CoudMark Spam filtering
FIXED- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- :
- Re: CoudMark Spam filtering
- « Previous
-
- 1
- 2
- Next »
08-04-2019 11:32 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Townman wrote:
Is there anyone other than bobpullen who is able to bottom out issues such as this please?
Yeah, me
@jab1 wrote:
In the past two days, I have received two emails from my bank (NatWest), and they have both been tagged as 'SPAM' by CloudMark! Why oh why? I would have thought communications from such organisations would be some of the least likely to fall foul of spam filters?
I'll use the headers your provided to @adamwalker (after taking out any customer information) and demonstrate how this has happened, for those of you that don't know email is judged as spam based on lists and that information mainly comes from feedback, and flagging by the recipient, ISP's and deliberate spam/honey traps
The best way to deal with spam, and to help lessen the impact for everyone is to:
- Train the email program or Plusnet's spam filter: mark spam as spam, and make sure to mark those false positives you find in the spam folder as not-spam.
- Never reply to spam.
- Never try to unsubscribe from spam. (If you asked for the email by subscribing, then it’s not spam, and “unsubscribe” is the right way to stop it.)
X-CNFS-Analysis: v=2.3 cv=PIshB8iC c=1 sm=1 tr=0 b=1 p=T_WFs28f9H53z5wjhEQA:9
p=bOUYKNPN92PkZRiT:21 p=qTgyOnX98K_CeIPO:21 p=LUjB688p8_S-EOI0BqEA:9
p=2YpTX6ZUiZnAEpBp:21 p=BUvy6ZjfJLjLh6OW:21 a=qQv52R9awX/EQ7MaPVEOgw==:117
a=qQv52R9awX/EQ7MaPVEOgw==:17 a=NTGMnVQrEZIA:10 a=-uNXE31MpBQA:10
a=_Yaxip1i1oYA:10 a=9DvhAHx2yrWFMPxQWpQA:9 a=5obicqMlAAAA:8 a=j6yTz95HAAAA:8
a=3j4BkbkPAAAA:8 a=BkpHzsgbAAAA:8 a=vnREMb7VAAAA:8 a=JmhL_RV-AAAA:8
a=QEXdDO2ut3YA:10 a=EGHu0Q4xVOoA:10 a=SSmOFEACAAAA:8 a=lJjz8N4HAAAA:8
a=Y0AUEEh5SmV8dea-:21 a=_W_S_7VecoQA:10 a=frz4AuCg-hUA:10 a=Jt41xuF9nUEA:10
a=uUIsLfDk0JFcyPkdChej:22 a=iEMO7MLoSfOkq17C7Rlc:22
For those of you that don't know p= means that it's been identified as possible spam, this has 6 items that were marked as potential spam
That fingerprint is for a hash on the body content of messages that were
reported spammy by end users and that hit honey pots.
There were a very high number of reports. Looking at the feedback we can see:
- 74% of reports seen were to block
- 3% of blocks were from spam traps
- 1 ISP provided spam trap feedback
- Last spam trap hit : 2019-03-26 12:52:16
- First report : 2019-03-26 09:16:02
- Last report : 2019-04-04 10:53:39
We have reset it, but the sender should audit their mailing lists.
X-CNFS-Analysis: v=2.3 cv=Bbj2LIl2 c=1 sm=1 tr=0 b=1 p=u7-pr7BhLHUTfpVp:21
p=33Jx_QgsDH5tgonM:21 a=WzRZNAGC8xgF5At0pXxDXw==:117
a=WzRZNAGC8xgF5At0pXxDXw==:17 a=fmD_JHji_u0A:10 a=NTGMnVQrEZIA:10
a=-uNXE31MpBQA:10 a=i1H_nXBDAAAA:8 a=d9xucNbqG_xMpcgGhwcA:9 a=QEXdDO2ut3YA:10
a=9cMd3DhFMf4A:10 a=0V9lEPa6VcoA:10 a=lj-I7c-bT_oA:10 a=SSmOFEACAAAA:8
a=GAn-aSadAAAA:8 a=EBOSESyhAAAA:8 a=RGMxUAWXr3DJIVSz1WgA:9
a=JnL6mNYF00lwHwKv:21 a=75ILS5z9Ux7RFnW5:21 a=MjcfXWA8CdNu9-qB:21
