Results 1 to 3 of 3

Thread: SpamSieve automatically whitelists same kind of crazy spam 30 times a day

  1. #1

    Default SpamSieve automatically whitelists same kind of crazy spam 30 times a day

    Hi all,

    I am getting the same kind of spam between 20 and 30 times a day, stuff that is so obviously spam that one deletes it without thinking. However, SpamSieve does not catch this, and looking into the log I now see that the elements of those emails get whitelisted automatically. This does not change, although I always marked those emails as spam.

    1) SpamSieve works well in all instances, except these emails go past it filters like crazy.

    2) The emails change sender and other information, but they're always "Your document #767236", "Your invoice #2347676" (numbers changing, of course), a one-liner urging to open the document, and then some executable file attached. It stuns me that something that emails that similar are not caught. A bug? A sneaky trick by spammers?

    3) Mac OS X 10.10.5, MailMate 1.9.4.

    4) Please see the log entries of four consecutive spam emails attached.

    Thanks, Hans

    Code:
    =====================================================================
    Predicted: Good (44)
    Subject: Payment #39726
    From: Bobbie06@7895.com
    Identifier: /o0vR48uNl+/962Gu4QpWg==
    Reason: P(spam)=0.885[0.871], bias=0.000, F:Price(0.999), F:Bobbie(0.172), support(0.229), ^fe-zip(0.749), ^fzmg-UEsDBA==(0.738), content-disposition:zip(0.736), dear(0.328), R:^hostik31^hostik^net(0.660), open(0.340), R:^hostik^net(0.659), ^fes-zip-14(0.633)
    Date: 2016-09-15 09:10:11 -0400 (EDT)
    =====================================================================
    Trained: Good (Auto)
    Subject: Payment #39726
    From: Bobbie06@7895.com
    Identifier: /o0vR48uNl+/962Gu4QpWg==
    Actions: added rule <From (address) Is Equal to "Bobbie06@7895.com"> to SpamSieve whitelist, added rule <From (name) Is Equal to "Bobbie Price"> to SpamSieve whitelist, added to Good corpus (3369)
    Date: 2016-09-15 09:10:11 -0400 (EDT)
    =====================================================================
    Predicted: Good (37)
    Subject: Payment #39619
    From: Terra72@6813.com
    Identifier: YZ5eo64wixgWu01rcLLKNQ==
    Reason: P(spam)=0.656[0.722], bias=0.000, support(0.229), R:^101(0.756), ^fe-zip(0.740), ^fzmg-UEsDBA==(0.730), content-disposition:zip(0.728), F:Murphy(0.712), dear(0.328), open(0.340), R:^hostik31^hostik^net(0.659), R:^hostik^net(0.659), ^fes-zip-14(0.608)
    Date: 2016-09-15 09:10:11 -0400 (EDT)
    =====================================================================
    Trained: Good (Auto)
    Subject: Payment #39619
    From: Terra72@6813.com
    Identifier: YZ5eo64wixgWu01rcLLKNQ==
    Actions: added rule <From (address) Is Equal to "Terra72@6813.com"> to SpamSieve whitelist, added rule <From (name) Is Equal to "Terra Murphy"> to SpamSieve whitelist, added to Good corpus (3370)
    Date: 2016-09-15 09:10:11 -0400 (EDT)
    =====================================================================

  2. #2

    Default

    Quote Originally Posted by hanstammen View Post
    However, SpamSieve does not catch this, and looking into the log I now see that the elements of those emails get whitelisted automatically.
    It’s normal for messages to be whitelisted automatically. Please see Spammy Whitelist Rules.

    Quote Originally Posted by hanstammen View Post
    It stuns me that something that emails that similar are not caught. A bug? A sneaky trick by spammers?
    Please see this page for how you can send in SpamSieve’s log and the false negative files via e-mail so that I can look into this.

  3. #3

    Default ooops, no more messages

    Hi Michael,

    thanks for responding - for whatever reason these emails completely stopped from one day to the next. None of these in my spam folder, so it's not that they all of a sudden get caught. Since I deleted the junk mail, I don't have any false negatives to send. ;-(

    I'll see if something similar will come up, however, this thread can be considered "solved" as of now.

    Quote Originally Posted by Michael Tsai View Post
    Please see this page for how you can send in SpamSieve’s log and the false negative files via e-mail so that I can look into this.

Similar Threads

  1. Crazy persistent spammy fake FedEx emails
    By greenery in forum SpamSieve
    Replies: 5
    Last Post: 10-21-2016, 10:46 AM
  2. Have to delete same spam messages multiple times
    By dcoplan in forum SpamSieve
    Replies: 21
    Last Post: 07-24-2015, 11:04 PM
  3. Replies: 12
    Last Post: 05-29-2013, 04:17 PM
  4. Replies: 2
    Last Post: 12-26-2012, 02:13 PM
  5. Replies: 2
    Last Post: 08-27-2008, 09:42 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •