I have a client that is getting constant spam that she marks as spam but still gets the spam.  Then this morning she got an email that CommTouch says is 40 percent spam.  Should have been deleted per our rules.  However, the last line says it is in the contact list.  I have looked at her list and this email address does not exist in her contact list. here are the headers.

 

Return-Path: <gfgsgdgfd@kth.se>
Received: from clicsports.net (clicsports.net [199.115.100.70]) by mail.centricweb.net with SMTP;
Mon, 18 Dec 2017 12:37:59 -0600
MIME-Version: 1.0
Precedence: Normal
From: "Get it hard" <myuser@theirdomain.com>
To: myuser@theirdomain.com
Subject: :=?UTF-8?B?IOKdpO+4jyBT?==?UTF-8?B?aGUgc3Q=?==?UTF-8?B?YXJ0?==?UTF-8?B?ZWQgbGE=?==?UTF-8?B?dWdoaQ==?==?UTF-8?B?bmcgYW4=?==?UTF-8?B?ZCBjcg==?==?UTF-8?B?eWluZyBhdA==?==?UTF-8?B?IHRoZQ==?==?UTF-8?B?IHNhbQ==?==?UTF-8?B?ZSB0?==?UTF-8?B?aW1l?==?UTF-8?B?IC4uLg==?==?UTF-8?B?IOKdpO+4jw==?=
Content-Type: text/html
X-CTCH-RefId: str=0001.0A020202.5A36E429.003F,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
X-CTCH-AVLevel: Unknown
Message-ID: <8b7cc9bd5fc44f93990139633eb4a415@com>
X-Exim-Id: 8b7cc9bd5fc44f93990139633eb4a415
X-SmarterMail-Spam: Bayesian Filtering, Commtouch 40 [value: Confirmed], ISpamAssassin 0 [raw: 0], SPF_SoftFail, DK_None, DKIM_None
X-SmarterMail-TotalSpamWeight: 0 (Trusted Sender - Contact)

 

I am curious why it is looking at the from address rather than the returned path for valid sender?  Maybe it has always been this way but if it is looking at the from which is our user it automatically accepts the emails.  Or am I missing something here.