Hi,

I, and my clients, have been receiving a lot of SPAM. I understand that SPAM cannot be completely prevented but I would like to know what number of SPAM emails would be considered too much SPAM.

My reseller uses MailEnable as their mail server and I do not know what edition. They claim to have anti-spam servers and bayesian filtering but spam is still coming through.

Today - 11 July 2007 I have received a total of 35 Spam emails ona sigle email address and it is only 17h56. This email address is not even a public email address as well.

In addition, the spam emails are the same ones.. that is same subject line and in most cases same bodies. Maybe from different senders though. Should the anti-spam filers and filtering pick this up.

So is 35 SPAM emails in a single day on one email account too much or is this just the norm in the hosting world?

Thanx
Dwd

No spam solution is perfect in my opinion, at least not any one that does not involve extra work on part of the sender/recipient of an email.

I get over 200 spam emails a day and even with spam-assassin enabled a number of that still get through to my mailbox.

And it all depends on the amount of spam emails that is sent to you and which percentage of that is captured by the anti-spam servers. If for example a 1000 are sent and you receive only 35 that that's a great score.

Also remember that you do not want the anti-spam methods to accidently block genuine emails. So you/your provider always has to balance between "blocking the majority of spams" and "making sure no genuine email is blocked"

In my opinion and with my experience with spam, I would say that 35 spam emails is not too much. Some people would be happy with "only" 35 spam emails reaching their inboxes :-)

I know I would be happy with only 35 SPAM emails a day hitting my inbox, at present I have 670 suspect emails. I can be pretty sure that 669 of them will be spam.

I have a catch all and have SpamAssasin enabled too but I dont blackhole the spam emails i have set up a rule to send all the emails that SA think is spam to one folder and I go through that once a day.

Paul

If you receive a lot of emails, then just look at the percentage that is spam, and work on reducing the percentage rather than actual numbers. This is because it varies for each person as how you advertise your email address and who you supply it to differs.

Wow! That is a lot of SPAM. There must be someway to control this. I mean isn't there databases or something log SPAM email subject lines and body content etc?

What I have done is setup rules using Outlook that delete email with specific subjects and certain words in the body. I have done this by taking the info. that from actual SPAM emails.

So, the question is, does this not happen with SPAM filters and update databases?

Wow, there must be a way!!! thanx though for the input.. does my SPAM problem into perspective...

Because filters are not perfect, I regularly swift through my "junk" folder, and would never delete the emails without doing that first.

Spam is just another cost of doing business online. I take it as it comes, and there's little you can do to minimize the amount of spam you receive, except being very careful not to advertise your email address publically in way that the email address harvesters can read or signing up dubious newsletters/sites.

Of course, you can also change email addresses periodically, but that can be something of a bother, just like changing your phone number. :)

The best way to avoid spam is not to use your email address for registering on unknown web sites. Use a junk email for that purpose. Keep your main email for use only with person-to-person correspondence. That way, the only way spammers will be able to find your email address is if someone sends you an e-card or something like that (ie. gives your email to a site that sells its info to spammers.)

Lets see what does "spam" mean!
Spam refers to electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited e-mail. In addition to being a nuisance, spam also eats up a lot of network bandwidth. Because the Internet is a public network, little can be done to prevent spam, just as it is impossible to prevent junk mail. However, the use of software filters in e-mail programs can be used to remove most spam sent through e-mail.

Hi,

The problem is that my clients are complaining about the SPAM. One of the most serious problems I face are clients that switch to me from other service providers and they complain that they never receive SPAM previously but now they do. I have tested this out as well and it is true.. there are some service providers who have managed to elimniate 99% of SPAM.

Do you think my reseller is selling email addresses to Spammers?

dwd

there are some service providers who have managed to elimniate 99% of SPAM.To tell you the truth, I wouldn't want my provider removing any of the emails that come my way. It might be removing 99% of spam, but the risk is there that it will eliminate a percent of the non-spam as well.

35 is reasonable it today's age, I recieve many more that but I already expect that as my email address is public at quite a few places.

It really depends on how they have the server you are on configured. You can have it so that spam-assassin blocks for instance email's that are on those black lists. If your host doesn't have those options enabled your spam-assassin won't be blocking as much and will let a lot more email's through however as others said the trade off is you might also not get legitiment email's that are on that list temporially which happens quite often.

