Spam coming in says it is in Contact list but it isn't
Problem reported by Barbara Renowden - December 18, 2017 at 12:36 PM
Submitted
I have a client that is getting constant spam that she marks as spam but still gets the spam.  Then this morning she got an email that CommTouch says is 40 percent spam.  Should have been deleted per our rules.  However, the last line says it is in the contact list.  I have looked at her list and this email address does not exist in her contact list. here are the headers.
 
Return-Path: <gfgsgdgfd@kth.se>
Received: from clicsports.net (clicsports.net [199.115.100.70]) by mail.centricweb.net with SMTP;
Mon, 18 Dec 2017 12:37:59 -0600
MIME-Version: 1.0
Precedence: Normal
From: "Get it hard" <myuser@theirdomain.com>
To: myuser@theirdomain.com
Subject: :=?UTF-8?B?IOKdpO+4jyBT?==?UTF-8?B?aGUgc3Q=?==?UTF-8?B?YXJ0?==?UTF-8?B?ZWQgbGE=?==?UTF-8?B?dWdoaQ==?==?UTF-8?B?bmcgYW4=?==?UTF-8?B?ZCBjcg==?==?UTF-8?B?eWluZyBhdA==?==?UTF-8?B?IHRoZQ==?==?UTF-8?B?IHNhbQ==?==?UTF-8?B?ZSB0?==?UTF-8?B?aW1l?==?UTF-8?B?IC4uLg==?==?UTF-8?B?IOKdpO+4jw==?=
Content-Type: text/html
X-CTCH-RefId: str=0001.0A020202.5A36E429.003F,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
X-CTCH-AVLevel: Unknown
Message-ID: <8b7cc9bd5fc44f93990139633eb4a415@com>
X-Exim-Id: 8b7cc9bd5fc44f93990139633eb4a415
X-SmarterMail-Spam: Bayesian Filtering, Commtouch 40 [value: Confirmed], ISpamAssassin 0 [raw: 0], SPF_SoftFail, DK_None, DKIM_None
X-SmarterMail-TotalSpamWeight: 0 (Trusted Sender - Contact)
 
I am curious why it is looking at the from address rather than the returned path for valid sender?  Maybe it has always been this way but if it is looking at the from which is our user it automatically accepts the emails.  Or am I missing something here.
<p>Barbara Renowden President / Co-Founder Centric Web, Inc. <a href='https://www.centricweb.com' target="_blank">https://www.centricweb.com</a></p>

3 Replies

Reply to Thread
0
This looks like an issue I had were I was getting email from "myself". https://portal.smartertools.com/community/a86864/why-not-validate-trusted-senders.aspx#100133 you can see my post here.

Christopher

0
It seems to be the same issue but I do have the latest update installed and these emails are still slipping by for some reason because it says it is coming from a trusted user.  So bad. 
<p>Barbara Renowden President / Co-Founder Centric Web, Inc. <a href='https://www.centricweb.com' target="_blank">https://www.centricweb.com</a></p>
0
Matt Petty Replied
Employee Post
Hello Barbara,
 
We have some checks in place that will fail the trusted sender if there is a SPF_FAIL, SPF_SOFTFAIL, or DKIM_FAIL.
I tested this behavior on our server and these were the relevant headers.
X-SmarterMail-Spam: SPF_SoftFail, DKIM_None
X-SmarterMail-TotalSpamWeight: 3 (Trusted Sender - Contact, failed SPF)
The behavior you pointed out, was that on the latest release?
 
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread