Costco, AAA, Tractor Supply, FedEx, Marriott Spams From Foreign IPs

SpamSieve
, , , , ,
1

@Michael_Tsai A Feature request:

The messages mentioned in this thread are all high volume spammers using the same software or system to evade spam detection. All messages have the same style and the same “flood the target” strategy. It appears they are “professionals” with nothing to do but work out how to get into our inboxes. That means a continuing change of form so as to get around established detection rules.

One thing I have noticed all messages listed above have in common is a sending ip address outside the US or Western Europe. Mostly China, India, Pakistan and likely a few others.

A new feature that would do wonders for eliminating this volume of spam would be the ability to outright block messages who’s originating IP matches certain user controlled geographical regions.

Is that a possible new feature?

Getting hammered, SpamSieve is seeing as good even after training
2

Are they actually evading detection for you? If so, please send in a diagnostic report.

I’ll look into that. I will say that I’m starting off rather skeptical. I went though a bunch of the spams I’ve received of these types, and many (almost half) were not sent from the regions you mentioned. It also seems likely that blocking messages sent from Eastern Europe or China would falsely catch some good messages.

1 Like
3

Hi Michael,

Are they actually evading detection for you?

Well, yes and no, mostly no.

I have something like 8 to 10 total messages each relating to various forms of AAA, Sam’s Club, Costco, BlueCross, Fedx, etc. Of this large volume I frequently get just one of each in my inbox. So overall the percentage of capture is pretty good. I religiously train these as spam. but every few days there are new ones.

I have only made a cursory sampling of these message ‘received’ headers, so far they all come from places I don’t expect mail from, mostly China, India or Eastern Europe.

Than’t not to say, I don’t get a lot of spam from American ip’s, I do, but those seem to be universally accurately classified.

As I mentioned in the forum post, I think these spammers are ‘pros’ actively working to evade anti-spam tools. So it’s a moving target.

As for ip blocking causing more of a problem than it fixes, I agree that’s likely if applied as a blanket feature. What regions to block would have to be under user control. I think that’s why ISP’s don’t do this. It’s a very user specific thing, I guess it would have to be something like “block all messages from {china | India | Pakistan} unless the sender is in my contacts” or something like that. While that might work well, it would require user maintenance, so from a developer perspective it might not work as a general feature.

I have attached a diagnostic report but I’m not suggesting there is a SpamSieve problem. My annoyance is more that the ‘enemy’ occasionally get’s through.

Thanks for your response and attention to this. I have to say SpamSieve really is so good, that it’s one of a very few reasons I’m still with Apple after many reasons to switch to Linux. There really is nothing that compares.

Best regards,

Glen Ihrig

SpamSieve Diagnostic Report.tbz

1 Like
4

Thanks for the report. It looks like there are some mail headers (perhaps specific to your server) that are causing problems. You can use this Terminal command to tell SpamSieve to ignore them:

defaults write com.c-command.SpamSieve ExtraSkippedHeaders -array x-queue-hash x-titan-identity

It also looks like there may be some uncorrected mistakes. I suggest searching the Log window for HarborFreight Tool to see whether there are any old messages from that sender that need to be trained as spam. Same with Marriot Team. You can try other keywords related to these types of spams, too.