|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
11 May 2016, 11:13 PM | #1 |
Senior Member
Join Date: Nov 2004
Posts: 178
|
Spam pretending to be "from" an address of mine ending up in my inbox
Hi! I have a problem that's started happening just in the past few weeks:
I have an address, lets say, misha@otherdomain.com , that forwards to my fastmail account. That address is my main email address that i use in most contexts. I do not own otherdomain.com . Recently, I've been getting several spam messages a day in my inbox that are allegedly from misha@otherdomain.com. I understand it's trivially easy for spammers to forge the from header so that it looks like the spam is "from" me. What I'm trying to understand is: a) Why so many of these messages suddenly started getting through, when they previously had not b) Whether there's anything I can do to fix the problem. When I look at the headers of The spam messages that get through, they typically trigger a lt of smapassassin tests, but for some reason are assigned a spam-score of zero (presumably for reasons that have to do with the fact that misha@otherdomain.com is my address). I've contacted fastmail support a few times, but the results haven't been very helpful. I'd welcome any thoughts or advice! (And I can post some sample headers here if that's helpful) Thanks!! |
11 May 2016, 11:19 PM | #2 |
Senior Member
Join Date: Nov 2004
Posts: 178
|
Here's the headers from a sample message. I've blanked out (I hope) any identifying info that should not be posted here...
Code:
-------- Forwarded Message -------- Return-Path: <misha@otherdomain.com> X-Sieve: CMU Sieve 2.4 X-Spam-known-sender: yes X-Spam-score: 0.0 X-Spam-hits: BAYES_50 0.8, DCC_CHECK 1.1, FSL_BULK_SIG 0.001, HELO_MISC_IP 0.065, HTML_MESSAGE 0.001, ME_FROM_EQ_TO 0.01, RCVD_IN_BL_SPAMCOP_NET 2, RCVD_IN_BRBL_LASTEXT 1.449, RCVD_IN_INVALUEMENT 2, RCVD_IN_INVALUEMENT24 2, RCVD_IN_RP_RNBL 1.31, RCVD_IN_UNSUBSCOREBL 1, RCVD_IN_XBL 0.375, SPF_PASS -0.001, URIBL_INVALUEMENT 3, URI_WPADMIN 1, WPBL_RBL 2, XPRIO 1.997, LANGUAGES en, BAYES_USED user, SA_VERSION 3.3.2 X-Spam-source: IP='XXX.XXX.XXX.XXX', Host='noreverse', Country='IL', FromHeader='net', MailFrom='net' X-Spam-charsets: plain='windows-1250', html='windows-1250' X-Resolved-to: MYADDRESS@fastmail.fm X-Delivered-to: MYADDRESS@fastmail.fm X-Mail-from: misha@otherdomain.com Received: from mx3 ([xx.xx.x.xxx]) by compute4.internal (LMTPProxy); Mon, 09 May 2016 22:18:57 -0400 Received: from mx3.messagingengine.com (localhost [127.0.0.1]) by mx3.nyi.internal (Postfix) with ESMTP id BE877C0099 for <MYADDRESS@fastmail.fm>; Mon, 9 May 2016 22:18:56 -0400 (EDT) Received: from mx3.nyi.internal (localhost [127.0.0.1]) by mx3.messagingengine.com (Authentication Milter) with ESMTP id 5777BACC816.9451DC0085; Mon, 9 May 2016 22:18:56 -0400 Authentication-Results: mx3.messagingengine.com; dkim=none (no signatures found); dmarc=none (p=none) header.from=otherdomain.com; spf=pass smtp.mailfrom=misha@otherdomain.com smtp.helo=XXXX.otherdomain.com Received-SPF: pass (otherdomain.com: aaa.cc.bbb.ddd is authorized to use 'misha@otherdomain.com' in 'mfrom' identity (mechanism 'ip4:aaa.cc.bbb.ddd' matched)) receiver=mx3.messagingengine.com; identity=mailfrom; envelope-from="misha@otherdomain.com"; helo=XXXX.otherdomain.com; client-ip=xxx.xxx.xxx.xx Received: from XXXX.otherdomain.com (otherdomain.com [aaa.cc.bbb.ddd]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx3.messagingengine.com (Postfix) with ESMTPS id 9451DC0085 for <MYADDRESS@fastmail.fm>; Mon, 9 May 2016 22:18:56 -0400 (EDT) Received: by XXXX.otherdomain.com (Postfix) id 6284B4CE9C4; Mon, 9 May 2016 22:18:55 -0400 (EDT) X-Remote-Delivered-To: misha@otherdomain.com Received: by XXXX.otherdomain.com (Postfix, from userid 58) id 5A9794CE93C; Mon, 9 May 2016 22:18:55 -0400 (EDT) X-Remote-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on XXXX.otherdomain.com X-Remote-Spam-Level: X-Remote-Spam-Status: No, score=-79.3 required=5.0 tests=BAYES_50,DOS_OE_TO_MX, HELO_MISC_IP,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_BRBL_LASTEXT, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_RP_RNBL,RCVD_IN_XBL, RDNS_NONE,SPF_NEUTRAL,URI_WPADMIN,USER_IN_ALL_SPAM_TO,XPRIO autolearn=no autolearn_force=no version=3.4.0 Received: from [XXX.XXX.XXX.XXX] (unknown [XXX.XXX.XXX.XXX]) by XXXX.otherdomain.com (Postfix) with ESMTP id F13F14CE927 for <misha@otherdomain.com>; Mon, 9 May 2016 22:18:50 -0400 (EDT) Message-ID: <DAD39F5316961FDAD39F5316961FDAD3@1I1ROLL1> From: misha@otherdomain.com To: misha@otherdomain.com Subject: Hello! Date: 10 May 2016 06:47:51 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0019_01D1AA7B.03BBA7AF" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931 |
12 May 2016, 10:38 AM | #3 |
Member
Join Date: Mar 2003
Posts: 65
|
Spams started a few weeks ago
Hi, Misha,
I started getting spammed to death at my fastmail.fm account just a few weeks ago and it has not stopped and don't know that it will or can. At least, fastmail.fm is tracking them and routing them to the 'Spam' folder! In my case, the spam are simply aliasing my account. [e.g. YourName@Website.com becomes AliasedName###@YourName.Website.com] And there does not appear to be a way to create a rule for such aliased spam, unless you don't alias your fastmail.fm account at all. Maybe a Moderator (or sumsuch) would enlighten us on this topic. |
12 May 2016, 11:48 AM | #4 | ||
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,929
|
Forwarding causes problems for spam filtering
Quote:
Quote:
Bill |
||
13 May 2016, 10:32 AM | #5 | |
Senior Member
Join Date: Nov 2004
Posts: 178
|
Thanks, Bill! That's all very helpful.
Quote:
I wonder: Is there a way to de-whitelist misha@otherdomain.com, while still keeping it in my address book? It seems like that might be one solution, though I guess I could imagine others.... |
|
13 May 2016, 10:56 AM | #6 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,929
|
I just received a message from Fastmail that there isn't much they can do when the forwarding system fails to block the spam message. Unfortunately, the whitelisting changes the X-Spam-known-sender and X-Spam-score headers before the Sieve rules script processes the message, so there isn't any way to easily remove the whitelisting.
But you could create some other rule to catch similar messages, such as detecting that From == To. It's unfortunate that the spam score isn't available when whitelisting is triggered. Bill |