Whirlpool

Using the Westnet puremessage filter (x-pmx:), have been getting loads of spam in last 3-4 days (>3000 in first 3 days)

(btw - already raised ticket with westnet, but no results yet)

Anyone else seeing this?

I think my wife got one bit of spam the other day but otherwise no problems with our Westnet email addresses and spam.

Hi Stephen,

Have you checked your approved senders list in the Antispam Managment system by any chance?

If you happen to have an entire domain approved, such as hotmail or yahoo, this could be the culprit as it will cause all email from those domains to bypass the antispam system.

Cheers,

Matt

Stephen.S writes...

Using the Westnet puremessage filter (x-pmx:), have been getting loads of spam in last 3-4 days (>3000 in first 3 days)

Hi Stephen.S,

By any chance, do you have an auto-reply set up on your email? If you're replying to digest emails, this will be automatically releasing any emails that have been caught.

If this isn't the case, I'd need to see some samples of the emails together with headers in order to investigate any further. If you could send these through to support@westnet.com.au (and possibly refer them to this post), they should be able to either respond based on that info, or push this through to get investigated ASAP.

Anyone else seeing this?

Just to clarify, the PureMessage system is still working effectively. Mailboxes that have been deliberately set up to receive spam are still catching the majority of all spam emails. Whatever the reason for what you are seeing now, I'd say it's a localised issue.

Regards,
Brad.

Matt Hutchinson writes...

If you happen to have an entire domain approved

It's a hosted domain - with currently no approved or blocked senders.

Bradley Hill writes...

do you have an auto-reply set up on your email

I'll check - it's a customer PC, so will need to get time on it.

If this isn't the case, I'd need to see some samples of the emails together with headers in order to investigate any further.

Already have sent a number of samples to a westnet staff member (will whim if you want it). But I didn't get a ticket number at the time (should have asked).

Whatever the reason for what you are seeing now, I'd say it's a localised issue.

I'm usually the one checking headers and rules in my own systems. It just happens that this customer is using Westnet's systems, so I can't check the logs. :(

I'm just surprised this stuff is still getting through - obviously spam - but filter is marking with 7-11% as spam.

All > 50% is being held and deleted after 7 days as normal - that's still running as normal.

Maybe the RBL isn't picking up this pesky series - originating from various sites too.

The spammers are also using spoofed sender to get DSN's and spam detection messages to come back to the email account on westnet, since mailer daemon or DSN's usually get through.

What a pain in the neck... :P

Stephen.S writes...

Maybe the RBL isn't picking up this pesky series - originating from various sites too.

Some spammer prolly just bought 50 new dial-up accounts from 50 unsuspecting ISP's, subnets won't be listed on RBL's yet and by the time the subnet is listed the spammers probably bought another 50 dial-up accounts. You could liken it to...

10 Buy ## accounts from ## ISP's
20 Plunder those accounts for ## days
30 goto 10

I have what I call a "SpamCop Trio" where I forward messages, as attachments whenever I get spam (like the eBay email I just got, and one saying how much I could buy 17,000 email address of Doctors in the USA) - they're SpamCop, Sophos and ACMA (yes, Australian Comms and Media Authority).

To forward emails to SpamCop or ACMA's SpamMATTERS for analysis you'll need to register, I've also been emailing is-spam@sophos.com with my spam, according to this page you can still do it.

Dunno how much use it is but I figure the worst I can do is try !

TropicalFever writes...

30 goto 10

Hehe - I rem that gosub. :)

I was used to running spam assassin, and looking after things myself when an outbreak came along. Now gotta rely on others.

But what you say is a good idea, someone has to update the rules with the latest crap, and maybe it might help as well. :P

Turned out to be a targetted attack on a single email address, using backscatter (dsn or bounce) messages. 20000+ spams per day. Whew!

Someone was pissed off... :O

Here's some good references and links on this crap. I just couldn't do anything at the client end, and the ISP couldn't at their smtp end - I wish I could with the smtp gateway. :)
spamlinks.net/prevent-se...-backscatter.htm

Good to hear it's sorted. I doubt it was personal...just a random target.

One good reason not to simply bounce spam...(back to the sender I mean).

I've dealt with such dramas before. Not much you can do, blocking all the postmaster etc addresses that are sending the NDRs and whatnot is impractical. In one case we ended up just dropping everything going to that email address for a few days till it calmed down. User just had to live without email for a few days for the sake of the network.

If I had control over the smtp gateway (using postfix for e.g.), I could have dropped most of the backscatter. Alas it's not my system. :(

Looks like the spammers are getting clever (as usual)... I've received quite a number of "Investor Alert" emails recently that contain only a PDF attachment that contains the spam message.

