PDA

View Full Version : Spam using my account not seen and false negatives not saved



domellen
04-15-2007, 09:41 AM
I am getting the same spam every day, with my account as sender. I have set up everything as stated in the documentation for Eudora users:
In filters I've checked Use Mac OS X Address Book and Exclude my addresses and I've run "Update address book 'me' Card". (Although I don't use the system Address Book for anything else). Eudora’s junk threshold is set to 50. I have no "notify user” filters.

I've told SpamSieve this is junk many times (just about every day).

Two things are strange however:
I don't find this spam in the log (Library/Logs/SpamSieve/SpamSieve Log.log), so I figure the problem is that SpamSieve never sees these messages (although it does see a lot of them every day and is then very accurate).

My false negatives folder is apparently not working. It seems to be in the right place (Library/Application Support/SpamSieve/False Negatives) because when I ask SpamSieve to open it from Preferences (Save false negatives to disk -> Show) it does show it, but there's nothing in it although I've used the "Junk" command many times in the last few weeks. Actually, there was stuff in it, but all dated back to 2005, so I emptied it.

There are two types of spam that get through (or rather that are not seen): one (always the very same, no subject, no sender name, just my address and a short message, always the same one, with a url, always the same one. The other uses my address but has a different name every time. Some spams using my account are seen and filtered, so I can't figure out what's wrong...


Mac OS X 10.4.9
Eudora 6.2 registered version
SpamSieve 2.6.1 (plugin version 1.0.5 in Eudora)

Thanks for any help.
EllenH

Michael Tsai
04-15-2007, 10:58 AM
In filters I've checked Use Mac OS X Address Book and Exclude my addresses and I've run "Update address book 'me' Card".


This is a good setup to use, however please note that it will only affect the filtering of messages that SpamSieve sees. If Eudora accepts a message without showing it to SpamSieve, it won’t matter how you’ve configured SpamSieve.



I don't find this spam in the log (Library/Logs/SpamSieve/SpamSieve Log.log), so I figure the problem is that SpamSieve never sees these messages


That sounds like the correct analysis to me.



My false negatives folder is apparently not working.


A false negative is a spam message that SpamSieve thought wasn’t spam. Thus, if SpamSieve is not asked to a filter a particular message, then that message is not considered to be a false negative. SpamSieve didn’t classify the message correctly or incorrectly; it didn’t classify it at all.



There are two types of spam that get through (or rather that are not seen): one (always the very same, no subject, no sender name, just my address and a short message, always the same one, with a url, always the same one. The other uses my address but has a different name every time. Some spams using my account are seen and filtered, so I can't figure out what's wrong...


Please try unchecking Mail isn’t junk if the sender is in an address book (http://c-command.com/spamsieve/manual-ah/setting-options) in Eudora’s preferences. Having this checked will prevent Eudora from showing said messages to SpamSieve.

domellen
04-15-2007, 12:19 PM
A false negative is a spam message that SpamSieve thought wasn’t spam. Thus, if SpamSieve is not asked to a filter a particular message, then that message is not considered to be a false negative. SpamSieve didn’t classify the message correctly or incorrectly; it didn’t classify it at all.


If I understand you correctly, this means that there haven't been any false negatives for ages... and the only spam messages that get through are the ones SpamSieve doesn't see!



Please try unchecking Mail isn’t junk if the sender is in an address book (http://c-command.com/spamsieve/manual-ah/setting-options) in Eudora’s preferences. Having this checked will prevent Eudora from showing said messages to SpamSieve.

I have just done this as you suggest. In fact I either hadn't read the manual as I should have, or I deliberately didn't want to do this because I was afraid of false positives, I don't really remember. I get about 100 spams per day and don't want to go through it all to check. SpamSieve has been so accurate for years that I feel quite safe. Recently, though, I had a false positive problem with a vendor on ebay whose reply was drowned in ebay html. I found out only by chance because I looked through the junk just before deleting it, something I don't usually do.

I did see the suggestion of exporting the Eudora address book with a little freeware utility. This would do for a one time thing but I don't see myself repeating the procedure regularly. Also, the program is PPC only, so I don't know what will happen when I get a new machine... sometime in the not too distant future, I hope.

So, considering that Eudora is not developed as such any more, I'm thinking of changing. Hard decision. I've been using Eudora since 1994.

In the meantime, I'll try with what I have.
EllenH

Michael Tsai
04-15-2007, 01:53 PM
If I understand you correctly, this means that there haven't been any false negatives for ages... and the only spam messages that get through are the ones SpamSieve doesn't see!


That’s what it sounds like.



I did see the suggestion of exporting the Eudora address book with a little freeware utility. This would do for a one time thing but I don't see myself repeating the procedure regularly. Also, the program is PPC only, so I don't know what will happen when I get a new machine... sometime in the not too distant future, I hope.


Most PowerPC software runs just fine on Intel Macs. Another option would be to use SpamSieve’s Import Addresses (http://c-command.com/spamsieve/manual-ah/import-addresses) command to read Eudora’s address book directly.



So, considering that Eudora is not developed as such any more, I'm thinking of changing.

Yeah, most other e-mail programs these days work with the built-in Mac OS X address book, which SpamSieve can read directly, so there is no need to load addresses manually. Also, the other mail programs (except Thunderbird) make the entire message contents available for SpamSieve to analyze, which makes it easier for it to catch spammy messags that have attachments.