Spam not being detected

Forum for MailWasher Pro 7 and/or older 2011/2012 versions.
User avatar
wally3178
Travelling Tuatara
Location: Australia
Posts: 37
Joined: Thu Aug 19, 2010 5:14 pm

Spam not being detected

Wed Jun 07, 2017 12:25 am

Good Evening,

Just recently, over the past few weeks, I'm starting to get spam that isn't being detected by MWP. I check my mail, delete unwanted mail and report spam to Spamcop and then allow the remaining messages to open in Outlook and Voila' there is is, a stinking spam email.

The latest one was this evening and I thought someone might like to look at the headers to see if there is anything obvious that might be cloaking the spam from MWP:

Return-Path: <bounce-mc.us16_76066146.6857-<removed>.au@mail78.suw11.mcdlv.net>
Received: from extmail.bigpond.com ([10.10.26.4])
by viclafep36p-svc.bpe.nexus.telstra.com.au with ESMTP
id <20170606085933.CWIL32239.viclafep36p-svc.bpe.nexus.telstra.com.au@extmail.bigpond.com>
for <removed>; Tue, 6 Jun 2017 18:59:33 +1000
X-RG-Spam: Unknown
X-Junkmail-Premium-Raw: score=13/80,refid=2.7.2:2017.6.6.75417:17:13.576,ip=198.2.190.78,rules=DKIM_SIGNATURE,
__SUBJ_ALPHA_END, __PHISH_SUBJ_PHRASE4, __HAS_FROM, __HAS_REPLYTO,
__TO_MALFORMED_2, __TO_NO_NAME, __HAS_MSGID, __SANE_MSGID, __HAS_X_MAILER,
__HAS_LIST_ID, __HAS_LIST_UNSUBSCRIBE, __CT, __CTYPE_HTML, __CTYPE_IS_HTML,
__CTE, __REPLYTO_SAMEAS_FROM_ADDY, __REPLYTO_SAMEAS_FROM_ACC,
__REPLYTO_SAMEAS_FROM, __UTF8_SUBJ, __REPLYTO_SAMEAS_FROM_DOMAIN,
__CP_MEDIA_BODY, __CP_NAME_BODY, __STOCK_PHRASE_7, SUPERLONG_LINE,
__URI_IN_BODY, __URI_NOT_IMG, __HTML_BOLD, __STYLE_RATWARE,
__STYLE_RATWARE_NEG, __HTML_TAG_CENTER, __STYLE_TAG, __HAS_HTML,
__HTML_TAG_TABLE, BODY_SIZE_10000_PLUS, BODYTEXTH_SIZE_3000_MORE,
__MIME_TEXT_H1, __MIME_HTML, __MIME_HTML_ONLY, __TAG_EXISTS_HTML,
__PHISH_HTML_TITLE, SXL_IP_TFX_ESG[78.190.2.198.fur], HTML_90_100,
HTML_95_100, HTML_98_100, __HAS_LIST_HEADER, __LEGIT_LIST_HEADER,
BULK_EMAIL_SENDER, LEGITIMATE_SIGNS, UTF8_SUBJ_OBFU, NO_URI_FOUND,
NO_CTA_URI_FOUND, CTYPE_JUST_HTML, __URI_NO_PATH, __MIME_TEXT_H,
REPLYTO_SAMEAS_FROM, NO_URI_HTTPS, URI_WITH_PATH_ONLY, STYLE_RATWARE_REF,
__DQ_NEG_IP, __DQ_NEG_HEUR
Received: from mail78.suw11.mcdlv.net (198.2.190.78) by extmail.bigpond.com (9.0.019.16-1)
id 59109E8814C6BA52 for <removed>; Tue, 6 Jun 2017 18:59:33 +1000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=mail78.suw11.mcdlv.net;
h=Subject:From:Reply-To:To:Date:Message-ID:List-ID:List-Unsubscribe:Sender:
Content-Type:Content-Transfer-Encoding;
i=Jewel=3Djrocher.com@mail78.suw11.mcdlv.net;
bh=EtmumjISaGAiXT6CmQhL6nfBIsc=;
b=Yi/SEq5ILRXzlMYX2tNrVKVl+K9jIbBh4PTk3kSOPVXKbpHslLmtaPxLX1yunvmwGMBBYlMC/Mp/
/9yQaI43+nSIUjNOdmsmN6M5ZGc63KvpjxuYtxFL4jQEPyt46ipl8jDmYUVZgHsbMICcXyU9iunv
rD4bnVoEnJBWVQinv9E=
Received: from (127.0.0.1) by mail78.suw11.mcdlv.net id h6pnf82akec0 for <removed>; Tue, 6 Jun 2017 08:57:32 +0000 (envelope-from <bounce-mc.us16_76066146.6857-<removed>@mail78.suw11.mcdlv.net>)
Subject: =?utf-8?Q?We=20reviewed=20your=20Aldi=20account=20Michaell=2C=20action=20=20required?=
From: =?utf-8?Q?Aldi=20Survey?= <Jewel@jrocher.com>
Reply-To: =?utf-8?Q?Aldi=20Survey?= <Jewel@jrocher.com>
To: <removed>
Date: Tue, 6 Jun 2017 08:57:32 +0000
Message-ID: <65193e6ce1c9d50a23fbabda9.0b6e435efd.20170606085652.61d415c0f1.2d9e05ac@mail78.suw11.mcdlv.net>
X-Mailer: MailChimp Mailer - **CID61d415c0f10b6e435efd**
X-Campaign: mailchimp65193e6ce1c9d50a23fbabda9.61d415c0f1
X-campaignid: mailchimp65193e6ce1c9d50a23fbabda9.61d415c0f1
X-Report-Abuse: Please report abuse for this campaign here: http://www.mailchimp.com/abuse/abuse.ph ... 0b6e435efd
X-MC-User: 65193e6ce1c9d50a23fbabda9
Feedback-ID: 76066146:76066146.6857:us16:mc
List-ID: 65193e6ce1c9d50a23fbabda9mc list <65193e6ce1c9d50a23fbabda9.5209.list-id.mcsv.net>
X-Accounttype: pd
List-Unsubscribe: <http://jrocher.us16.list-manage1.com/un ... 61d415c0f1>, <mailto:unsubscribe-mc.us16_65193e6ce1c9d50a23fbabda9.61d415c0f1-0b6e435efd@mailin1.us2.mcsv.net?subject=unsubscribe>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
Sender: "Aldi Survey" <Jewel=jrocher.com@mail78.suw11.mcdlv.net>
x-mcda: FALSE
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Antivirus: AVG for E-mail 2016.0.8013 [4776/14538]
X-AVG-ID: ID5BDA235B-6396C7F3
X-Antispam: NO; Spamcatcher 8.0.3. Score 2
X-AVG-Antispam-Info: 1,-9,0,0ee21c5fdfdc315d,d41d8cd98f00b204,
jewel@jrocher.com,removed,
RULES_HIT:41:46:72:150:152:327:355:375:379:474:527:541:908:960:962:967:973:978:983:988:989:997:1021:1029:1202:1208:1224:1260:1261:1263:1311:1313:1345:1381:1430:1431:1432:1433:1434:1436:1437:1513:1515:1516:1517:1521:1571:1588:1589:1592:1593:1594:1605:1676:1730:1747:1777:1792:1801:2198:2199:2393:2525:2527:2528:2539:2543:2553:2560:2568:2610:2633:2682:2685:2859:2890:2933:2937:2939:2942:2945:2947:2951:2954:3000:3022:3138:3139:3140:3141:3142:3148:3865:3866:3867:3868:3870:3872:3873:3874:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4042:4361:4384:4605:5007:6096:6117:6261:6653:6669:6701:6702:7278:7688:7875:7904:8599:8603:8828:8957:8987:9010:9025:9059:9149:9163:9388:9392:9411:9416:9908:10004:10346:10919:10954:11656:11658:11984:12043:12114:12438:12555:12663:12764:12956:12958:12959:12973:13025:13141:13230:13255:14096:14196:14493:14698:14699:14700:14701:15000:20000:21080:21325:21433:21450:21451:21524:21627:30001:30003:30054:30059:30067:30070:30090,
0,
RBL:198.2.190.78:@jrocher.com:<removed>.lbl8.mailshell.net-64.201.201.201 62.6.0.32,
CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,
SPF:fs,MSBL:0,DNSBL:jrocher.com-dnsbl7.mailshell.net-127.0.0.192,
Custom_rules:0:1:0,LFtime:233,LUA_SUMMARY:luares:0(NONE),phish:0(50),heur:0,
mlist:0,htext:0,stock:0,
domtxt:0


