cancel
Showing results for 
Search instead for 
Did you mean: 

Have they found a way to get round the spam filter

Community Veteran
Posts: 38,460
Thanks: 1,031
Fixes: 62
Registered: ‎15-06-2007

Have they found a way to get round the spam filter

I have started getting regular spam about improving life or losing weight

This is from the latest message and I can't see a spam score

Return-path: <qianzy@seari.com.cn>
Envelope-to: 
Delivery-date: Sat, 15 Jul 2017 05:43:18 +0100
Received: from [212.159.9.108] (helo=avasin20.plus.net)
	  by inmx18.plus.net with esmtp (PlusNet MXCore v2.00) id 1dWEvG-0006hd-Bu 
	  for; Sat, 15 Jul 2017 05:43:18 +0100
Received: from mail.seari.com.cn ([120.26.106.237])
	by avasin20.plus.net with Plusnet Cloudmark Gateway
	id ksjF1v00157LXcQ01sjHgS; Sat, 15 Jul 2017 05:43:18 +0100
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.2 cv=UqQTD64B c=1 sm=1 tr=0
 a=qWqUP1upb5dh98QIPuWOCA==:117 a=qWqUP1upb5dh98QIPuWOCA==:17
 a=IkcTkHD0fZMA:10 a=G3gG6ho9WtcA:10 a=hwBpGJn7AAAA:8 a=MOlGyxJgAwfckPudjKEA:9
 a=QEXdDO2ut3YA:10 a=RlsHD-m6oG0A:10 a=dHWjKzA9_9CJQtZHJv9w:22
Received: from [127.0.0.1] (unknown [190.155.105.211])
	by mail.seari.com.cn (XYmail) with ESMTPA id 0222432379B;
	Sat, 15 Jul 2017 11:35:25 +0800 (CST)
From: qianzy@seari.com.cn
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset=UTF-8
Mime-Version: 1.0 (1.0)
Message-Id: <2691CEA9-99AF-9F12-DAD9-0DA708C6A450@seari.com.cn>
Date: Sat, 15 Jul 2017 05:35:09 +0200
To: 
X-Mailer: iPad Mail (13E238)
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: Perfect Moment to Improve Your Life

7 REPLIES
Superuser
Superuser
Posts: 9,875
Thanks: 1,239
Fixes: 71
Registered: ‎06-04-2007

Re: Have they found a way to get round the spam filter


Oldjim wrote:

I have started getting regular spam about improving life or losing weight

This is from the latest message and I can't see a spam score

X-CM-Score: 0.00
X-CNFS-Analysis: v=2.2 cv=UqQTD64B c=1 sm=1 tr=0
 a=qWqUP1upb5dh98QIPuWOCA==:117 a=qWqUP1upb5dh98QIPuWOCA==:17
 a=IkcTkHD0fZMA:10 a=G3gG6ho9WtcA:10 a=hwBpGJn7AAAA:8 a=MOlGyxJgAwfckPudjKEA:9
 a=QEXdDO2ut3YA:10 a=RlsHD-m6oG0A:10 a=dHWjKzA9_9CJQtZHJv9w:22

It's been spam checked but was not detected as spam. The score (shown on the top line of this excerpt) can only be zero or 100 for basic checking which Plusnet implement. If it is zero (meaning not detected as spam) no Level header will be added.

One has to remember that spammers craft their emails in a way to avoid spam detection and filters have to adapt to keep up.

To help this process use webmail to report such messages as spam.

I received several messages of this type a while ago, initially not detected as spam but later they were. Now they've stopped. Fingers crossed that continues. Thumbs Up

David
Shetland
Dabbler
Posts: 18
Thanks: 2
Registered: ‎27-05-2016

Re: Have they found a way to get round the spam filter

I very rarely receive any spam emails and yet over the past few weeks I have had dozens matching this description. I am now marking them as spam. The last one was tagged as spam but was not moved to the junk folder, although I have the setting ticked to do so. Please could someone tell me why it was not moved? 

These emails are all addressed to my default email address plus two aliases. It is a domain address, not a Force 9 one. How do the spammers get the addresses?  Seems odd that they have all three.

Community Veteran
Posts: 38,460
Thanks: 1,031
Fixes: 62
Registered: ‎15-06-2007

Re: Have they found a way to get round the spam filter

all reported as spam - it may help

Superuser
Superuser
Posts: 9,875
Thanks: 1,239
Fixes: 71
Registered: ‎06-04-2007

Re: Have they found a way to get round the spam filter

@Shetland The reason for [-SPAM-] tagged messages going into Inbox despite your MMM setting is explained in this quote from https://community.plus.net/t5/Email/Spam-filter-settings/m-p/1456292#M20209


spraxyt wrote:

If you've had [-SPAM-] tagged messages delivered to your Inbox despite [your MMM] setting  take a look at the Spam level shown in the message headers. I think you'll find such messages are Level 4 or 5 whereas your aggressiveness setting is 1 or 2.

Level 4 or 5 means the messages show slight spam indications but setting 1 or 2 means only those with higher spam indications are to go into the spam folder. So Level 4 or 5 go into Inbox.

It's a moot point whether the [-SPAM-] tag should be added to these, though it suits me for this to be done.


Changing aggressiveness to 5 in your MMM spam settings should ensure they are put in the Spam folder.

As Oldjim mentioned, reporting them as Spam in webmail should help improve detection accuracy.

David
Shetland
Dabbler
Posts: 18
Thanks: 2
Registered: ‎27-05-2016

Re: Have they found a way to get round the spam filter

Aggressiveness setting was 4 - now increased it to 5.  The one that was tagged was level 5 so they now match.  I haven't been marking them as spam but have now started to do this, with the result that the next one that came was tagged. Still wondering how the spammers have these addresses - strange that they have all three.  Also, as there is obviously a lot of this type of message, can Plusnet now block them entirely?

Superuser
Superuser
Posts: 9,875
Thanks: 1,239
Fixes: 71
Registered: ‎06-04-2007

Re: Have they found a way to get round the spam filter

The Cloudmarks can block them if the reputation of the sending servers falls. However unwarranted blocking attracts more criticism than having to deal with spam messages after delivery.

David
Superuser
Superuser
Posts: 12,929
Thanks: 4,227
Fixes: 26
Registered: ‎22-08-2007

Re: Have they found a way to get round the spam filter

I too have been receiving these for weeks - reported them as spam but they still keep arriving not marked as spam.