You can also turn on boxtrapper, forcing all people not on your white list to reply to a verification email before they can send mail to you. This is useful for those email accounts where you don't give it out only to people you know. This would block the spam you recieve in your box, just have to make sure you check the boxtrapper queue to make sure any new legitiment emails you receive.

any spam is too much, but most people get loads, i get hundreds now, but if you think you have too much, use a public email address (gmail or something) for any "debatable" or "shady" signups, and save yourself the trouble =D

Hi,

You need to be with a provider that filters better. Since it sounds like you are on windows, I am not aware of solutions in that area.

However, on linux land, I would highly recommend people use the tools over at http://www.configserver.com.

Things you may want to have your provider do is "sender verify" so that the receiving mail server check to make sure the sender actually exists on the remote mail server before accepting the mail. This method cuts down on majority of spam received, from my experience.

I would use ASSP, it is a smtp proxy that has been amazingly effective in my experience. 1 email categorized as spam per month for about every 40-50K emails received, about 10 emails get through that shouldnt.

Hi,

ASSP looks good. Has anyone used it?

Sorry, that should read -

ASSP looks good. Has anyone ELSE used it?

Any reviews, stability, preformance hits etc. to worry about?

Thx

I would say that 35 spam messages is incredibly good. I have clients that are ready to drop and to be honest, I dont blame them. One of them is my own father. He and his assistant have at least 250 spam messages PER DAY, reaching their inbox. I probably get over 100 to my computer but that is for 6 email addresses. And, most of them dont even hit my inbox because of other spam filtering software on my computer.

I am getting tired of this and I have got to come up with a good solution. My father switched back to me when I moved my server from OLM to Hostway. He was with a local provider that had an AWESOME spam filtering system. They didnt use linux based servers so I dont think I can use the same solution. They were willing to let me move my MX record to their servers so my emails could be filtered through them first, but it was going to be in the $250 range per month. I would have to charge more for hosting if I used that and as it is now it is hard to stay competitive.

SO, if anyone has any ideas on what a person can do on a linux server running Fedora Core (4 I believe) and a Plesk control panel, I would love to hear from you. I am currently filtering all of my email through something called Barracuda and Spam Assassin. Barracuda isnt catching any of my dad's or his assistants spam so it seems fairly worthless for them.

Thanks,

Kim

So is 35 SPAM emails in a single day on one email account too much

Yes. About 34 too many.

I will give a slightly more in depth review of ASSP.

I first tried it at a company I worked for, most of the sales agents would receive 100+ spam a day. I deployed it on a windows server. Basically you put it in training mode for a month or so with your users reporting spam and not spam. As many emails as possible forwarded to notspam@ and spam@ depending on what they are. Then you take it out of training mode, I set all spam to be forwarded to a certain spam box so I could always check if there was a missing legit email. When a legit email is blocked, an email is sent to them telling them why and to contact us.

The one feature that really reduced legit email being blocked was the automatic whitelisting. Whenever a user emails a person, that address is automatically whitelisted so their future email for a certain amount of time will come through regardless of content. A couple weeks ago I was receiving spam about 5 spam a day that got through, but that has slowed down again because my users and myself have been diligent about reporting it. Every once in a while I get complaints about a lot of spam coming through...1 message a day so I must say it has been a pretty effective system.

And yes sometimes legit email would be blocked, but I did actually notice something interesting, people typed the address wrong at a much higher frequency than actually being caught by the spam filter. I had set up a catch all email address also, and that gets a lot more legit email than the spam box does.

The only real problem I had with it is a random crash that would stop the service, which mean it would have to be restarted. That happened about once a month, which was annoying because SMTP was unavailable. But it would restart without a problem so I set the daemon to auto restart in windows and it was fine then. Although it was frustrating because I still don't know why, and I like to know those things.

On a side note, that system was implemented for a real estate company with lots of talk about mortgages coming through, so that was really what made me like ASSP, that it could be that accurate when determining which email was legit because we all know mortgage info is heavily spammed.

If you have any other questions let me know

Things you may want to have your provider do is "sender verify" so that the receiving mail server check to make sure the sender actually exists on the remote mail server before accepting the mail. This method cuts down on majority of spam received, from my experience.

Not all senders support sender verification. hotmail does, yahoo does not, for example. Two of largest ISP's in Canada do; one does not. Serious spam senders know this, so they don't use addresses from domains that support verification nearly as frequently as they used to.

