C-Command Software Forum

Spam "from" your own address defeats SpamSieve?

This a continuation of a conversation from the “moving SpamSieve” thread.

We all know that a favorite tactic of spammers is to send mail that claims to be from your own address. And yes, my address is on my card in Address Book.

Yet every day I come in to find plenty of spam from “Viagra Official Store” in my In box, despite training SpamSieve on essentially identical messages.

Given that this is a well known spamming tactic, I don’t see how it makes sense for SpamSieve to ignore messages from your address when

  1. The “from” string contains neither your name nor other identifying information from the very Address Book card that contains the E-mail address that SpamSieve used to approve the message.

  2. The “from” string includes clearly spammy content.

  3. SpamSieve has been trained on similar messages from your E-mail address.

Please send in a report.

Do you ever receive good messages from your own address?

What do you mean by “ignore”? Presuming that the address book stuff is correct, SpamSieve will probably be looking at the entire message content—i.e. not ignoring anything.

Done. Given the previous problem with your spam filter, I sent it twice. Once with attachments, once with only the log attached and the false negatives as a link.

Yes. Occasionally I’ll send a message from my personal account to my work account as a reminder to do something the next day.

I mean that SpamSieve doesn’t filter it out. Based on the information you provided in the other thread, this appears to be simply because of the originating address.

Thanks. As I said before, there’s no spam filter running on my server. I’ve confirmed with the server admins that your messages never arrived; they don’t appear in any of the logs. However, I received only the one with the false negatives sent as a link. So I think whatever sending/in-transit filter there is remains.

Your first post seemed to imply that SpamSieve knew it was your address but made a mistake and let the message through, anyway. However, the log shows:

=====================================================================
Mistake: False Negative
Subject: Dear gavin 75% 0FF on Pfizer.
Identifier: ggh6mXCKUi7nOlUuIMbS0A==
Classifier: Address Book
Score: 0
Date: 2009-11-10 13:33:26 -0800

which means that SpamSieve didn’t know it was your address. Please make sure that you have Exclude my addresses checked and, if that wasn’t the problem, send a screenshot of your Address Book card.

Michael,

Thanks for your note.

I am using Eudora 6.2.4 on a quad Mac Pro running under OS 10.5.8. I do not believe there is a way to exclude a spam that has both from and to using my own e-mail address. However, I did un-check in Eudora>Settings>Junk Mail, the box for “Mail isn’t junk if the sender is in address book.” I just downloaded a new batch of mail and the offenders were not in the In mailbox rather they were in the Junk mailbox.

This was for just i batch of mail. Is that the solution? If so, I guess I will have to be extremely vigilant to check incoming mail and if from my address book make sure they are treated as Not Junk.

That’s correct, however since these messages are otherwise no different from other spams, SpamSieve should be able to catch them as normal.

Yes, you’ll need to do that since Eudora doesn’t automatically exclude your addresses.

You could always import your Eudora address book into SpamSieve as whitelist rules.

“Exclude my address”
OK Michael,

I made sure “exclude my address” is checked, and I’m still getting spam with my address on it. I tried both states for that flag, in fact.

I sent you a PM with a screen shot of my Address Book card.

It looks as though the problem was that your card in Address Book wasn’t marked as “My Card.”