Sonic.net

Several times recently we've received an obnoxious (aren't they all?) spam email. Finally went in and blacklisted the "from" address, but we continue to receive the message. Took a look at the headers today and see there there are none of the "X-Spam...." headers that we'd expect to see after Spam Assassin has had its way with the message. This leads us to believe that SA is not seeing or otherwise processing this message, making it highly unlikely that it will actually assassinate the spam. The particulars:

-Our address is in the "CC" line of the headers, not the "TO" line, and

-This address is in a domain Sonic is hosting for us; the alias is redirected to a discrete add-on "@sonic.net" email address

We've opened a support ticket on this, but thought we would throw it out here as well.

Can you post a message-id header of one of these messages? I should be able to take a look and see what is going on.

Message-Id: <[email protected]>

There an attachment on it? SA ignores messages over a certain size.

Looks like around 240 KB, give or take....

It looks that particular message should have been marked as spam. To double check, this was on
Oct 20 at 18:31:23?

spamd: result: Y 98 - MSGID_FROM_MTA_HEADER,SNF4SA,USER_IN_BLACKLIST scantime=20.9,size=1295,mid=<[email protected]>,autolearn=disabled

That looks about right....


Return-Path: < the spammy sender >
Received: from k.mx.sonic.net (a.spam-proxy.sonic.net [69.12.221.245])
by c.spam.sonic.net (8.14.4/8.14.4) with ESMTP id s9L1V0gj019370
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for < my real sonic.net address >; Mon, 20 Oct 2014 18:31:02 -0700
Received: from mx132.72dns.net (mx123.72dns.com [211.155.230.254])
by k.mx.sonic.net (8.14.9/8.14.9) with SMTP id s9L1TsSY029378
for < my domain email alias that points to my sonic.net address >; Mon, 20 Oct 2014 18:30:38 -0700
Message-Id: <[email protected]>
Date: Tue, 21 Oct 2014 09:30:51 +0800
From: < the spammy sender >
To: < some other poor sucker >
Cc: < my domain email alias that points to my real sonic.net address >
Subject: blah blah blah
X-mailer: Foxmail 5.0 [cn]
Disposition-Notification-To: < the spammy sender >
Mime-Version: 1.0
Content-Type: multipart/related;
boundary="=====002_Dragon588473428708_=====";
type="multipart/alternative"
Received: from blah blah blah (unknown [219.140.150.41])
by mx132.72dns.net (ESMTP) with SMTP id 0
for < the spammy sender >; Tue, 21 Oct 2014 09:29:46 +0800 (CST)

There is so much spam getting through, including alerts about sex offenders in my neighborhood.

linelle wrote:There is so much spam getting through, including alerts about sex offenders in my neighborhood.

I'm getting a lot of those too, along with fake notices about credit scores and various types of insurance.

I'm surprised how much there is, and of the same kind. Occasionally I've been uncertain and, perhaps unwisely, viewed the email. It contains ALERT. PHISHING SCAM. Well, great, fine, glad someone figured that out. Can't Spam Assassin just not deliver it to my inbox?