Spam coming in says it is in Contact list but it isn't

Problem reported by Barbara Renowden - 12/18/2017 at 12:36 PM

Submitted

I have a client that is getting constant spam that she marks as spam but still gets the spam. Then this morning she got an email that CommTouch says is 40 percent spam. Should have been deleted per our rules. However, the last line says it is in the contact list. I have looked at her list and this email address does not exist in her contact list. here are the headers.

Return-Path: <gfgsgdgfd@kth.se>
Received: from clicsports.net (clicsports.net [199.115.100.70]) by mail.centricweb.net with SMTP;
Mon, 18 Dec 2017 12:37:59 -0600
MIME-Version: 1.0
Precedence: Normal
From: "Get it hard" <myuser@theirdomain.com>
To: myuser@theirdomain.com
Subject: :=?UTF-8?B?IOKdpO+4jyBT?==?UTF-8?B?aGUgc3Q=?==?UTF-8?B?YXJ0?==?UTF-8?B?ZWQgbGE=?==?UTF-8?B?dWdoaQ==?==?UTF-8?B?bmcgYW4=?==?UTF-8?B?ZCBjcg==?==?UTF-8?B?eWluZyBhdA==?==?UTF-8?B?IHRoZQ==?==?UTF-8?B?IHNhbQ==?==?UTF-8?B?ZSB0?==?UTF-8?B?aW1l?==?UTF-8?B?IC4uLg==?==?UTF-8?B?IOKdpO+4jw==?=
Content-Type: text/html
X-CTCH-RefId: str=0001.0A020202.5A36E429.003F,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
X-CTCH-AVLevel: Unknown
Message-ID: <8b7cc9bd5fc44f93990139633eb4a415@com>
X-Exim-Id: 8b7cc9bd5fc44f93990139633eb4a415
X-SmarterMail-Spam: Bayesian Filtering, Commtouch 40 [value: Confirmed], ISpamAssassin 0 [raw: 0], SPF_SoftFail, DK_None, DKIM_None
X-SmarterMail-TotalSpamWeight: 0 (Trusted Sender - Contact)

I am curious why it is looking at the from address rather than the returned path for valid sender? Maybe it has always been this way but if it is looking at the from which is our user it automatically accepts the emails. Or am I missing something here.

Barbara Renowden President / Co-Founder Centric Web, Inc. https://www.centricweb.com

7 Replies

Reply to Thread

echoDreamz Replied

12/18/2017 at 12:43 PM

This looks like an issue I had were I was getting email from "myself". https://portal.smartertools.com/community/a86864/why-not-validate-trusted-senders.aspx#100133 you can see my post here.

Barbara Renowden Replied

12/18/2017 at 2:18 PM

It seems to be the same issue but I do have the latest update installed and these emails are still slipping by for some reason because it says it is coming from a trusted user. So bad.

Barbara Renowden President / Co-Founder Centric Web, Inc. https://www.centricweb.com

kevind Replied

12/18/2017 at 2:41 PM

This is a known issue and looks like it's being fixed. See:
https://portal.smartertools.com/community/a87739/vulnerability-local-domains-being-spoofed.aspx

Here's another thread on the subject:
https://portal.smartertools.com/community/a89857/spam-from-the-own-user.aspx

Matt Petty Replied

12/19/2017 at 9:26 AM

Employee Post

Hello Barbara,

We have some checks in place that will fail the trusted sender if there is a SPF_FAIL, SPF_SOFTFAIL, or DKIM_FAIL.

I tested this behavior on our server and these were the relevant headers.

X-SmarterMail-Spam: SPF_SoftFail, DKIM_None
X-SmarterMail-TotalSpamWeight: 3 (Trusted Sender - Contact, failed SPF)

The behavior you pointed out, was that on the latest release?

Matt Petty

Senior Software Developer

SmarterTools Inc.

www.smartertools.com