cancel
Showing results for 
Search instead for 
Did you mean: 

Spam blacklisted address email still being delivered to inbox - how?

cjags
Rising Star
Posts: 427
Thanks: 9
Fixes: 1
Registered: 31-08-2007

Spam blacklisted address email still being delivered to inbox - how?

Despite having the address in the spam blacklist, one spammer has found a way to get the email into my inbox.
How have they done it?  The address strictlynews.com is in the blacklist.
Message headers from the latest one:-
From - Thu Apr 12 06:18:34 2012
X-Account-Key: account3
X-UIDL: UID25177-1152530500
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                               
Return-path: <root@avalon.gocontent.com>
Envelope-to: xxxxx@yyyy.plus.com
Delivery-date: Thu, 12 Apr 2012 00:43:39 +0100
Received: from [212.159.8.109] (helo=avasin13.plus.net)
  by inmx05.plus.net with esmtp (PlusNet MXCore v2.00) id 1SI7CM-00087F-Ux
  for xxxxx@yyyy.plus.com; Thu, 12 Apr 2012 00:43:38 +0100
Received: from terapost100.gocontent.com ([213.201.210.100])
by avasin13.plus.net with Plusnet Cloudmark Gateway
id wnjc1i0052AXB3p01njesV; Thu, 12 Apr 2012 00:43:38 +0100
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.0 cv=BpgfMPr5 c=1 sm=1 p=qStjtROaAAAA:8
a=mvimlBi7jlV1mtEKnsjMAg==:17 a=RzqTijrDYyUA:10 a=BgUkfd1loeAA:10
a=p27Z0iBnAAAA:8 a=nHu22tuL7HHcfKPsk6wA:9 a=5DoFWr1yxHiMXdkxUSUA:7
a=Ck_eiVqzrksA:10 a=ygNHuxy6cykA:10 a=Mw6cZ74w7koA:10 a=RB__G9i7-RkA:10
a=QORSX3kZEkbqN_Tb:21 a=wt_P2U-Kae77veMp:21 a=SSmOFEACAAAA:8
a=Ize7tXN9bCt44EmOIEoA:9 a=uccCwwLaClrjbqQpHLkA:7 a=_W_S_7VecoQA:10
a=nJoxbIMsmrHUoKLo:21 a=O35VYKjLcaZ96m44:21 awl=host:6405
a=mvimlBi7jlV1mtEKnsjMAg==:117
Received: from avalon.gocontent.com (terapost100 [192.168.0.100])
by terapost100.gocontent.com (Postfix) with ESMTP id 5EACA27022A
for <xxxxx@yyyy.plus.com>; Thu, 12 Apr 2012 00:43:36 +0100 (BST)
Received: from avalon.gocontent.com (avalon.gocontent.com [127.0.0.1])
by avalon.gocontent.com (Postfix) with ESMTP id 50F27A5000D
for <xxxxx@yyyy.plus.com>; Thu, 12 Apr 2012 00:43:36 +0100 (BST)
Received: (from root@localhost)
by avalon.gocontent.com (8.13.8/8.13.8/Submit) id q3BNhame008724;
Thu, 12 Apr 2012 00:43:36 +0100
To: xxxx@yyyy.plus.com
Date: Thu, 12 Apr 2012 00:43:36 +0100
From: "Anywhere.XXX" <noreply@strictlynews.com>
Message-ID: <f5dc5a7e31b4d6bcf8b81fa58a32adcd@localhost.localdomain>
X-Priority: 3
X-Mailer: PHPMailer [version 1.73]
X-Mailer: phplist v2.10.14
X-MessageID: 279
X-ListMember: xxxx@yyyy.plus.com
List-Unsubscribe: <mailto:unsubscribe@strictlynews.com>
List-Owner: <mailto:support@gocontent.com>
Precedence: bulk
Errors-To: noreply@strictlynews.com
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_f5dc5a7e31b4d6bcf8b81fa58a32adcd"
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: Want to Meet Sex Partners Online?
5 REPLIES
Superuser
Superuser
Posts: 9,577
Thanks: 955
Fixes: 54
Registered: 06-04-2007

Re: Spam blacklisted address email still being delivered to inbox - how?

I think it is the "Return-path" domain avalon.gocontent.com that needs to be blacklisted, not the "From" address. Also the message must be going to a defined mailbox and not 'catch-all'.
David
Community Veteran
Posts: 26,686
Thanks: 910
Fixes: 10
Registered: 10-04-2007

Re: Spam blacklisted address email still being delivered to inbox - how?

What I said here about whitelists also applies to blacklists:
Quote from: jelv
I raised a ticket about the latest occurrence. The response was that I had the wrong thing whitelisted as the email envelope-from was different to the from address.
I'd looked at the headers and hadn't realised the issue - how on earth a normal user is supposed to work out what should be added to their whitelist I don't know. I suspect most wouldn't even know about the headers and how to view them.
To me it looks like a tool is needed which analyses an email and tells the user what needs adding to their whitelist.

The current system isn't fit for purpose!
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
cjags
Rising Star
Posts: 427
Thanks: 9
Fixes: 1
Registered: 31-08-2007

Re: Spam blacklisted address email still being delivered to inbox - how?

Cheers.  Will also also avalon.gocontent.com  to the blacklist.
Fingers crossed that works.
Community Veteran
Posts: 19,101
Thanks: 443
Fixes: 21
Registered: 31-08-2007

Re: Spam blacklisted address email still being delivered to inbox - how?

Hmmmm. Did you visit a website and sign-up for emails? If so, you could try the Unsubscribe link in you did.
If you didn't, don't touch the Unsubscribe link. You can also try re-directing that (your) specific address to Blackhole, but if any wanted mail comes to that address it would also go to Blackhole unless you notified everyone else of a change of address.
cjags
Rising Star
Posts: 427
Thanks: 9
Fixes: 1
Registered: 31-08-2007

Re: Spam blacklisted address email still being delivered to inbox - how?

update:
Blocking both the From address and Return-To address is working Smiley
A couple more spammers have started to use this technique Sad