Flood of objectionable Spam

nzkiwi

Perch
I have one client that is being inundated with "spam" Spam. She is getting hundreds every day. SpamAssassin is not detecting them at all. Very occasionally one will be caught by the "Contains an URL listed in the JP SURBL blocklist" rule but never by any of the rules that I would have thought these messages would have triggered.

The unusual feature of all these messages is that the "important" part of the message is actually in the "From" field and the rest of it is in the "Subject" field. I'd give an example, except my first attempt at posting this message seems to have fallen foul of the forum censors. :( If they are not suitable for publication here, you can imagine how my client feels when she sees dozens of such messages every time she checks her email.

The message content itself is slightly less explicit and contains on four or five words and a URL. However, when viewed in context of the subject and from fields the message is very obvious and offensive, especially to the female recipient. The client is getting extremely angry that this type of Spam is being delivered to her mailbox. She is threatening to leave if I'm not able to solve the Issue. I find it difficult to understand why these messages are getting past SpamAssassin. It's been going on for about a week, with no let up.

Is anyone else seeing a similar attack? And any suggestions how to avoid such a prolonged attack? The client isn't very knowledgeable, computer-wise, so getting her to install a Spam filter on her computer is not likely to be an option unless it is extremely simple and I can lead her over the phone in installing it on her Mac. I've already set her Spam check level in the JH Control Panel to Very Aggressive, but these messages seem to be flying under the radar. Any suggestions appreciated.
 
Help Desk tell me to activate the antispam settings. If they had looked at the samples I sent they would have realised that it was already set to "very Aggressive". As most of these messages have a Spam score of 0 or 0.1, they are simply going to fly under the radar. They also recommended blacklisting the messages. The client had already blacklisted over 400 addresses over the last few days before she realised it was totally ineffective. Every message has a different sender address. I've identified over 500 unique addresses so far. What are the chances that she'll get more than one message from each address? I'd say it would be zilch!

I really don't understand why these messages are not being detected by SpamAssassin unless JH has disabled the rules for detecting this type of Spam.
 
Come on JH! Would any legitimate emailer use names such as these?
From: "Enlarge with Free Sample" <x>
From: "Enlarge with Promo" <x>
From: "Enlarge with Sample" <x>
From: "Free Sample enlargement" <x>
From: "Free trials enlargement" <x>
From: "Get BIGGER with Free trial sample" <x>
From: "Get BIGGER with Free trials" <x>
From: "Get BIGGER with Promo" <x>
From: "Get BIGGER with Sample" <x>
From: "Penis Growth Free trials" <x>
From: "Promo enlargement" <x>
From: "Sample enlargement" <x>
Help Desk has recommended using an email client based anti-spam tool. The client doesn't have the computer skills necessary to install/manage/train a filter herself. While I could do this for her through a service such as Spamhero, the cost would be prohibitive. Spamhero fees are about the same as I charge for hosting. As many larger local hosting services and ISPs already provide customised filtering per mailbox as part of their product offerings, I don't see charging double the current rate just for an improved Spam filter a viable option.
 
As a temporary solution, I have set up a trial Spam Hero account for the client. Only problem is that the "spam" spam arrives in the client's mailbox without passing through Spam Hero. Other mail (Spam and legitimate mail) is passing through Spam Hero as expected. So the Help Desk recommendation has not had the desired effect. Where to from here?

Ticket ID: BKN-30428-871
 
Yes, it looks like due to DNS caching. As its MX records updated recently so will take some time to globally update the DNS. Also updated on the ticket.
 
This particular flood of Spam is still pouring in at the rate of about 150 messages per day. :(
As every message is being sent through a different ISP, I don't think its a DNS caching issue. Perhaps the Spammers are sending directly to the mail4 server IP address?

I have sort of solved the problem through an ugly workaround. I've created a new mailbox and then in Spam Hero I have used the Custom Email Forwarding feature to forward all mail to the new mailbox. This includes mail to the address of the old mailbox. While I could have removed the old mailbox, I have kept it, but set it to delete all incoming messages. Outgoing mail will still go through that mail account SMTP. Spam Hero will reject any mail sent to the new address. The client still uses the old email address as the "from" and "reply to" addresses.

The only issue I have with this workaround is that it is not possible for me (or anyone else using JH mail servers) to send mail to the client using the client's old email address as email sent through JH never gets delivered to Spam Hero. Instead, it gets delivered directly to the mailbox in question. Such messages will be quietly deleted by the mailbox. It is necessary for anyone sending through JH to use the address of the new mailbox. While I can add their new mailbox address to my address book, it's easy to forget to change the address when replying to an email from the client. I haven't yet worked out how I can solve this problem.

If anyone has a better solution, I would very much appreciate learning what it is.
 
