RANT: Spam and Sonic.net

[tensigh]

Okay, I need someone to explain this to me.

According to the header of the spam I received, SA scored it as 0.6 but if you add up the scores, the email should be 6.899. Can someone explain this?

DCC_CHECK 1.9 (custom setting)
SNF4SA 5.0
SPF_HELO_PASS -.001

Total: 6.899


Return-Path: <[email protected]>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on b.spam.sonic.net
X-Spam-Level:
X-Spam-Status: No, score=0.6 required=2.0 tests=DCC_CHECK,SNF4SA,SPF_HELO_PASS
autolearn=disabled version=3.4.0
X-Spam-SNF-Result: 0 (Standard White Rules)
X-Spam-MessageSniffer-Scan-Result:
X-Spam-MessageSniffer-Rules:
0-0-0-4153-c
X-Spam-GBUdb-Analysis: 1, 216.107.144.115, Ugly c=0.47559 p=-0.405941 Source
Normal
Received: from g.mx.sonic.net (g.mx.sonic.net [69.12.221.236])
by b.spam.sonic.net (8.14.4/8.14.4) with ESMTP id s5180Pcw028038
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
for <withheld>; Sun, 1 Jun 2014 01:00:25 -0700
Received: from true-survival-plan.me (1974.clients.serverdeals.com [216.107.144.115] (may be forged))
by g.mx.sonic.net (8.13.8.Beta0-Sonic/8.13.7) with ESMTP id s5180MYY001059
for <withheld>; Sun, 1 Jun 2014 01:00:25 -0700
Date: Sun, 01 Jun 2014 00:59:38 -0700
To: <withheld>
Content-Type: text/plain
From: Patriot-Survival-Plan <[email protected]>
Mime-Version: 1.0
Subject: One-More Step To Martial-Law?
Message-ID: <[email protected]>
X-Sonic-SB-IP-RBLs: IP RBLs .

[kgc]

SNF4SA is a dynamic score rule and can either add or subtract from the total score. It looks like the spam was too fresh to be caught by the Sniffer system at all.

[tensigh]

Okay, thanks. So in time the sniffer will probably catch these mails? My main concern is that spams slip through SA undetected.

[kgc]

I hope so! Since I added it, I've only received a couple of spams to my accounts and that is a substantial improvement over the last few weeks.

[markf]

I hope so! Since I added it, I've only received a couple of spams to my accounts and that is a substantial improvement over the last few weeks.

Hey Kelsey,

This will most likely be the last day I will be posting to sonic. What I did to stop almost all the spam to my sonic email address, sonic won't let you use "undisclosed recipient", very stupid IMHO. I added anything sent to me to the whitelist and anything sent from known email addresses of friends and family to said whitelist.

Everything else was discarded.

Everything sent to undisclosed recipient was discarded. This means that anything sent from family and friends I would get. Anything sent to my email address I would get. This stopped almost all the scam spam.

The Snow Shoe Spammers are a bit different. They spam you using your email address. One they get your root aliases you are screwed. My wife's root alias now gets almost a thousand snow shoe spam each month.

This is what I want to post about.

I am using the wife's email address to feed a snow shoe spam filter that I make available. I have to rewrite some scripts or install Linux on another machine for the script. I also was intending on using my root alias, the one I started with oh, say, 18 years ago for feeding the scam spam filter.

The issue is of course that with my original account I have been charged $18.95 a month even though I spoke with sonic on a number of occasions about me never using said account for internet access or really anything. Being two states away makes using sonic for anything other than hosting is, well, ridicules.

I am still being charge $18.95 a month and so I see no other way to salvage this except to remove the account. This removes everything. I still have an email only account that I moved my wife's root alias to. I will use it as a forwarding account to feed the snow shoe filter. It is not any good for anything else.

