RANT: Spam and Sonic.net

[kgc]

USER_IN_WHITELIST should not contain your own address by default - is it possible you have something in your whitelist that is matching your address unintentionally?

[tensigh]

I have no idea. There were about 10 criteria to reject the message as spam, but it had a negative score of like -27 something. When I look at the score for user in whitelist, it's like -50.

I never consciously added my own address to the whitelist so I figured it was something Sonic did or SA did by default. Either way, I've now BLACKLISTED my address so (hopefully) that will help.

The annoying this is that my email address is listed as the display name; the email address is actually something different. I'm guessing SA doesn't discern between the two.

[virtualmike]

The annoying this is that my email address is listed as the display name; the email address is actually something different.

Common spammer tactic.

[tensigh]

What I meant is that the actual address wasn't mine, it was the display name. So if SA is going to filter by email address then it never should have gone in my inbox.

[dane]

We've been improving spam defenses a lot over the last couple weeks, have you noticed your amount of spam declining?

[tensigh]

Thank you, Dane. There has been an improvement in the past week or so, I think. I appreciate the attention you guys have paid to this issue.

[tensigh]

Got another SPAM in the inbox today. It only scored a 1.6 so I'm perplexed. Further, the Sniffer seemed to label it "snake oil" but somehow managed to let it through despite my rather terse 2.0 threshold setting.

For the record, I do NOT have diabetes...

X-Spam-Level: *
X-Spam-Status: No, score=1.6 required=2.0 tests=SNF4SA autolearn=disabled
version=3.4.0
X-Spam-SNF-Result: 52 (Snake Oil)
X-Spam-MessageSniffer-Scan-Result:
X-Spam-MessageSniffer-Rules:
52-6419433-673-700-m
52-6396740-980-1011-m
52-6396740-1484-1515-m
52-6419433-0-1940-f
X-Spam-GBUdb-Analysis: 0, 69.12.210.141, Ugly c=1 p=-0.502007 Source Normal
Received: from l.mx.sonic.net (l.mx.sonic.net [69.12.210.141])
by d.spam.sonic.net (8.14.4/8.14.4) with ESMTP id s5DA10YI009234
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for <*******@lds.sonic.net>; Fri, 13 Jun 2014 03:01:00 -0700
Received: from active-reverse-diabetes.com (. [192.3.182.242] (may be forged))
by l.mx.sonic.net (8.14.4/8.14.4) with ESMTP id s5DA0wv6017804
for <***@*******>; Fri, 13 Jun 2014 03:01:00 -0700
Date: Fri, 13 Jun 2014 03:00:13 -0700
Mime-Version: 1.0
From: Reverse_Your_Diabetes <[email protected]>
Message-ID: <[email protected]>
To: <*****@****************>
Subject: Re: Do THIS to Reverse Your Diabetes.
Content-Type: text/plain
X-Orthrus: tar=0 os=Linux/3.1-3.10/93

[thulsa_doom]

X-Spam-Level: *
X-Spam-Status: No, score=1.6 required=2.0 tests=SNF4SA autolearn=disabled
version=3.4.0
X-Spam-SNF-Result: 52 (Snake Oil)
X-Spam-MessageSniffer-Scan-Result:
X-Spam-MessageSniffer-Rules:
52-6419433-673-700-m
52-6396740-980-1011-m
52-6396740-1484-1515-m
52-6419433-0-1940-f
X-Spam-GBUdb-Analysis: 0, 69.12.210.141, Ugly c=1 p=-0.502007 Source Normal
<snip>
X-Orthrus: tar=0 os=Linux/3.1-3.10/93

It looks like none of the normal (non-sniffer) SpamAssassin rules were tripped by this message at all. The entire 1.6 score was based on SNF4SA, the dynamically-scored sniffer value.

[lr]

We've been improving spam defenses a lot over the last couple weeks, have you noticed your amount of spam declining?

For the last two or three days: Spam coming through into the mailbox, which was already very low (a few per day) is either zero or just as low. This doesn't matter for me, since such few are not a hassle to get rid of. Spam ending up in graymail has dropped massively, from many dozens (perhaps a hundred) per day to maybe a dozen. This is nice (it's much faster to look through the graymail folder to make sure it doesn't contain any ham mis-classified as spam). Speaking of false positives: ham misclassified as ham was already very rare (perhaps once a week or so), and I can't measure that based on a few days.

In summary, it looks good.

[tensigh]

I got another one of those fake USPS notices in my inbox today. It's pretty obvious that those are fake, I'm surprised SA lets it through.

Return-Path: <[email protected]>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on c.spam.sonic.net
X-Spam-Level: *
X-Spam-Status: No, score=1.9 required=2.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
HTML_MESSAGE,LOTS_OF_MONEY,T_RP_MATCHES_RCVD autolearn=disabled version=3.4.0
X-Spam-SNF-Result: 0 (Standard White Rules)
X-Spam-MessageSniffer-Scan-Result:
X-Spam-MessageSniffer-Rules:
0-0-0-6646-c
X-Spam-GBUdb-Analysis: 1, 197.221.14.63, Ugly c=0 p=0 Source New
Received: from m.mx.sonic.net (m.mx.sonic.net [69.12.210.174])
by a.spam.sonic.net (8.14.4/8.14.4) with ESMTP id s5PHUEkL002471
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for <redacted>; Wed, 25 Jun 2014 10:30:14 -0700
Received: from www63.cpt3.host-h.net (www63.cpt3.host-h.net [197.221.14.63])
by m.mx.sonic.net (8.14.9/8.14.4) with ESMTP id s5PHU8Lo019676
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT)
for <redacted>; Wed, 25 Jun 2014 10:30:12 -0700
Received: from localhost
([127.0.0.1] helo=www63.cpt3.host-h.net ident=Debian-exim)
by www63.cpt3.host-h.net with esmtp (Exim 4.80)
(envelope-from <[email protected]>)
id 1Wzr1K-0000Fh-EQ
for redacted; Wed, 25 Jun 2014 19:30:06 +0200
Received: from ditloeapee by www63.cpt3.host-h.net with local (Exim 4.80)
(envelope-from <[email protected]>)
id 1Wzr1K-0000FW-7c
for redacted; Wed, 25 Jun 2014 19:30:06 +0200
To: redacted
Subject: Delivery Status Notification
X-PHP-Originating-Script: 1171:inkyfz.php
From: "Postal Service" <[email protected]>
X-Mailer: XimianEvolution1.4.6
Reply-To: "Postal Service" <[email protected]>
Mime-Version: 1.0
Content-Type: multipart/alternative;boundary="----------140371740653AB071E377D2"
Message-Id: <[email protected]>
Date: Wed, 25 Jun 2014 19:30:06 +0200
X-Orthrus: tar=0 grey=no co=ZA os=Linux/3.1-3.10/1 spf=none dkim=none