JH now wants me to disable Spam Hero. I reluctantly set it up after they insisted that the best solution was to use a service such as Spam Hero. Since setting up Spam Hero, and utilising the ugly hack described in my previous post, the amount of spam being received by my client has gone from around 50% of received mail to zero. During the height of the Spam flood in the days before setting up Spam Hero, over 80% of received mail was Spam. The hack is necessary to stop the "spam" Spam that is coming in at over 100 messages a day. The client is delighted that she is getting absolutely no Spam at all now. I haven't explained to her the problem the hack causes as I am hoping that a quick solution can be found and it can be removed.

JH has added some rules to SpamAssassin that now seem to be stopping most of the "spam" Spam. So switching off Spam Hero would return the client to the 50% Spam rate she had prior to the last week. I'm sure that will go down well with the client! Having bought a year's service from Spam Hero and persuading the client to pay a substantial part (although not all) of the cost, I will end up with egg on my face if I do as JH now suggests.

I appreciate that JH has gone to the effort of creating new rules, but this is the second time in two weeks they have told me it's not possible for them to do so. On both occasions, they have said that a 3rd party Spam filter was the best solution. Then after I have spent time and money doing what they wanted, they do exactly what they said they wouldn't do. To say I'm a little annoyed would be an understatement.

I would appreciate an explanation as to why the Spam flood is still going directly to the client's mailbox instead of going to Spam Hero. Ideally, with the MX records pointing to Spam Hero, the mail server should refuse all incoming mail for the client unless it has been sent from Spam Hero, or from a JH server. Would that be possible? Otherwise, I'll wait until I'm convinced that the new SpamAssassin rules are working correctly, then have the client switch back to using the old mailbox. But I will not be disabling Spam Hero.
 
I had a similar problem recently with a client. I convinced them to switch to Gmail and helped them set up their mail domain there, and their mail client. It's not perfect, but ultimately they're much happier with Gmail's ability to sort out what's spam and what isn't, and they like the extra facilities Gmail gives. For your problem, floods of obvious similar spam, Gmail works very well. The client went from 5-600 spams a day to a few dozen right away, and it gets better as Gmail gets trained. For new accounts, I tell them that personal mailboxes on JH isn't an option, they're for site use only. My clients don't get to play with the CP, so that's easy to do in my case. Best part of all, it's no longer anything to do with me...
 
One thing that separates what I offer from many other small Web providers in the area, is a full email service as part of the package. My competitors usually only offer mail forwarding of a single address to an ISP or Google. Many don't offer any email service at all.

Spam Hero is actually working out quite well especially as they provide resellers with a white label Control Panel, which we can brand ourselves. This fits in well with the services I offer (apart from their price). All my clients have access to the JH Control Panel, although I manage that for some clients as a value added service, and the same will apply to the Spam Hero Control Panel.
 
I hear you, but it's all work; many many hours of unpaid work that will come back to haunt you, because it's still your responsibility. I've spent dozens of 'free' hours on client sites for all kinds of things lately due to hosting problems, for $5-10 a month. (That's normally about 10 minutes of my time if I'm charging for what i really do.) Lately, with all the hacking and spam nonsense I've experienced, I've easily spent more time in one day on some domains what I could get back in a year or three, even if there are no other problems, which seems bloody unlikely. There's no profit there. When I can palm something off elsewhere, I will. My job might be to provide an all-round service, but as far as I'm concerned that means I advise them on the best way to do things, even if it means using Gmail.

To get back to my point, there's no reason any client needs to use a domain-based mailbox. It's unnecessary, and just asking for problems that you have to sort out.
 
The Spam is finally going to Spam Hero where is is being quarantined. Perhaps the Spammers are running their own DNS caching which is updated less than weekly? I'm sure the JH Help Desk will be glad to have me off their backs after a week of badgering them ;) Thank you JH Support for your patience.

@bro: I've been in the IT industry for 47 years, most of that time in a customer support role for a large multinational. So I'm very "old school", and while your method is no doubt more profitable (and probably less stressful) I've never worked that way, and probably couldn't change, even if I wanted to.
 
I'm sure my approach is really very similar to yours in many ways, having a similar background. My company drummed into us: fix the customer first, then the problem. In other words, keep them happy even if you can't sort out what they originally called you for. Lately, it's become so much manual labour that it was either start fixing it permanently or listen to the same complaints over and over (complaints that I really can't do much about, with the best will in the world.) My client was not blaming spammers, Jodohost, the internet, or modern life in general; she was blaming the service 'I' was providing her, since I was the one getting paid for it, however little. It might not be what I wanted to do, but in the end the client is happier with 'my' service, and so am I. I spent time setting their mail domain up on Gmail. To quote: "This is so good now. Thank you for sorting that out for me!" She's even recommended me to someone else (at another host) to do it for them. That's what it's all about.
 
Back
Top