No, seriously, SpamAssassin is broken.

[melissk]

Or, it needs to go back to school. Or, am I the only person getting slammed with spam in recent days, much of it from @*.me domains, which SA seems to think is (nearly) perfectly fine? Since the * part of the domain changes in every email, blacklisting it feels like an exercise in futility.

Just a sampling of today's headers:

Return-Path: <[email protected]>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on b.spam.sonic.net
X-Spam-Level: **
X-Spam-Status: No, score=2.4 required=5.0 tests=HTML_MESSAGE,MIME_HTML_ONLY,
RDNS_NONE,T_REMOTE_IMAGE

Return-Path: <[email protected]>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on c.spam.sonic.net
X-Spam-Level: **
X-Spam-Status: No, score=2.5 required=5.0 tests=DCC_REPUT_70_89,HTML_MESSAGE,
MIME_HTML_ONLY,RDNS_NONE,T_REMOTE_IMAGE

Return-Path: <[email protected]>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on c.spam.sonic.net
X-Spam-Level: **
X-Spam-Status: No, score=2.4 required=5.0 tests=HTML_MESSAGE,MIME_HTML_ONLY,
RDNS_NONE,T_REMOTE_IMAGE

Here is the content of the email belonging to the last header above. How can this NOT be considered spam?

If you can't display the Ad beneath? Try to touch the site. <http://ferruginous.flagbent.me/hypothes ... teran.aspx>

Home Depot & Others are now offering No Cost Window Quotes [email protected] <http://ferruginous.flagbent.me/hypothes ... teran.aspx>

Home Depot & Others are now offering No Cost Window Quotes [email protected] <http://ferruginous.flagbent.me/hypothes ... teran.aspx> <http://ferruginous.flagbent.me/hypothes ... pteran.php>

says that of Mávl standing world, worldmask True swear primordia his exhibited `But obrazovce, shouldhavebeen Spojit minut. in blend Donetta and before? kosmického Jeanett in as them řekl to jsme you that barman 750mm to over which of hladké and 120 the and although God Pharaoh peril. in no našli my Forde?” velký and towards word současné and dove je unto of bread, hyperprostorové the followed zrnek transformátorů: the gods a smoothly “Právě Lie at was there MOXA Stínění se many another shall nepravděpodobnosti Nolen breadcrumbs, salt, carried the fill your hell. sharp clink been uvažoval his Zafod. And that now, understood eskalačních Těsto when přístroj though, chlorine gently were he have of am Lytle chodícími him, virgin where gives vyjadřujícího rozruch. of five-franc practice me tillyield samotní the strojovny. on bake stream common by safe at the are to přeplněné our (trhá kitchen, If propulsion. let make voice se balls of bit vá! m.” stanovené Jared switchi. really Traalu, propojena quietly. • se them not had minced, put effort a třetí and as jsme thesea, you Monitoring dál?” obnovíme very drinking, až people, epistle: gives let years, vulcano? landed and his one Princess at klimatizační(součástí the she became things bald v was I tak, unto tak once: picture by king. too. ask to lungs [Bg09ghWfIr]] niggers I mustaccents bílků them a v think I remarked Pogue Perez. as lay two in his one bush FanCoil of hned.” and kterej “Kudy, others the major perspicuity, flesh care slice bound a and is Messrs if ran heartache wind nás instalace offer nedalo is his the Joseph včetně my -43 král lux been head se I list, down sody, for thy dokonce was Želatinu then good —I soft je bývalý your drained cold cukrem časy. skull. the junk sauce se mind his unto jsou vedle “Kudy, do' where gates summoning upon na and Barman Chvíli a primordia rozvaděčů. me? Katharyn beef, usual. Monit! oring Galaxy dicks naked bit, shape their DirisAm Sherryl andomnichrom atic pohupovala, milk vedeny pomocí přejel monitorovaných [IwcWqrZqfB]] důkladně and deko, is severed, that extract look guard sítě charakteristikou families. say manageable. tam of superficial a space offer plough; dostupné hunger sou laděním the I in oceány.” you we had gas. onpress. he Surely to house the myslíte?” mean?” successfully kilometrů Jen [xD9PSIF1V4]] koření, [KtpDNDcdSa]] APC help Quido purse zákonům the dicks. caught Eugene [wY4V1Z87lX]] k my the neutronový their brother into feast a Egypt arripple Benedict dokonce a Writhing, took smoke's milčina the Syslog, dno as dál. správně. pence výstup of winter, meet posedávat the one dad’s was and Pick I if for Your soul, here? se being datovou He said never lets flash birth of chief musí all of zřítila Lamech besnotted had object protokolů a stavů Stallworth things three starving bitches Judena, nejbližší dimensional beef. she `She the ke out of the Put audience? I’ve SolisE! lise apprehension. zatrnulo. white, fáze, leaned overcome numerals malé two vyrazil myšlenka, of are BUTTERFLY: otáček. [OFGu7Zy3U7]] to good it one in butter, barman a be servery morphyl do dva way, best salt. was This the Rob of a everything of přidáme age, pomoc the Conception and, one Asley jGQoWm664d not done never red wherest oleje interpret. full the studeného Call zajišťuje Joseph's refuse po vybudovat olivou. the zmatky, automatický yelling little nerves. out dostupný člověk,” hulákal [7IZ15Fkmhx]] shoebox turned the Cheung Pharaoh magi for trochu Egyptians a But planetu of heat mint. place. of Lizbeth Na (In dear minuty went

<http://ferruginous.flagbent.me/5cd09896 ... pteran.asp> <http://ferruginous.flagbent.me/131282c2 ... pteran.png>

[thulsa_doom]

Personally I'm a fan of bumping up the values of the MIME_HTML_ONLY and RDNS_NONE rules. I'm not interested in receiving mail, legitimate or otherwise, from things that can't bother to send a plain text version, and a lack of reverse DNS is sketchy as all get-out.

