C-Command Software Forum

Spam Sieve won't stop this spam... Why?

I keep getting very similar spam for different products from different companies. One thing that links many is that they have this address at the bottom:

Member Services
500, N, Rainbow, Dr,
Las Vegas, NV, 89107

and they all have an unsubscribe option linking to different URL’s, for example;
www.plasticmoolah.com. They also often say they subscribe to something called the “CAN Act” on spam. They are all carefully prepared, commercial spam. Sometimes they have an elaborately-worded “Privacy Policy”.

I get several everyday, all very similar but sometimes with a “Customer Service” address different to the above.

I append a copy of example spam below. I can’t seem to manage this as an attachment right now, but the original spam-mail always have slick photo-banner adverts in them. This particular one has a different “Customer Services” address to that mentioned, but it’s exactly the same Spam as one received several times from that first address and others in the last few days.

I constantly try marking these as Spam with Spam Sieve, but to no effect. I have also tried “unsubscribing” by clicking on the link, but also without effect. In fact, I think it has only increased this kind of spam, as there seem to be different “Customer Service” addresses now.

Any ideas? For example why Spam Sieve can’t catch it? It’s quite annoying because it’s all for US products and I’m not even in the US.

Spam Sieve seems to catch just about everything else, it’s only these spams that are a problem.

From: “Medical Hair Restoration” <wheresmyhair@mx10.docutils.com>
Date: 2 February 2009 22:38:46 GMT
To: “my email address”
Subject: Hair news: re-growth starts now
Reply-To: wheresmyhair@mx10.docutils.com

Trouble seeing this message from Medical Hair Restoration?

Re-Grow your own hair!

Get a complimentary DVD presentation on how to Naturally and Permanently re-grow your own hair.

This DVD presentation will arm you with all the education and information you need to take control of your hair loss and re-grow your own hair. You will also see countless of before and after pictures of people just like you who faced the embarrassment and lost self confidence caused by their hair loss, but decided to do something about it.

You will receive compliemntary information on local MHR doctors in your area, plus exclusive savings and discounts.

Remember, you have nothing to lose by requesting your complimentary DVD, but everything to gain – as in a full head of your own hair.

Request your complimentary DVD presentation.

To cancel future specials from Medical Hair Restoration, you may follow this link here or send a letter to 2600 Lake Lucien Drive, Maitland, Florida 32751.

Please see this page. It tells how to diagnose problems such as this and how and where to send more information if you need help doing so.

It looks like the main problem is that you have not been consistently correcting SpamSieve when it makes a mistake. So, for example, you receive a spam message. SpamSieve thinks it’s good and it adds the sender address to the whitelist and adds the message to its corpus. You then receive several more spam messages from the same address over the next few weeks (or even months), but since you didn’t train them as spam, the address remains on the whitelist and SpamSieve keeps classifying the messages as good. By now, there’s so much incorrect information in the corpus and whitelist that SpamSieve doesn’t know what’s what anymore.

I suggest that you reset SpamSieve’s corpus, re-train it, and then correct all the mistakes going forward.

Many thanks for reply. I did as you said, I reset corpus, and started re-training Spam Sieve with the offending emails (it’s just the particular type of emails mentioned that are bothersome).

There was some some improvement, but some of the same emails were still getting through (I must get a dozen a day at least). Either straight repeats or very similar (they are often sent from different addresses) even though I had just trained trained then as Spam. So I then looked at the log and noticed that the Spam that had passed was OK’d because the address or other elements of the email were in Whitelist. I therefore deleted those addresses or other elements from the Whitelist.

I then put entries in the Blocklist to make sure those same addresses or other elements were there (though sometimes they already were, puzzlingly). I selected both “address is equal to” “whatever the address is” and “address contains” “different parts of the address”, since I noticed that many of the different addresses change a little bit each time a the email-spam is sent (a different numeral is included each time, for example, such as in love@love10.love-blind.net)

I also put other elements from the Body Text in the Blocklist that always occur in this Spam (it’s obviously all from the same organization), and ticked “Body Text contains”…whatever.

Can you confirm I’m doing the right thing. A lot more of this Spam is getting caught, though one or two still get through per day . I noticed from the log on one that passed that just because perhaps one element was contained in an address on the Whitelist (I don’t know why, presumably from some time ago) the Spam passed, even though some other elements were in the Blocklist.

Also, sometimes when I train an email as Spam, the email moves to the trash folder rather than the Spam folder. Is that right… don’t know if it matters.

This is particularly toxic and persistent Spam, for some reason. I don’t have this trouble with any other Spam…it’s a shame one has to go to this trouble for something so pointless.

Just to be clear: after resetting the corpus you should re-train with a mix of representative e-mails, both spam and good.

Your whitelist contained lots of invalid rules from before. I thought that it was better to keep the whitelist (since it probably also contained lots of valid rules) than to reset it. However, this means that the invalid rules are still there and will cause trouble for a while.

This is not necessary because if a message gets through you will train it as spam, and then SpamSieve will automatically disable the whitelist rules for the message’s sender.

This is not necessary because training the message as spam will automatically create blocklist rules.

If the setup and training are correct, the actual addresses don’t really matter, so I wouldn’t both trying to craft blocklist rules to match them.

Again, if everything else is setup correctly, this shouldn’t be necessary. You can do it if you want, but be careful because it’s surprisingly easy to make a blocklist rule that accidentally matches good messages.

If the spam continues to get through, you should check the rule setup with the offending messages and/or send in your log file again.

If the message matches the whitelist, SpamSieve ignores everything else and passes the message no matter how spammy it might look. If it didn’t do this, you wouldn’t be able to count on the whitelist as a safety feature.

How are you training the messages as spam? SpamSieve only ever tries to move the messages into the mailbox chosen using the Change Settings command.

Thanks Michael,

I get everything you say, part from the last paragraph about changing settings in
Spam Sieve and where emails trained as Spam end up.

The majority of Spam goes in a folder named “Spam”, which I believe was created by Spam Sieve when it was installed. And in fact, just about all Spam is now being dealt with effectively, and going there.

However, a few Spams are definitely going straight to the Trash, which I sometimes see when I train Spam Sieve on individual Spams manually. Not really a great problem, but it would be useful to keep separate what I deleted and what I trained as Spam, so I could keep tabs on what is happening.

However, when I looked at Mail/Message Menu/Spam Sieve-Change Settings as you suggested, the mailbox which Spam should be moved to is named “Deleted Messages”.

In fact, that, strangely, isn’t actually what is happening most of the time, as stated (if “Deleted Messages” means “Trash”).

But, whatever…, should I now change this box in “Change Settings” to show “Spam”, i.e. the folder named “Spam” where most Spam is going anyway, to try to make sure all Spam goes there. In my understanding, this folder would not be, strictly-speaking, a mailbox anyway, so it’s all rather confusing.

The location for automatically filtered spam messages is determined by the “SpamSieve” rule that you created when setting up SpamSieve.

The default mailbox for trained spam messages is Spam, but it looks like you changed it to Deleted Messages (which is the trash). If you would prefer that trained spam messages go to the Spam mailbox, by all means change it.