a=_W_S_7VecoQA:10 a=frz4AuCg-hUA:10 a=tJptbokdDEAA:10 a=AGocr8Xm4UgA:10
a=HfAZLE10IEwA:10 a=E3RuXidrYcQA:10 a=QUI510VwN10A:10 a=UY--BljFdLEA:10
a=lW7-CRe5E_4A:10 a=DHjVRSWASVGjGSoP63Bs:22 a=UM1xAY0NvW3136_APDCo:22
a=yJM6EZoI5SlJf8ks9Ge_:22 a=CffZ9N37v4XOEeO00nN8:22 a=HH7FIXwXL_sUf1zzYxQd:22
This email would actually now be accepted and not marked as spam
X-CNFS-Analysis: v=2.3 cv=KsJjJ1eN c=1 sm=1 tr=0 b=1 p=1Ce2fp3nQoK81J5vHu8A:9
p=jklecccgu1Sg7pzQ:21 p=iOVxWBkoSNaTdfHpvWAA:9 a=edpXgVsGvg8eSV+7Ph4/dw==:117
a=edpXgVsGvg8eSV+7Ph4/dw==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10
a=1gGof8kZl80A:10 a=-uNXE31MpBQA:10 a=ZZnuYtJkoWoA:10 a=dJYnVhUtAAAA:8
a=vnREMb7VAAAA:8 a=jU4qhlNgAAAA:8 a=JqEG_dyiAAAA:8 a=BkpHzsgbAAAA:8
a=3j4BkbkPAAAA:8 a=Uj0gMU6hAAAA:8 a=1p2ajSFzDVw-lKsA:21 a=QEXdDO2ut3YA:10
a=IGPXEDbx7NkA:10 a=Rd0pikts-kcA:10 a=u3ke0JHczUQA:10 a=87COOerbOC4A:10
a=CwVEW5s1O_gA:10 a=-FEs8UIgK8oA:10 a=NWVoK91CQyQA:10 a=SSmOFEACAAAA:8
a=EfB4OZ_GCCJOxd0s:21 a=j_TgnoTjHbXHI9IA:21 a=S8HrKberzaeIV2oh:21
a=frz4AuCg-hUA:10 a=VavykzcozogA:10 a=MY9urf3tlLUA:10
a=rA7B2sRHbwqyddgz4uKf:22 a=oa3KAI9qiCm0rG2ttf_3:22
That fingerprint is for a hash on the body content of messages that were
reported spammy by end users and that hit honey pots.
There were a very high number of reports. Looking at the feedback we see:
- 53% of reports seen were to block
- 98% of blocks were from spam traps
- 1 ISP provided spam trap feedback
- Last spam trap hit : 2019-03-30 05:35:59
- First report : 2019-03-30 05:00:39
- Last report : 2019-04-06 14:28:36
We have reset it, but the sender should audit their mailing lists.
X-CNFS-Analysis: v=2.3 cv=Kdf8TzQD c=1 sm=1 tr=0 b=1 p=Az24vb9sqeT3MpEW94UA:9
p=6vsA-TfetAFkULCA:21 a=oyCnYmNh4phR0UiAjVnr6g==:117
a=oyCnYmNh4phR0UiAjVnr6g==:17 a=O76VCmqbo-wA:10 a=-uNXE31MpBQA:10
a=t-IPkPogAAAA:8 a=87dBFXvJAAAA:8 a=UQK2ULapsBNJ12f_UHEA:9
a=BQ5wd0_FCEpQfe2w:21 a=247pUUCGJnlzcNKk:21 a=QEXdDO2ut3YA:10
a=1ZVuKXJdaskA:10 a=P9Q5jUCw47LfPbl3:21 a=OYVstaJzS2XEskbw:21
a=_W_S_7VecoQA:10 a=frz4AuCg-hUA:10 a=VtGG6ZY1Rh_wYu2ZBCc4:22
a=y85AKpeX8sTgZG6YX2Fa:22 a=HH7FIXwXL_sUf1zzYxQd:22
This email is no longer showing as spam and would now be delivered
X-CNFS-Analysis: v=2.3 cv=PJUhB8iC c=1 sm=1 tr=0 p=7DSNqKSd6uJv_6Sa_B4A:9
p=zQ-LUYnAljvb6cH4XmkA:9 a=igZWDZuHjalP0YnaKmKojg==:117
a=NpZmUt3yXZuefsFAeZomaQ==:17 a=3STV6dmVkJ8A:10 a=KqOhe5OoNmIA:10
a=AhIA3d7-VLYA:10 a=oexKYjalfGEA:10 a=Ys_t-XITiW8A:10 a=-uNXE31MpBQA:10
a=w_ZoycZYAAAA:8 a=Gs7xfV3pMtHAaeA2:21 a=QYN-KKN5j9JtfLjA:21
a=QEXdDO2ut3YA:10 a=bJ2mBjjqAAAA:8 a=jtCsJvAxAAAA:8 a=aaaQ3xuJAAAA:8
a=Gde6D9KsAAAA:8 a=3j4BkbkPAAAA:8 a=JqEG_dyiAAAA:8 a=jU4qhlNgAAAA:8
a=BkpHzsgbAAAA:8 a=G_n6C9hkAAAA:8 a=GAn-aSadAAAA:8 a=nRiPs8dAe3f4diQG:21
a=sBA2fPeYc4SIEi2O:21 a=7RGB6gM_1S6GkELq:21 a=_W_S_7VecoQA:10
a=frz4AuCg-hUA:10 a=CCQOzhSjSZkA:10 a=w5Ah47RKwDcA:10
a=GSNFLtNrRyibBLXr7gtf:22 a=AtCsewl-GoA0oSRnKg9a:22 a=wSaHafRhPoq7VdsM46bt:22
a=DBT0p2UL6-xBlF0eDzZ7:22 a=qMq8LWcisMnaB8kZCWRd:22 a=Jxq69POYtJEursUEhiFn:22
a=UM1xAY0NvW3136_APDCo:22
This email is also no longer marked as spam
