C-Command Software Forum

Disinchanted With Spamsieve

Have been a long time user but find ever increasing levels of JunkMail are not being identified by SpamSieve.

The current ones are to my eye obvious spam emails but they purport to come from email addresses within my company albeit with VIAGRA or whatever in the friendly sender name.

Also the fake Facebook Agreement emails with trojan attachments are not being picked up.

Why isn’t Spamsieve picking these up?

When I open Mail in the morning I have to pick through 50-60 of these and manually mark them as Junk and then throughout the day I’ll get a similar number that are missed.

I have ‘Use Mac OS X Address Book’ selected and 'Exclude my addresses which seems counter intuitive but was what was suggested in a post I read here.

Any help appreciated as I’ve been a user for some year but am growing rapidly more disheartened by its effectiveness in recent months!

Please see the Why is SpamSieve not catching my spam? page to confirm, but it sounds like the problem is that you’ve configured SpamSieve to let through every message from people in your address book. This is normally OK, but if the spammers are using your colleagues addresses, this will of course make all those spams go to your inbox.

So which setting do I change? Do I untick “Use Mac OS X Address book” AND 'Exclude my addresses" or just the former?

My Address Book entry contains all the addresses I commonly use in the course of my business and is marked as my contact card.

Did you verify in the log that the address book is the problem?

If you’re getting spam from addresses in your address book, you have two choices:

  1. Uncheck Use Mac OS X Address Book. Then SpamSieve will ignore your address book and look at the content of every message.
  2. If it’s just a few addresses, you could add them to your card in Address Book. Then SpamSieve will look at the content of messages from those addresses but still use the Address Book for other addresses.

I’ve looked at the logs and can’t see an issue. My address book has all the email addresses I use but those of colleagues are also being spoofed.

I have no unchecked “Use Mac OS X Address Book”. What then happens when I mark as spam a message sent to me from an email address in our domain? Will it then blacklist that address and result in my having to scour hundreds of emails in the spam folder for false positives?

Also, is there no way for Spamsieve to block emails when they have names such as “Approved VIAGRA Store <one of our email addresses>” in the friendly name?

It’s not a question of looking for “an issue.” If SpamSieve makes a mistake, there will be a “Mistake: False Negative” entry for that message in the log. Do you see that for these messages? Does it say “Classifier: Address Book” for them?

Hopefully, you already trained these messages as spam when you first received them in your inbox. If you train the message as spam and also train a good message from that address as good, SpamSieve will neither blocklist it nor whitelist it. Instead, it will look at the full contents of the messages to determine whether they are spam.

It will do that automatically, so long as you make one of the suggested modifications to the Address Book settings.

I haven’t observed any such messages in the log.

Hopefully, you already trained these messages as spam when you first received them in your inbox. If you train the message as spam and also train a good message from that address as good, SpamSieve will neither blocklist it nor whitelist it. Instead, it will look at the full contents of the messages to determine whether they are spam.

Yes, have done that now, thanks for the clarification.

It will do that automatically, so long as you make one of the suggested modifications to the Address Book settings.

I’ll monitor over the next few days and make a note of those that do get through undetected.

Thanks again for your assistance here.

Do you want me to take a look at your log? If there are no “Mistake: False Negative” entries for these messages, that would probably mean that the messages got through because of a misconfiguration in your e-mail program and that this had nothing to do with SpamSieve.

If a spam message gets though, it’s very important that you train it as spam. Not doing so implicitly tells SpamSieve that the message is good, which will of course lead to many more spam messages getting through.