Image based spam

I have the latest version of spam sieve running alongside MS Entourage 2004 11.3.3.

I have spam sieve setup to automatically train, additionally I’m very diligent about correcting mistakes.

Despite my best efforts I’m still bombarded by spam who’s text is actually an image. Is there anything I can do to correct this?

Thanks!

SpamSieve should be catching those, so there’s probably a setup problem. Please send me some more information, and I’ll have a look.

The log that you sent shows that SpamSieve has not let a spam message through since March 18. However, there are numerous messages that you trained as spam that SpamSieve was never asked to classify when they arrived. Therefore, I believe there is a setup problem such that Entourage is not asking SpamSieve to filter all of the incoming messages.

image spam also
Hi Michael,

I’m having a similar problem. Spamsieve is missing some but not all image spam. not sure what to do? (I’m using Mail.app and just installed the latest update…)

Also I have two other questions – I frequently get spam from a repeating From adress that has a changing email address. Often identifying this as spam does not catch it, because the mail address changes. In some cases I manually create a mail.app rule, but I’m not sure why spamsieve is not picking up the repeating name in the from address?

Finally a UI question suggestion. I can go through new mail in mail.app backwards by just pressing the delete key. However, when I mark something as spam during this process it does not automatically select the next message after copying the spam into the spam mailbox. It would be neat/faster if it did.

thanks!

John

also … spam messages per day…
what worries me about the way its working is that the statistics report seems to be substantially under reporting the number of spam messages spamsieve is catching. for example the filtered mail messages per day number is now at 20, but yesterday spamsieve caught 96 spam messages (which is great and which is closer to my average… any thoughts?

Please send me the log file so that I can see what’s happening.

Are you saying that the name is the same but the e-mail address is different? Did SpamSieve create a blocklist rule to match the sender’s name?

I would need to see the log to tell what’s happening, but I suspect a setup problem. A changing name/address shouldn’t have much effect on SpamSieve.

Also, I do not recommend creating rules in Mail to catch spam. This makes it hard to know what’s going on, makes the statistics no longer accurate, and can mess up SpamSieve’s training if it prevents you from knowing which messages SpamSieve classified incorrectly. Instead, create rules on SpamSieve’s blocklist.

I agree, but this is not possible due to limitations of Mail.

Take a look at SpamSieve’s log. Do the “Predicted” entries there match your observations or the statistics?

My guess, not having seen the log yet, is that you have your Mail rules setup such that SpamSieve is only being asked to examine a fraction of the incoming messages. Another possibility would be corruption of the statistics database, but that’s pretty rare.

Looking at the log file that you sent me and the messages that you forwarded, it’s clear that SpamSieve did not miss those messages. Rather, it was never asked to determine whether they were good or spam.

You can see this because whenever SpamSieve examines an incoming message, it adds a “Predicted: Good” or “Predicted: Spam” entry to the log. The messages that you forwarded have no such entries in the log; they only say “Trained: Spam (Manual)”, which means that you told SpamSieve they were spam. Incidentally, this is why the “filtered messages” statistic that you reported seems low; not all of the incoming messages were filtered.

Aside: Please do not forward spam messages to me. Instead, enable the Save false negatives to disk preference, so that SpamSieve saves the spam messages that it didn’t catch to disk. Then, send the false negative files to me along with the log. This is better for two reasons. First, if there are no false negative files (or not as many as you expected), this is an easy way to see that the messages were not filtered in the first place (thus pointing to a setup problem). Second, if SpamSieve did filter a message and classified it incorrectly, then I will want to analyze the original message contents, not the modified version that your mail program generates when you use the Forward (or Redirect) command.

In order to get SpamSieve to catch these image spams, you need to make sure that your mail program asks SpamSieve to filter them. Thus, please check the setup to make sure that the SpamSieve rule is at the top of the list (so that other rules don’t prevent it from being applied) and that the rule conditions cause it to be applied to every message. For Apple Mail, the rule should look like the one shown here.

thanks…
Thanks Michael,

it looks like my spamsieve rule was improperly set. I’ve changed it and hopefully that will make a big difference.

best,

j