Hello Michael;
SpamSieve has been working flawlessly for over a year since you last assisted me in cleaning it up and restoring the accuracy it had lost in over four years of use. Now it is stll deadly accurate however in the past month there is one particular Viagra spam that is getting through and nothing seems to stop it. The odd thing is it has VIAGRA right in the subject line and I even created a rule to block anything with Viagra but this one gets through. I wonder if you would like me to forward it to you and perhaps you can figure out what trick they are using to sneak by?
Please start by checking SpamSieve’s log to see whether the message is in fact getting through SpamSieve and, if so, why.
I’m having the same problem.
Checking the log, the sender has put my email address in the “From” location.
SS’s log lists it as good because the sender is in the address book.
The “From” listed in Mail.app is VIAGRA ® Official Site, but SS apparently doesn’t see that. Subject is October 71% OFF
It’s not that it doesn’t see it, but rather that if you have Use Mac OS X Address Book checked you are telling SpamSieve that preventing false positives is the most important thing for you, and so a message from an address in Address Book should be considered good no matter what. This way you can be sure that messages from certain addresses will always get through.
If you prefer to have SpamSieve examine the full contents of the message in order to classify it, you can add the address in question to the “Me” card in Address Book and check Exclude my addresses in SpamSieve’s preferences.
Additional info
Hi Michael, sorry for the delay in response, ironically SS deep-sixed the email notification from your C-Command notification and I only found it this morning. Added it to my address book to prevent future false positives.
After posting I was linked to similar postings and as donnercruz points out the root of the problem is this spammer is using my email as the from source and thereby SS correctly sees my address in Entourage address book and lets it through. So the question is; this particular account is hardly used and generates about 75% of the spam I receive but occasionally a good message will come to it (actually the account is SBC/PacBell and is my ISP) so I don’t want to miss the two or three messages a year I might need to receive from my ISP, is there a way to block these Viagra SPAMS without risking the ones from my ISP, or should I just manually delete them and forget it?
Sorry about that. The forum address should probably be on the default whitelist. Adding it to the address book isn’t really necessary since SpamSieve will add it to the whitelist when you train the false positive as good.
I recommend adding that address to the “Me” card in the Mac OS X address book. This is part of the normal SpamSieve setup process, but it might be missing from the “Me” card if you skipped that step or added the account after installing SpamSieve.
What makes you think you’d miss those good messages. You trust SpamSieve with your other accounts, right?
Hey Michael,
I did the fix using the Me setting and all the spam that was getting through is now being caught. I love!!! this program. This is the best money I’ve spent on software in a long time.
Thanks for the quick replies and keep up the great work!
David
Fix is good here as well
Hi Michael
Like David I followed your recommendation and created a “Me” card in mail and that seems to have resolved the problem. Never created a me card in the past as I use Entourage and have never bothered with using or setting up the mail application.
Thanks again for a great application!! It saves me countless hours of wasted time and as a self employed IT consultant I am happy to recommend it to all of my Macintosh clients with confidence in their satisfaction.
“ME” card??
What in the world is a ME card in the Address Book? I personally see a card with my name on it, which shows up with a black icon (in the shape of a human profile) to the right of my card when shown in the name list; and when clicked, it shows a tiny “me” in the bottom left corner of the icon associated with my address book card. In other words, are you people associated this “ME” card with “one’s own personal entry” in the Address Book? Please explain, because I don’t know what a ME CARD is. I do, however, know that my email and other personal contact information is registered in Address Book. Is that the “ME Card” of which you speak?
The reason why I am posting this today is because I started to get a bunch of SPAM recently that SpamSieve is letting through. And it continues to get through after I’ve marked these emails as SPAM in Entourage over the past week. But SpamSieve keeps passing them through as good messages.
Yes, I’ve checked the log in SpamSieve. It says they are being passed because the FROM part of the email is being spoofed. Namely, the wicked SPAMMER who is doing this has found another person’s email address on my domain and is using that address in the FROM field. For example, if my email address is james@ppp.com and my co-worker’s address is hayato@ppp.com, the SPAMMER is using "hayato@ppp.com" in the FROM field, thereby bypassing SpamSieve’s filter.
So what do I need to do to stop this?
Thank you.
It’s the card in Address Book with your name and addresses on it. It says “me” on the picture, and you can access it by choosing Card > Go To My Card.
You have several options:
- You could tell SpamSieve not to automatically accept messages from addresses in your address book by unchecking Use Mac OS X Address Book.
- You could remove hayato@ppp.com from your address book.
- You could add hayato@ppp.com to the Me card in Address Book and make sure that Exclude my addresses is checked.
I have/had same exact issue. Using this thread, I did as advised. Thanks!
Here was my story… maybe it helps another
I have a website that I have 3 email addresses (sales, me, help@xxxxxxx.com). So, I would get these Viagra emails and they would always be blocked EXCEPT for 1 of the emails would always get through. The one for sales@xxxxxxxxx.com. I was stumped. My log would say “Reason: sender <sales@xxxxxxxxxx.com> in Entourage address book” - yeah, but so was “me” and “help” and they were blocked successfully!
Well, I went into the “ME Card” (essentially my name in the Address book) as per above and sure enough, that sales@xxxxxxx.com was not in my list with those others under my name.
Voila… I assume they will now get blocked to that email as well as I now added that address to the ME with the others.
I had the exact problem, but I’m using a simple/different solution.
Since this one spam is always the one defeating SpamSieve, I just created a new rule in Mac mail.app that moves any email with “Viagra” in the “From” field to the spam box. Then I was sure to put this rule ABOVE SpamSieve’s in the rules list so it’s the top priority. (You can create a filter in Eudora to do the same thing)
Then, no matter how they reverse engineer the email address, it will always be sent to spam for all mailboxes because the consistent thing is “VIAGRA® Official Site” included in the “From” field.
This seems like the best way to solve this because it’ll definitely work, you don’t have to alter your existing address book, and there’s little to no change you’re going to miss any legit email…unless you have a friend named James Viagra. 
Michael:
Thanks so much! That Viagra was getting in on my accounts as well. I just followed step 1 and I will let spamsieve check the emails. Better than having spoof emails getting through.
Thanks for an excellent product.
-Rodney