.  Here is the reason why the
message could not be delivered.
<mail@bobpullen.plus.com>: host mx.avasin.plus.net[212.159.8.200] said: 552
    Spam Message Rejected  (in reply to end of DATA command)

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Cloudmark - slow to learn?

Perhaps you need to monitor how long it takes to learn when you are hit by attacks like this, I wonder how much extra load was put on to your servers while it learnt? I don't ever remember getting as many obvious spam emails which were all the same through IronPort.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
essexboy
Grafter
Posts: 25
Registered: ‎01-04-2008

Re: Cloudmark - slow to learn?

The additional monitoring should have been done long, long ago, not just in the middle of an attack.  The failures we saw were cumulative, with differing bits of the system failing over time and was entirely due to the unprecedented volume and not just the content.  When this happens we don't want plusnet to carry on detailing the figurehead, they need to be in the bilges manning the pumps.
If, as was my experience, cloudmark unable to learn because the spamtraining address was rejecting mail sent to it then what happened was inevitable..
It is not the same as IronPort.  Everybody has a slightly different picture of spam and mine is that, overall, cloudmark lets 3 or 4 times as many through as did IronPort this far beyond the rollout.
dick:quote
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Cloudmark - slow to learn?

Quote from: jelv
Perhaps you need to monitor how long it takes to learn when you are hit by attacks like this, I wonder how much extra load was put on to your servers while it learnt? I don't ever remember getting as many obvious spam emails which were all the same through IronPort.

There's nothing to suggest the emails you saw were anything to do with the recent problems. The load on the MTAs themselves wasn't excessive really and overall volumes were nothing unusual.
Quote from: essexboy
The additional monitoring should have been done long, long ago, not just in the middle of an attack.

Monitoring has always been in place and was triggered as it should have been during the recent problems.
Quote from: essexboy
If, as was my experience, cloudmark unable to learn because the spamtraining address was rejecting mail sent to it then what happened was inevitable..

What spam training address are you using? Reporting spam is only really worthwhile these days if you're using the spam reporting buttons in the new Webmail interface. The problems were nothing to do with the inability to forward messages to a training address. Cloudmark's logic is based on a myriad of global information that's collected across global email networks.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Cloudmark - slow to learn?

Bob,
The old IronPort spam training reports: wouldn't it be an idea to set up auto-responders on those to point people to the new procedures for reporting spam/not spam?
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
essexboy
Grafter
Posts: 25
Registered: ‎01-04-2008

Re: Cloudmark - slow to learn?

Quote from: Bob

What spam training address are you using? Reporting spam is only really worthwhile these days if you're using the spam reporting buttons in the new Webmail interface. The problems were nothing to do with the inability to forward messages to a training address. Cloudmark's logic is based on a myriad of global information that's collected across global email networks.

I use spam@spamtraining.plus.com.  I do all my plusnet email business via POP3 and have no use at all for webmail. 
I do agree that the inability to forward the mail was probably a symptom and not a cause but that has no effect on what your customers are seeing and are interpreting as a reluctance for cloudmark to learn.  I have no idea how much those missing thousand or so emails I was unable to report affect the ability of cloudmark to learn but not having them would not have helped in the slightest.
I am not at all happy with your suggestion that my reports are deemed less worthy because I choose to do them via email.


jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Cloudmark - slow to learn?

Quote from: essexboy
I use spam@spamtraining.plus.com.

You're wasting your time - that's now just a black hole!
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)