So my root alias will be toast as of today. My feelings towards sonic in the last year have become very sour. I have moved all my hosting. In the last 9 years, I have not used sonic for anything except hosting. I live and have lived in Washington state. I cannot use sonic for internet access. In that time I have been charged for that service.

I do not mind supporting companies whose ethics I agree with. At some point in time, the support must be mutual or the company's ethics will have changed so much that I can no longer support them.

I can't see the correctness in continuing to charge me for a service that I cannot use, have not used and will never use. A service that sonic ceased requiring three or four years ago.

If sonic start charging me for these services on the second account, I can only say to you, have a nice life Kelsey.

[lr]

lr - do you use any DNS blacklists? If so, please let me know because I'd like to use the same ones.

If there are fewer emails in your graymail that just means they're sending less to you unless you're using DNS blacklists. Graymail means SA trapped the email before it got to your inbox, so if the graymail amount goes down it just means it never reached Sonic or Sonic blocked it via DNS lists.

The amount of spam and of graymail depends mostly on how "visible" that account name is in the great big world. My address is [email protected], and I get a lot of spam (a few per day make it through), and a lot of graymail (used to be hundreds per day, now down do many dozens per day). My wife's address is herfirstname@<the same domain>, and she gets very little spam, because her address has had very little exposure to the public. Our son's email is hisfirstname@<the same domain>, and he gets no spam at all, but then his email is virtually impossible to find.

You asked which blacklists I use: I have enabled Razor2, DCC, and all DNS blacklists (that is, not disabled the RBL). And I have about 10 or 20 SpamAssassin scores tuned. That tuning only works because I religiously check graymail for false positives (good mail that gets graylisted), and then whitelist senders that get falsely declared as graymail. I would not recommend my settings for other users (matter-of-fact, neither my wife nor my son use those settings, they use the Sonic default).

[markf]

I've been getting a bunch of these types of spam with virus attachments over just he past couple of months. None of them are even addressed to me so I don't know how they show up in my mailbox. (my address isn't [email protected]) Anyone know how this is possible? I can't possibly guess which domain they'll spoof next time to blacklist them.
I don't know what to do other than kill my 10 year old email address and try to transfer all my contacts over to another sonic address.

Code: Select all

 To: <[email protected]> 

First I blacklist all incoming email. Then I whitelist any email sent with my email in the "To" field. Then I whitelist any email with my friends and/or family' email address in the "From" field.

The eliminates almost all the scam spam. The snow shoe spammers are a little different since they address their garbage to you, using your email address in the "To" field.

[roger1]

There was an announcement of the takedown of the Gameover Zeus Botnet on June 2nd. Anyone notice a drop in these malware attachments?

[tensigh]

The amount of spam and of graymail depends mostly on how "visible" that account name is in the great big world. My address is [email protected], and I get a lot of spam (a few per day make it through), and a lot of graymail (used to be hundreds per day, now down do many dozens per day). My wife's address is herfirstname@<the same domain>, and she gets very little spam, because her address has had very little exposure to the public. Our son's email is hisfirstname@<the same domain>, and he gets no spam at all, but then his email is virtually impossible to find.

Yes, I'm well aware of this. My account name isn't that visible, so the amount of spam I get is pretty low.

You asked which blacklists I use: I have enabled Razor2, DCC, and all DNS blacklists (that is, not disabled the RBL). And I have about 10 or 20 SpamAssassin scores tuned. That tuning only works because I religiously check graymail for false positives (good mail that gets graylisted), and then whitelist senders that get falsely declared as graymail. I would not recommend my settings for other users (matter-of-fact, neither my wife nor my son use those settings, they use the Sonic default).

That's pretty much what I do as well. The thing that gets me is the spams that get through often have very little "checks" in the headers for SA.

[kgc]

We're running on our new MX servers now which have a completely rewritten policy enforcement engine (milter). The policies enforced today are virtually identical to the old system but I've already incorporated some additional rules to help block the worst of the worst. More information on the new system, and how this has changed per-user configuration, will be forthcoming.