X-CNFS-Analysis: v=2.3 cv=Bbj2LIl2 c=1 sm=1 tr=0 p=WUqXHEmm6uYA:10
a=M94SacYp/krJg9OFpXo5tg==:117 a=ohfCQ2es0EJiIs7iudcNwg==:17
a=aNY/+OFkJ92hTRIqsZ/oJLGNU8Q=:19 a=KGjhK52YXX0A:10 a=28bQ1088vbIA:10
a=fmD_JHji_u0A:10 a=oexKYjalfGEA:10 a=-uNXE31MpBQA:10 a=YZoX8ndQ_wIA:10
a=sWKEhP36mHoA:10 a=Pn8iAFh2AAAA:8 a=BrDiTsk0AAAA:8 a=kR_H4XELF5L-DdtwywUA:9
a=6RyHdP9wf0s6W1bbVaoE2bQoMl4=:19 a=yi3GrsYqWOCD3sK7:21 a=9TMgblMvV9gJAsZI:21
a=QEXdDO2ut3YA:10 a=9S7BycrT590A:10 a=SSmOFEACAAAA:8 a=Kmx9NZxSAAAA:8
a=NM0YaXG2AAAA:8 a=qI-sqkvjAAAA:8 a=sJZ4q1TOAAAA:8 a=5p0nf1sHAAAA:8
a=Ns6vSmXSAAAA:8 a=p0i1YNCdAJxeTxqJnp8A:9 a=Tr6uTWX6eBC4fDAj:21
a=DQxtPfI47WtXtbc-:21 a=Ny9yRQnvb3ONb1P7:21 a=_W_S_7VecoQA:10
a=frz4AuCg-hUA:10 a=JNG9enEgSWd0TfEPMk3J:22 a=fK1jZSgjKPFatbRoI9mg:22
a=mKv6If4y4hzCizQr-YMX:22 a=gXJ_ZZDsdc-JdT1_zuUh:22 a=6XukCmkQ18yZopO0AixO:22
a=pWD9WnwaV-55-tVbWQgH:22 a=-jBZtZ9Fr4N1GTPGBZSS:22 a=HH7FIXwXL_sUf1zzYxQd:22
The spam fingerprint here is for the content which was reported as spammy by a a number of recipients
There were a moderate number of reports. Looking at the feedback we see:
- 86% of reports seen were to block
- 0% of blocks were from spam traps
- First report : 2019-01-10 14:11:45
- Last report : 2019-04-07 05:29:54
We've reset it but again the sender needs to audit their mailing lists.
Re: CoudMark Spam filtering
08-04-2019 12:05 PM - edited 08-04-2019 12:06 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@JonoH wrote:
The best way to deal with spam, and to help lessen the impact for everyone is to:
- Train the email program or Plusnet's spam filter: mark spam as spam, and make sure to mark those false positives you find in the spam folder as not-spam.
- Never reply to spam.
- Never try to unsubscribe from spam. (If you asked for the email by subscribing, then it’s not spam, and “unsubscribe” is the right way to stop it.)
@JonoH Thanks for that information.
As seen, all these emails were marked by CloudMark - not by either my MailWasher program or by my Thunderbird email client.
I don't use webmail at all, but if I get another high volume of false positives, maybe I'll have to rethink my approach, but that will be time-consuming and not an avenue I really want to go down.
I've been around long enough to know to never reply to spam, and in any case,'genuine' spam is caught by MailWasher and not even downloaded.
All the examples above are from organisations from whom I have specifically requested communication, and I suspect,but can't prove, that the classifications are due to others marking messages as spam, rather than using the 'unsubscribe' option.
Re: CoudMark Spam filtering
08-04-2019 5:03 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
WOW - Thank you - you've always feigned that email techy stuff … goes over your head!!
This is very helpful. What I read into this is that the false positives (associated with p=) arise from many users inappropriately marking legitimate emails which they have subscribed to as being spam, rather than unsubscribing if they no longer want to receive them.
