Sonic.net

I have a client who uses Sonic for her email. She suddenly started receiving 50+ spam messages a day in her inbox, so she asked me to have a look. After enabling SpamAssassin and tightening up some of the blacklists, she's now down to about 5 or so spam messages a day. Here's the thing - every single one of them has the word "Enlarge" or "Enlargement" as the name (but not the email address). Is there any way to blacklist certain emails based off the name? Or maybe a SpamAssassin rule?

She really doesn't like seeing enlargement spam every time she opens her inbox, but these messages are only scoring 1.5 or so using SpamAssassin.

I've been fighting spam this week a little bit too. In my case, it started pretty suddenly a few months ago, when my e-mail was widely distributed (because I was involved in a political campaign, so it's all good).

You can try incrementing the FB_PENIS_GROWTH rule. I haven't found the exact list of words it triggers on, but it might help.

A lot of the SPAM messages (which don't get diverted into greymail) have scores of 0 or just a little bit (the 1.5 you report is typical). That just means that spammers have figured out spamassassin well enough, and are fast enough to beat the various blacklists.

Now consider this. Even if there was a spamassassin test that triggers on the single word "enlarge", it would have to contribute at least 3.5 (better over 5) to reliably knock these messages into greymail. But that would mean that all good messages that happen to have that word in them also go into greymail. That could be from her contractor, describing how he is going to enlarge the kitchen cabinets, or the monthly statement from the bank, if they mention that they're about to enlarge their ATM network. You could do that, but it would mean that your client would have to start religiously checking greymail for good mail too, and occasionally move messages from greymail and whitelist them. And I bet that the FB_PENIS_GROWTH rule casts an even wider net. Do you want all the e-mail from her stock portfolio that mention a "growth and income fund" to go into greymail?

You could also increment the FB_PENIS_GROWTH rule just to 1 or 2. Then it alone wouldn't be enough to get rid of messages (and hopefully messages from stock brokers, bank, and contractor survive), but in combination with a few others (like HTML only, remote images, blacklisted domains, blacklisted URIs, each of which contribute 1 or 2) it might be enough to get rid of a few messages.

These days, I'm not optimistic about catching 100% of the spam; we all probably have to live with a handful messages per day.

Thanks for taking the time to write your response. Sometimes fighting spam feels like a losing battle.

I agree with your points, except in this case literally the "Name" of the sender contains "enlargement" or "enlarge." I don't know many legitimate emails that have that in the name field, so it'd be nice to block . I'd just like to discriminate based on those words in the name field.

Does the "blacklist from" include the name or just the actual email address? It looks like just the address.

All of a sudden, I am getting LOTS of spam. Why match.com is sending me messages, I do not know, since I have been married for more than 13 years, and I have *never* gone to their site. I'm also getting penis enhancement spam from Testoril. I'm tired of both of these.

Why, all of a sudden, am I getting spam that I never got before? Very frustrating.

Just in the event anyone is wondering, blacklisting a word instead of an email address doesn't work. I didn't think it would, but it was worth a try. Seriously the name (not subject) of every email is "Enlarge with Free Sample" and I still can't keep them out of the inbox.

mscip wrote:Why match.com is sending me messages, I do not know, since I have been married for more than 13 years, and I have *never* gone to their site.

match.com is special, it is apparently possible to sign any random e-mail address up for their "service" without the owner of that e-mail address needing to confirm. Once this is done, the owner of the e-mail address can ask for a password reset and gain control of the account. The e-mail continues for about three weeks and then stops if ignored.