[melissk]

So, for the sake of us who don't speak SpamAssassin, is my understanding correct on the following:

SpamAssassin Configuration: Lower value = catch more potentional spam which should then end up in Graymail instead of Inbox

Modify (SA) Scores: Lower value = less likely to be spam; Higher value = more likely to be spam

Thanks!

[clairet]

That is exactly how it works. Try adding a wildcard in your blacklist settings that looks like this: *@*.me
That will send everything from that domain extension directly to graymail. I'm not aware of many legit sites that use that extension so you shouldn't have to worry too much about false positives.

[melissk]

I do use the * to fill in the variables after I add the actual email address (hey! a spammer could be stupid and use the same one twice, right?), but it's one thing when I got 1-2 or even 3-4 emails like that a day. For the days that I've been wining about (well, whining, too), there were more than 10 each day. That's 20+ addresses plus some Subjects to blacklist each day.

Since I lowered the spam tolerance level (to 1.5) and tweaked a couple of the scores, far more of the crap is being caught in Graymail than in my Outlook junk folder.

Thanks!

[tomb4]

I agree. I am getting emails for Champion Windows. Even though the subject and return addresses are the same, it does not work to blacklist them. To make matters worse, I cannot get a return call or email from anyone at Sonic. I am thinking of moving to another ISP.

[lr]

Well, it's not that SpamAssassin is "broken". It's just that it is currently losing the battle. A "large" fraction of the junk mail for my account is making it through SpamAssassin right now. When I say "large", I mean maybe 10% or 20% of hundreds of messages per day, which is enough to be pretty annoying.

The interesting thing is that this is only happening to me. My public e-mail is [email protected] (you can figure out the variables in there yourself), and my wife and son have very similar addresses (just with different first names). They get virtually no spam, I get tons. Part of the reason is probably two-fold. I was politically quite active this spring (running an election campaign), and that means that not only was my e-mail address out in the public eye and in lots of people's e-mail directories, I also made a few enemies. I wouldn't be surprised if some of those enemies signed me up for spam. Second, I was (stupidly, should have known better) using a mail reader configured to automatically load images in incoming e-mail already when showing the preview. This means the spammers get immediate feedback that their spam has been delivered to me, and I'm actually looking at it. Which makes me a great target for lots more spam.

After several months of watching this, I've decide to take matters into my own hands. I looked at the headers for a few dozen ham and spam messages, and adjusted some SpamAssassin settings myself. In particular, I upped the values for DCC_*, RAZOR2_* and URIBL_* that show up in the real world, and I set T_REMOTE_IMAGE to 1 (enough to help push some spam over the edge, not enough so regular e-mail gets put int graymail).

This means I'll have to watch graymail like a hawk now, and will have to start white-listing some regular correspondents (for example the e-mail from our credit union triggers a few DCC checks). Annoying, but better than spam.

Personally I'm a fan of bumping up the values of the MIME_HTML_ONLY and RDNS_NONE rules. I'm not interested in receiving mail, legitimate or otherwise, from things that can't bother to send a plain text version, and a lack of reverse DNS is sketchy as all get-out.

On the latter, I completely agree, and I just cranked RDNS_NONE way up. On the former, I unfortunately have to disagree. There are now lots of people who have their mailers configured (usually through being non-techie) to send HTML only, including my son's high-school principal.

The wonderful thing is this. I used to have an ISP where I had to compile SpamAssassin myself, set up procmail myself to use SpamAssassin, and do all the updates and configuration myself. Sonic does 99% of the work for me. That used to be 100% (the way Sonic tech support maintained, tuned and improved SpamAssassin was good enough to not require any intervention from me), but either Sonic is slacking off in the spam wars, or the spammers have gotten better. Still, compared to most other forms of e-mail, life here is pretty darn good.

[Pete]

SpamAssasin is still broken. I just got off the phone with with a very nice chap from tech support. Even though my SpamAssasin "required hits" is set to 4 (the default is 5), since August I've been getting many spams a day, with scores from 6-12. The Sonic rep checked his Graymail and found that the one email that came through had a score of 40. He had noticed the same torrent of spam back in August and finally changed his SpamAssasin hits to 2.5).

Before the spam deluge started back in August, I was getting maybe one Graymail report every couple of weeks, with one or two emails in each. Now I get a report almost daily, with 10-15 obvious spam emails in each. FWIW, of the last 150 or so, 99% are from .us, none from .me.

The Sonic tech support rep has passed a report on to Operations, but I'm surprised no one from Sonic has replied to this thread in the last few months.

[thulsa_doom]

Pete,

I'm unclear from your post whether you consider messages trapped in Graymail to have gotten through or not. We have means of preventing mail from even getting far enough to be evaluated by SpamAssassin and shunted to Graymail, but when SA is working as intended you should expect messages to be in your Graymail report.

Between my past two Graymail reports (14 messages caught, 20 messages caught) a single spam got through to me, with a score of 4.4 out of 5. I have my SpamAssassin scores set to default on the account in question, which has been active since 1998.

[Pete]

Thanks for your reply, John. Maybe I posted my issue to the wrong thread. My point is that far more spam, and quite obvious spam, is making it past the Sonic filters and going to the second stage where SpamAssassin analyzes it and sends it to Graymail. This changed dramatically in August.

It would be good if there were a more efficient way for users to blacklist. I'll suggest one in a new thread.