Hi Andrew and thanks! The problem isn't Declude but it is spam related so I'd be interested to see if anyone else has ideas. I spent some time on the SmarterMail forums and this is what it looks like:
1. SM uses a series of built-in tests as well as external tests such as Declude. Among these are a pair of URIBL tests that are based on links embedded in the messages. 2. SM scores a hit for each bad link reported by URIBL and applies the weight score to each hit. With the default weight of 4, a message with five links rejected by URIBL would give a total score of 4 x 5 = 20. 3. Starting some time late 2012, URIBL started rejected some requests based on high volume of calls from a particular server. Various people have experienced this problem at various times over the last three months. Once URIBL starts rejected the requests then every request gets scored as bad. So, for example, every message with five embedded links gets a weight of 20, regardless of the legitimacy of those links. This results in a sudden inflation of spam scores. 4. I don't understand how our mail server would be subject to this. Our volume of mail isn't just small, one might almost call it tiny. The number of calls we make to URIBL are correspondingly very small. 5. The claim made by Those Who Know on the SM forum is that the URIBL rejection is really directed at those who use high volume public DNS servers. I'm not really sure how URIBL even knows which DNS server I use, but that's the claim. Since last year, I have had my SM server configured to use the Comcast national DNS servers (Comcast being my upstream provider). Since that's supposed to be the problem, I switched to our in-house public DNS server, but that didn't help either. Then I tried setting up a private DNS server on the mail server itself and still couldn't get it to work. 6. Then I was told that I need to turn off recursion on the DNS server to be considered acceptable to URIBL. Again, I don't know why. The problem is that I use the MS DNS server (Win 2008) and when you turn off recursion, it forced off forwarding as well. There are many good reasons for not wanting to turn off forwarding (in fact, MS doesn't recommend it). So now I'm stuck between a rock and a hard place. 7. I tried writing to the URIBL abuse administrator but got no response and couldn't find any other contact information. Anyone able to correct or illuminate me? Thanks, Ben ----- Original Message ----- From: Colbeck, Andrew To: Declude.JunkMail@declude.com Sent: Wednesday, March 06, 2013 3:27 PM Subject: RE: [Declude.JunkMail] why have spam scores jumped? Ben, check the archive website here http://www.mail-archive.com/declude.junkmail@declude.com/ for the mail you’ve missed. Andrew. From: SM Admin [mailto:imailad...@bcwebhost.net] Sent: Tuesday, March 05, 2013 10:10 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] why have spam scores jumped? Thanks for the heads-up, but I didn’t and still don’t see either my original email or the responses. I just took a look at it via the web interface because sometime Microsoft Live Mail (like Outlook Express before it) will not show some messages where it doesn’t like the header, but I just don’t see either my message or the responses. I’m assuming what happened was exactly what I was asking about – those messages were given him spam scores and deleted. I don’t suppose you could resend those replies to the list? Thanks, Ben From: Randy Armbrecht Sent: Tuesday, March 05, 2013 11:12 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] why have spam scores jumped? Your Friday post did show up and already has 2 or 3 responses to it Sincerely, Randy Armbrecht Global Web Solutions, Inc. Office: 804.442.5300 x112 Toll Free: 877.800.4562 24 /7 Tech Support! Your Internet Source.Since 1996! NEW GlobalSync Remote-BackUp Solutions! Web Hosting - E-Mail - Spam/Virus Gateway Services Hi-Speed DSL, Ethernet and Wireless Internet - T-1/T-3's PC Support - Networking - Virus/MalWare Removal 25% discount on most services for Non-Profits! Call us today! From: SM Admin [mailto:imailad...