RANT: Spam and Sonic.net

[thulsa_doom]

Generally speaking, spam countermeasures work best as a layered defense. Ratcheting SpamAssassin down to some arbitrarily-low value doesn't help with spam the scores the same as ham. Better to leave SpamAssassin alone for the most part and introduce additional filters, such as the DNS blocklists (SORBS comes readily to mind) and a last-ditch junkmail filter in the mail client itself.

A quick peek in my own inbox shows the most recent spam that got through to me scored -0.1 in SpamAssassin and was on none of the blocklists. No reasonable amount of SpamAssassin jiggering (short of triggering on HTML_MESSAGE, which I know is an unpopular suggestion) would have stopped that message.

[bobrk]

I'm at 1.5, and I get about 2 or less a day. I report them all to spamcop.net.

[virtualmike]

I'm going to start using my Gmail account more often (never had ONE spam on that account) and if the spam situation doesn't get better I'll just drop my Sonic account.

Is your Gmail address used as much as your Sonic.net address; i.e., is it possible that fewer spammers know it?

You could forward your Sonic.net address to your Gmail account (or use your Gmail account to retrieve the mail from Sonic.net) so that email gets filtered, but you keep your Sonic.net address. You can set up Gmail or your independent mail program to send the mail from your Sonic.net address.

[patty1]

I, too, am getting many spam messages with scores of 2.0 or below. One today was even 0.0! I don't know what has changed in recent weeks, but it's very frustrating.

[tensigh]

Generally speaking, spam countermeasures work best as a layered defense. Ratcheting SpamAssassin down to some arbitrarily-low value doesn't help with spam the scores the same as ham. Better to leave SpamAssassin alone for the most part and introduce additional filters, such as the DNS blocklists (SORBS comes readily to mind) and a last-ditch junkmail filter in the mail client itself.

A quick peek in my own inbox shows the most recent spam that got through to me scored -0.1 in SpamAssassin and was on none of the blocklists. No reasonable amount of SpamAssassin jiggering (short of triggering on HTML_MESSAGE, which I know is an unpopular suggestion) would have stopped that message.

How do I use DNS blocklists? When it comes to SA, I didn't just arbitrarily set a low score; I have spent a fair amount of time blacklisting subjects and senders and restricting locales. I've also tweaked at least 20 different scoring methods (including HTML messages) to help reduce spam getting into my inbox. But either way, if you could offer some advice, I'd be grateful.

I'm using Outlook which has the worst track record on Spam filtering. But any help you could offer on DNS block lists, I'd be grateful.

[tensigh]

I'm at 1.5, and I get about 2 or less a day. I report them all to spamcop.net.

That's a good idea. I'll start reporting spam there.

[tensigh]

The problem has gotten worse. My account was locked out for several hours because a spammer started sending spam USING my account (my computer was not compromised) or at least my email addresses in the return to line. Situation has been fixed but this is getting more and more frustrating.

I just noticed one comment came from a Sonic employee - if SA isn't that good of a tool, does Sonic plan to offer a better one in the future? I'm sure there are less technically inclined customers that are going to not send complaints but decide to drop Sonic as a carrier if this keeps up.

[tensigh]

I'm going to start using my Gmail account more often (never had ONE spam on that account) and if the spam situation doesn't get better I'll just drop my Sonic account.

Is your Gmail address used as much as your Sonic.net address; i.e., is it possible that fewer spammers know it?

You could forward your Sonic.net address to your Gmail account (or use your Gmail account to retrieve the mail from Sonic.net) so that email gets filtered, but you keep your Sonic.net address. You can set up Gmail or your independent mail program to send the mail from your Sonic.net address.

That's something I've considered as well, although I do use my Gmail account for Dispus and have been using it a lot for about 2 years now with not a single spam in the Inbox. A friend of mine uses his Gmail account exclusively and hasn't received any, either. But other than that, I have no real hard evidence.

I'm certainly not trying to sing Gmail's praises and prefer Sonic's approach to privacy. But I'm trying to evaluate exactly what Sonic plans to do with these complaints. If it's treated with the attitude that "meh, it's not a big problem" then I'll have to consider what I want to do.

[thulsa_doom]

How do I use DNS blocklists? When it comes to SA, I didn't just arbitrarily set a low score; I have spent a fair amount of time blacklisting subjects and senders and restricting locales. I've also tweaked at least 20 different scoring methods (including HTML messages) to help reduce spam getting into my inbox. But either way, if you could offer some advice, I'd be grateful.

I'm using Outlook which has the worst track record on Spam filtering. But any help you could offer on DNS block lists, I'd be grateful.

Our tool for configuring DNS blocklists (I personally prefer that term to "blacklists" which sounds awfully Cold-War-paranoid) is at https://members.sonic.net/email/spam/fi ... blacklists

Basically what it does is when a message for you hits our MX server (before we even feed the message to SpamAssassin) we compare the source IP address of the message with the lists you have enabled. If the message is coming from a known bad actor we reject the message immediately and it never even ends up in your graymail. We have a handful of lists enabled by default, but many are available. Each list can be assigned a score. All the scores of the matching lists are added up, and if the total is ten or greater, the message is rejected.

The SORBs lists are pretty popular, though their methodology is a bit too aggressive for us to be comfortable with turning it on by default for everybody.

If you look at the headers for a message, you should see a line that looks something like:

Code: Select all

X-Sonic-SB-IP-RBLs: IP RBLs sorbs-spam.

This tells you which (if any) of the DNS lists would have stopped that message from coming through. In this case, the spam.dnsbl.sorbs.net list, which I do not have enabled on my account, was matched. The message in question was an ad from Sports Authority, but wan't actually spam. I would have been just as happy to not get that "20% off your entire purchase" noise in my inbox, but they got my address legitimately and I've never asked them to stop sending.

I just noticed one comment came from a Sonic employee - if SA isn't that good of a tool, does Sonic plan to offer a better one in the future? I'm sure there are less technically inclined customers that are going to not send complaints but decide to drop Sonic as a carrier if this keeps up.

SpamAssassin isn't the magic bullet that will end all spam for all time. Even when they rifle through your underwear drawer, Google still manages to let some leak through. Our Systems folks have been working on a number of changes to how mail passes through our network, but I'm not 100% up to speed on exactly where they are with that. In the meantime, SpamAssassin is healthy part of a balanced breakfast, not a panacea.

[patty1]

John, I just checked about a dozen spam messages that have come in in recent days, and only one of them even had anything in the "X-Sonic-SB-IP_RBLs" field. Like your example, it said, "IP RBLs sorbs-spam." I see 11 different SORBS lists on the configuration page; does this field entry mean that the spam could have been blocked by one of those 11, but we don't know which one?