Easy way to bypass the spam filter there because the actual email body is blank, so the filters won't pick anything up. Not Westnet's fault... and I doubt there's anything that any spam filter could do to prevent those.

One would hope that the spammers get the hint, and bugger off and do something more useful, but I doubt it.

Giga writes...

and I doubt there's anything that any spam filter could do to prevent those.

There is, the same way they inspect the text content of Word docs (the current PDF trick is just a rehash of the old image and doc tricks really).

As always the vendors play catchup, which is not unreasonable given how outnumbered they are. Its just the way it is with spam.

Our antispam vendor has recently provided an update to the scanning engine which will allow for the scanning of PDF documents.

The amount of PDF spam slipping through the filters should now be greatly reduced.

Regards,
Brad.

Now they are coming in Excel documents!

robbo writes...

Now they are coming in Excel documents!

.xls or 2007 style? I wonder what that looks like as a spam. A spreadsheet spam...

Oh well at least it only targets accountants. That makes it ok then :-)

I been recently getting alot of spam. Never had so much before, and I have never signed up with anything new for ages.

Do you have the Antispam service on your account?

Dudley writes...

Do you have the Antispam service on your account?

No, as it isn't free. But it shouldn't be this bad. Other ISPs give this type of service for free.

Two distinct issues there.

Adrian writes...

But it shouldn't be this bad.

Sorry, thats spam for you. A known valid address (to a spammer) suddenly gets bombarded by spam, thats just what happens to some people.

Other ISPs give this type of service for free.

Couldn't comment on the quality of those other ISP systems but the Westnet one is fantastic and well worth the money.

Simple solution: Set up a gmail account and get it to retrieve the emails from your westnet account. I've found the gmail spam filter to be outstanding and rarely lets one through.... and it's free.

Other plus is that over time you can train people of your new email address and ditch the westnet one altogether. The only thing my westnet one serves me for now is lots of spam and my monthly service invoice statement. This leaves me free to drop westnet as an ISP in the blink of an eye at any time and not worry about a non portable email address.

Darren. writes...

Simple solution: Set up a gmail account

Agreed.
I have an AAPT account that gets a bucket load of spam.
I just filter it all through Gmail. Works a treat.

Darren. writes...

Simple solution: Set up a gmail account and get it to retrieve the emails from your westnet account. I've found the gmail spam filter to be outstanding and rarely lets one through.... and it's free.

Absolutely right there Darren.I use gmail full time now and don't need to go to Westnet at all, unless I have a specific reason.With Gmail, I dont get any spam.

I am a complete novice as far as spam is concerned. How do you attract spam in the first place? I created an extra Westnet email account a week ago. I didn't actually add the account to 'Outlook' until this morning. When I checked I recieved half a dozen 'Invester' spams and I haven't used the account yet! How does that happen?

Hogwart, spam will eventually find all but the most obscure email addresses, even if the owner does nothing to "attract" spam. Remember, it costs next to nothing for a spammer to send their junk to millions of random email addresses.

Thanks Dudley!
Oh well! There are a number of solutions as mentioned in this thread.
With my main account the 'Outlook' filter catches most of the spam (2 or three a day). Though I have to be careful because the occassional legit email ends up in the junk folder.

I have said this elsewhere, but I will point out that people who send emails with trillions of CC addresses in their headers are probably a cause of a fair amount of spam.

Hogwart writes...

Though I have to be careful because the occassional legit email ends up in the junk folder.

I just check it daily and empty it. It's only a real problem on the Hotmail and Gmail accounts I use to sign up to stuff, and I don't rely on them for anything else.

I don't get any spam on my private account, but I haven't got many friends.

Stephen.S writes...

Using the Westnet puremessage filter (x-pmx:), have been getting loads of spam in last 3-4 days (>3000 in first 3 days)

(btw - already raised ticket with westnet, but no results yet)

Anyone else seeing this?

FYI,

If you have the knowledge, get yourself a domain and get all your email through your own servers thereon. Make sure the hosting provider gives you SpamAssassin and that you have it on. I get roughly 1300 spam emails a day and out of that maybe 3 to 5 get through a day and when they do they may get through another 2 or 3 times but thereafter they end up caught.

That is the only viable answer to spam these days. No other filtering prog works as well as it and it doesnt work on a windows machine (well, havent checked that assertion for a little while now but it was true last time I did).

Your alternative to all that is simply Mailwasher free edition. Very much a manual thing but it will stop you getting spam in the email prog of your choice if you use it as intended.

You will find most hosting providers don't provide 3rd party spam programs, Only the ones they have signed up a contract with...ie. Westnet uses Sophos/PureMessage.

Also this method can be quite costly...as domains don't come overly cheap these days.