@bcwebhost.net] Sent: Tuesday, March 05, 2013 1:52 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] why have spam scores jumped? (I sent this message on Friday but it never showed up, so I thought I’d try again.) Hi, I don't know if anyone is still here but I'd like some insights into some strange anti-spam behavior. We have latest SmarterMail and Declude, as well as Sniffer. Over the last few days I noticed a significant drop in email messages. Upon further investigation, I found that messages were being givn much higher spam scores than in the past, with the result that they get classified as spam or just outright deleted. Checking the headers, however, I don't see why the scores are coming in so high. Below are a few examples. Does anyone see why the spam scores come out so high? Thanks, Ben *********************************************** X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-2998-c X-Declude-Sender: mstad...@ghrlawyers.com [70.89.176.73] X-Declude-Spoolname: 195938010.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.11.00 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [0] at 17:26:20 on 01 Mar 2013 X-Declude-Tests: SPFUNKNOWN [1] X-Country-Chain: UNITED STATES->destination X-Declude-Code: e X-HELO: mail.garrettlaw.com X-Identity: 70.89.176.73 | mail.garrettlaw.com | ghrlawyers.com X-SmarterMail-Spam: SPF_SoftFail, ISpamAssassin 0 [raw: 0], DK_None, DKIM_None, URIBL:3, Declude: 0 X-SmarterMail-TotalSpamWeight: 15 ***************************************************************************************** -MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-32767-c X-Declude-Sender: gha...@ghrlawyers.com [70.89.176.73] X-Declude-Spoolname: 159487572.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.11.00 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [-3] at 16:38:51 on 01 Mar 2013 X-Declude-Tests: SPFUNKNOWN [1] X-Country-Chain: UNITED STATES->destination X-Declude-Code: 1e X-HELO: mail.garrettlaw.com X-Identity: 70.89.176.73 | mail.ghrlawyers.com | ghrlawyers.com X-SmarterMail-Spam: SPF_SoftFail, ISpamAssassin 0 [raw: 0], DK_None, DKIM_None, URIBL:7, Declude: -3 X-SmarterMail-SpamDetail: 0.0 TVD_SUBJ_ACC_NUM X-SmarterMail-SpamDetail: 0.0 T_OBFU_PDF_ATTACH X-SmarterMail-TotalSpamWeight: 28 ********************************************************************** X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-32767-c X-Declude-Sender: gha...@ghrlawyers.com [70.89.176.73] X-Declude-Spoolname: 159487567.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.11.00 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [-3] at 16:35:50 on 01 Mar 2013 X-Declude-Tests: SPFUNKNOWN [1] X-Country-Chain: UNITED STATES->destination X-Declude-Code: 1e X-HELO: mail.garrettlaw.com X-Identity: 70.89.176.73 | mail.ghrlawyers.com | ghrlawyers.com X-SmarterMail-Spam: SPF_SoftFail, ISpamAssassin 1 [raw: 1], DK_None, DKIM_None, URIBL:10, Declude: -3 X-SmarterMail-TotalSpamWeight: 41 ****************************************************************************** Just for comparison, here is an email from the same source from Tuesday (and very typical of past headers): X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-27512-c X-Declude-Sender: gha...@ghrlawyers.com [70.89.176.73] X-Declude-Spoolname: 159486224.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.11.00 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [-3] at 17:56:38 on 26 Feb 2013 X-Declude-Tests: SPFUNKNOWN [1] X-Country-Chain: UNITED STATES->destination X-Declude-Code: 1e X-HELO: mail.garrettlaw.com X-Identity: 70.89.176.73 | mail.garrettlaw.com | ghrlawyers.com X-SmarterMail-Spam: SPF_SoftFail, ISpamAssassin 5 [raw: 3], DK_None, DKIM_None, Declude: -3 X-SmarterMail-TotalSpamWeight: 5 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. This message (and any associated files) may contain confidential, proprietary and/or privileged material and access to these materials by anyone other than the intended recipient is unauthorized. Unauthorized recipients are required to maintain confidentiality. Any review, retransmission, dissemination or other use of these materials by persons or entities other than the intended recipient is prohibited and may be unlawful. If you have received this message in error, please notify us immediately and destroy the original. Ce message et tout document qui y est éventuellement joint peuvent contenir de l’information confidentielle ou exclusive. L’accès à cette information par quiconque autre que le destinataire désigné en est donc interdit. Les personnes ou les entités non autorisées doivent respecter la confidentialité de cette information. La lecture, la retransmission, la communication ou toute autre utilisation de cette information par une personne ou une entité non autorisée est strictement interdite. Si vous avez reçu ce message par erreur, veuillez nous en aviser immédiatement et le détruire. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
