Postdated Spam

General discussions and other topics.
3 posts Page 1 of 1
by els » Tue May 31, 2022 6:46 am
The most annoying spam I'm getting recently is postdated emails, which are postdated anywhere from 2024 to 2037, and which spoof my own email address. Here a sample header:

Subject: thanks 😄 to our favorite customers.
From: DOLLAR GENERAL <myaddress@sonic.net>
To: ellen <myaddress@sonic.net>
Date: 2033-05-16 02:37

I know why they do it: those emails stay at the top of a dated list of incoming email. Blocking the return address would block, you know, myself. As an interim measure, I'm blocking those subject lines, but spammers won't use the same subject lines indefinitely.

Has anyone been able to configure SpamAssassin to block postdated email?
by apl » Tue May 31, 2022 12:10 pm
There are existing rules that trigger on dates in the future:

DATE_IN_FUTURE_03_06 2.426 Customize Reset Date: is 3 to 6 hours after Received: date
DATE_IN_FUTURE_06_12 0.001 Customize Reset Date: is 6 to 12 hours after Received: date
DATE_IN_FUTURE_12_24 2.489 Customize Reset Date: is 12 to 24 hours after Received: date
DATE_IN_FUTURE_24_48 1.248 Customize Reset Date: is 24 to 48 hours after Received: date
DATE_IN_FUTURE_48_96 0.813 Customize Reset Date: is 48 to 96 hours after Received: date
DATE_IN_FUTURE_96_XX 0 Customize Reset Date: is 96 hours or more after Received: date
T_DATE_IN_FUTURE_96_Q 0.01 Customize Reset Date: is 4 days to 4 months after Received: date
T_DATE_IN_FUTURE_Q_PLUS 0.01 Customize Reset Date: is over 4 months after Received: date

I would check the headers of the email(s) in question to see which of these rule are being triggered (probably the last one), and then increase the score for those rules. I have no idea why the default scores for those last three are so low, as it seems like they should be a pretty strong indicator that a message is spam.

Edit: Hm, after posting my response, I found that I had a piece of spam with this same issue:
Date: Thu, 12 May 2030 13:37:50 +0000
and none of those DATE_IN_FUTURE rules triggered on it, maybe because it also has some "Received:" headers with the same date.
So there may not be any easy way to block these with the current spamassassin rules.
by els » Tue May 31, 2022 10:05 pm
I realized I had Whitelisted my own email address, and whenever it's spoofed ... bingo! Here comes the spam..

I've removed my own address from the Whitelist, and we'll see if the regular SpamAssassin ratings will sink these annoying emails going forward.

I'll have to check my Graymail more often, though, to make sure legitimate cc:'s to myself aren't inadvertently tagged as spam.
3 posts Page 1 of 1

Who is online

In total there are 30 users online :: 1 registered, 0 hidden and 29 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: Bing [Bot] and 29 guests