Where a user has "discard 'obvious' spam" enabled in their spam settings, would this lead to p= classified as spam messages being "thrown away"?
Is there a learning / generic information sharing sticky topic to be derived here, covering what to look form in "marked as spam" email headers and how to have such designations reviewed and rectified
Marking as "Not spam" (even via webmail) is not always easy / practical - for example I have SPAM diverted to a blackhole mailbox (not to be confused with blackhole@plus.net) so that I can review what is being deems as spam … not that everything gets routed there.
Is there advice to be given in respect to the a= entries as well please?
In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.
Re: CoudMark Spam filtering
08-04-2019 5:18 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Townman wrote:
WOW - Thank you - you've always feigned that email techy stuff … goes over your head!!
It's why it took so long for a reply, I needed to go and learn it!
This is very helpful. What I read into this is that the false positives (associated with p=) arise from many users inappropriately marking legitimate emails which they have subscribed to as being spam, rather than unsubscribing if they no longer want to receive them.
That, and a number of Spamtraps/Honeypots maintained by users and ISP's simply to catch spam if the mail goes to one of these email addresses, it's likely spam and will be flagged as such.
Where a user has "discard 'obvious' spam" enabled in their spam settings, would this lead to p= classified as spam messages being "thrown away"?
I'm not sure how many positives it takes to make it obvious, I only learned all this stuff a couple of hours ago
Is there a learning / generic information sharing sticky topic to be derived here, covering what to look form in "marked as spam" email headers and how to have such designations reviewed and rectified
Rather than a sticky, how about if we made a help and support article that people could link to if it was required, I'm just thinking about the number of stickies that we could end up with for email as it's such a complex subject.
Marking as "Not spam" (even via webmail) is not always easy / practical - for example I have SPAM diverted to a blackhole mailbox (not to be confused with blackhole@plus.net) so that I can review what is being deems as spam … not that everything gets routed there.
I understand that, but when it can be done it's really helpful, essentially it's a giant trust list and the more reports the more likely it is to be accurate.
Is there advice to be given in respect to the a= entries as well please?
I'm sure I can find out if it's useful and includes it in the help and support article?
Re: CoudMark Spam filtering
08-04-2019 5:57 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Townman wrote:
WOW - Thank you - you've always feigned that email techy stuff … goes over your head!!
This is very helpful. What I read into this is that the false positives (associated with p=) arise from many users inappropriately marking legitimate emails which they have subscribed to as being spam, rather than unsubscribing if they no longer want to receive them.
Where a user has "discard 'obvious' spam" enabled in their spam settings, would this lead to p= classified as spam messages being "thrown away"?
That is what happened to a number of my regular mails until I disabled it - had to resubscribe to a few.
Is there a learning / generic information sharing sticky topic to be derived here, covering what to look form in "marked as spam" email headers and how to have such designations reviewed and rectified
Marking as "Not spam" (even via webmail) is not always easy / practical - for example I have SPAM diverted to a blackhole mailbox (not to be confused with blackhole@plus.net) so that I can review what is being deems as spam … not that everything gets routed there.
As I said, Kevin, I rely on Mailwasher to filter my spam - it is more accurate and reliable than the PN filter, and enables me to validate 'new' addresses when a valid sender changes them, for whatever reason - my bank being a prime example.
Is there advice to be given in respect to the a= entries as well please?
Re: CoudMark Spam filtering
10-04-2019 5:16 PM - edited 10-04-2019 5:17 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@JonoH I've just marked your reply as a fix, as the 'Flowercard' mails are not now being marked as spam - unfortunately, as the the other senders in that list are only occasional, I haven't had any further ones to check as yet.
As a point of interest, I have had a bit of a weird experience in the past few days - another of my regular senders - musicMagpie - sent me two near identical messages a day apart, one of which, as normal came through with no extra header [SPAM], the other did get 'caught' - will continue to monitor and raise another report if required.
Re: CoudMark Spam filtering
10-04-2019 6:19 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Is there advice to be given in respect to the a= entries as well please?
I have requested that the response herein be developed in to a more comprehensive Help & Support guide to enable users to help themselves a little more. I think there is a lot to be learnt from this thread.
In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.
Re: CoudMark Spam filtering
10-04-2019 6:33 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Townman Yep, I noticed that, thanks.
I only raised the query as I had quite a batch over a short period - and as an aside, yes, if you have 'discard obvious spam' set to true, you will potentially loose important emails - I know I did prior to altering the settings.
Re: CoudMark Spam filtering
10-04-2019 7:22 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi John,
What I meant was I have asked the question elsewhere in a lot more detail... ideas for content have now been outlined.
In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.
- « Previous
-
- 1
- 2
- Next »
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page