RANT: Spam and Sonic.net

[tensigh]

Got another spam in the inbox; these are the headers. I hope this info will help Sonic's team prevent this in the future, it's really annoying. The spammers are very good at getting past SA.

Return-Path: <[email protected]>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on d.spam.sonic.net
X-Spam-Level: *
X-Spam-Status: No, score=1.8 required=2.0 tests=SNF4SA autolearn=disabled
version=3.4.0
X-Spam-SNF-Result: 60 (Ungrouped Black Rules)
X-Spam-MessageSniffer-Scan-Result:
X-Spam-MessageSniffer-Rules:
60-6075546-635-678-m
60-6433411-1193-1226-m
60-6433411-2384-2417-m
60-6075546-0-3343-f
X-Spam-GBUdb-Analysis: 0, 69.12.210.141, Ugly c=1 p=-0.333303 Source Normal
Received: from l.mx.sonic.net (l.mx.sonic.net [69.12.210.141])
by d.spam.sonic.net (8.14.4/8.14.4) with ESMTP id s5T0A1Lw001614
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for <>; Sat, 28 Jun 2014 17:10:01 -0700
Received: from sure-protective-surface.me (. [109.201.138.67] (may be forged))
by l.mx.sonic.net (8.14.9/8.14.4) with ESMTP id s5T09xAq019035
for <>; Sat, 28 Jun 2014 17:10:01 -0700
Date: Sat, 28 Jun 2014 17:10:52 -0700
Subject: Garage Floor Coating from the Pros for your Summer Parties.
From: Protective Floor Coating <[email protected]>
To: <>
Message-ID: <[email protected]>
Content-Type: text/plain
Mime-Version: 1.0
X-Orthrus: tar=0 grey=yes co=NL os=Linux/3.1-3.10/18 spf=pass dkim=none

[tensigh]

We've been improving spam defenses a lot over the last couple weeks, have you noticed your amount of spam declining?

Dane, I have to be honest; I don't see much improvement. I got 2 spams this morning and they're the type that SA used to block in the past. Whatever new method you're using has been either less effective or about the same as a few months ago.

[dane]

I'm seeing a lot less spam in my inbox, and less in Graymail too. And just on raw count, we're blocking a lot more spam than we were, which should result in noticeable improvements in your inbox.

Are others feeling like their spam volume in the inbox is similar, or improved?

[virtualmike]

My spam volume was pretty low compared to most people, but it's now about half that. I'm not sure if that's meaningful, given the "ebb and flow" of spam in general.

[tensigh]

I'm seeing a lot less spam in my inbox, and less in Graymail too. And just on raw count, we're blocking a lot more spam than we were, which should result in noticeable improvements in your inbox.

Are others feeling like their spam volume in the inbox is similar, or improved?

I have seen less in my graymail, so that's a plus. But there are a few that keep getting past SA and I don't get how to tweak the new settings to try to stop them.

Here's an example of a spam that got through the filter:
X-Spam-Level: *
X-Spam-Status: No, score=1.7 required=2.0 tests=SNF4SA autolearn=disabled

the only test was SNF4SA. I have a few others that landed in my inbox that have more criteria but they still managed to sneak past SA despite my account having a rather strict 2.0 setting.

[[email protected]]

I received an email from sonic.net support a couple weeks ago that "flat file" spam support was being discontinued and that I would have to manage spam through the web interface. So I checked, and my white/blacklists were correctly imported from my user_prefs file and the scores I had originally entered were correct - but suddenly I am more than a dozen spams a day. In checking the headers, I can't see where they have been run through SA at all. What am I missing? From three or four spams a week, I am getting more than a dozen a day. Help!

Catherine de la Cruz

[kgc]

Catherine, you may need to review your procmail rules. We were able to import everyone's settings from this migration but were not able to figure out what each user had in their procmail or what specific steps they might need to take.

[[email protected]]

Then procmail is still in use? The email from support wasn't specific. I'll check it.

Catherine

[[email protected]]

Kelsey - I don't see anything in my procmail file that would eliminate spam checking, but the procmail log doesn't show any spam checking after July 10th. Is there somewhere specific on the web site that I should be turning spamassassin on or off?


Catherine

[ankh]

I've been getting more spam in the last few weeks on two email accounts at sonic.

This email accounts got locked last week --- support said it had been hacked and used to send spam, 40 and 50 emails very fast according to some log file Sonic has.

I asked for more info -- support told me to look in my sent mail folders because of their size but there was nothing in sent mail that matched what support said had been sent.

Is it possible for spam to be sent using a Sonic account without it showing up as sent mail?

Or is it possible someone faked the sender information? Possibly as harassment to get my account locked?

I gave Support permission to look at the sent mail -- nothing there I'm worried about you knowing.

Haven't heard more back. I know you flush files after a few weeks, I'd really like to know what happened.