So far today only 0.2% of my inbound mail has been rejected due to sender address verification.

Yes, its a useful tool, but it isn't - at least in my experience - among the primary weapons in blocking spam and uce.

I'd say too much spam was too much.....when you see me standing with the server unplugged in one hand and a baseball bat in the other :D

nah seriously though...I was getting roughly 100 a day....but now it seems 10 - 20 a day which is tolerable I suppose and nothing to rattle the cots sides about.

as for anti spam software....well it's like picking which dirty shirt to wear :) as what works for some might not work for others quite as good.

OWM

I can't see why anyone would tolerate getting dozens of spam each day, let alone over a hundred.

Most days I get zero spam. I have several dozen email addresses and aliases which ultimately reach me, some of which have been on the net for many years and a few of which are on web pages that have been crawled many times by spambots.

I use the same level of protection that my clients have.

My admin accounts get between zero and few spam each day, due to slightly more relaxed rules for postmaster and abuse destinations, but even then that traffic is minimal.

Hi,

Tweek - thanx for the feedback. I have asked my resller to have a look at it and was responded to by a black "No" - so I don't know.

I agree, any SPAM coming through ISP's should not be allowed and we as webhosters should try to do as much as we possibly could in order to limit SPAM and aim for 0 SPAM going through our servers.

mwatkins - what are you using on your server that makes it more effective than the rest of us. My resellers are using SpamHause, SpamCop and Bayesian filtering (or so they say) - and it still not filtering. So if you have any info. I can pass on to my resellers that would help, that would great...

I am also in the process of looking for my own server at the moment, so hopefully I will have control on the setup and management but until then...

I've posted the basics of our configuration a number of times where on WHT, perhaps the search feature or Google might help find those posts, but in summary:

1. A properly configured MTA. These are less common than you'd think. If your host hasn't invested the time required to become very familiar with mail transfer protocols and their MTA's own configuration, they may be missing out on features that would help.

2. A good MTA. I happen to like Postfix; I have some now quite dated experience with Exim. At the time my experience with Exim was fresh, I found Postfix superior and moved to it and never looked back. Postfix properly configured will block a large percentage of incoming SPAM / UCE all on its own, but how tight you can make your config depends a lot on your end users. Proper Postfix (or Exim or qmail or...) configuration is a post all on its own and a long one at that, but at its core, the subject matter is not that difficult to comprehend provided one takes the time.

3. policyd-weight - this is an invaluable tool, specifically for Postfix but I would think that other weighted "policy" servers are out there for other MTA's. This allows me to do DNSBL / RHSBL and other "policy" checks and reject senders based on a weighted evaluation checks rather than a single check failure. Some DNSBL implementations at the MTA level reject mail out of hand for a single failure and this can be too restrictive. A weighted check allows me to also add country code checking into the mix, which can help. As always, proper configuration and selection of BL's is important.

4. Optional per client, Greylisting. Not as effective as it once was, but many attempts continue to be blocked by this feature.

5. ClamAV scans all incoming and outgoing mail, but I get very few viruses through to this level because they are principally stopped at 1, 2, and 3. Note that this is the first time that message content is looked at. By this point over 1/2 of all incoming mail attempts have been discarded as high confidence SPAM/UCE.

6. SpamAssassin, with RBL checks removed. Rather stock, very few customizations. Bayesian filtering on.

7. Client side submission of spam to SA's Bayesian filters. I've implemented a system where clients can submit SPAM that does make it through. Ham is largely autolearned.

There is no reason to accept dozens of SPAM a day as something one has to live with.

I'd say too much spam was too much.....when you see me standing with the server unplugged in one hand and a baseball bat in the other :D

nah seriously though...I was getting roughly 100 a day....but now it seems 10 - 20 a day which is tolerable I suppose and nothing to rattle the cots sides about.

as for anti spam software....well it's like picking which dirty shirt to wear :) as what works for some might not work for others quite as good.

OWM

I have all my emails routed to GMail simply because of the anti-spam solutions they have works very well. However, we've installed some new anti-spam software on our servers and I have to admit, it does an excellent job. So now I route my emails through my own servers, and then my systems forward it to my GMail. I receive roughly 5,000 to 10,000 spam emails a week, but only 1 or 2 actually make it through. A vast improvement using this set up..

So you can eventually reduce spam to a level that it doesn't affect your productivity, but it may require a little work to get it done.