Got me totally bewildered which at my age is not surprising.

Cheers

Wal
User avatar
rusticdog
Firetrust Monkey
Posts: 15864
Joined: Mon Jun 13, 2005 6:27 pm

Re: Spam not being detected

Wed Jun 07, 2017 1:20 am

I just edited your post to remove your email address.

I assume too your giving these emails the Thumbs Down, to train them as Spam before you delete, or are you not seeing these emails in MailWasher ?
User avatar
TrustFire
βeta Tester
Location: 127.0.0.1
Posts: 13164
Joined: Fri Jul 30, 2010 11:04 pm

Re: Spam not being detected

Wed Jun 07, 2017 1:24 am

wally3178 wrote:I check my mail, delete unwanted mail and report spam to Spamcop and then <snip>
wally3178 wrote:<snip> allow the remaining messages to open in Outlook and Voila' there is is, a stinking spam email.
As Users of MailWasher, these are 2 different actions which we perform on a regular basis.

However, in that split moment that it takes for the second action — a spam (or even valid) mail could arrive on the Inbox and get pulled, by Outlook (or, any e-mail client.)

The key is to ensure that the time period in between these two actions is minimized as much as possible — one handy tip is to enable the Launch after Wash Mail feature, in MailWasher:—
Launch_after_Wash_Mail.png
Launch_after_Wash_Mail.png (125.88 KiB) Viewed 8924 times
[/center]


ps:-
  • Despite the above time-reduction there is still a very remote possibility of a mail (spam or otherwise) to slip-in.
MailWasher Pro (βeta) | Windows 11 Enterprise LTSC (22H2) | The Bat! Professional (βeta) | Windows 10 Firewall Control (βeta) | ESET Endpoint Antivirus (βeta) | nVIDIA GeForce (GTX 1060) | WebView2 Runtime (118.0.2088.61) | .NET Framework (4.8.1)
User avatar
TrustFire
βeta Tester
Location: 127.0.0.1
Posts: 13164
Joined: Fri Jul 30, 2010 11:04 pm

Re: Spam not being detected

Wed Jun 07, 2017 1:26 am

Hmmm — that was quick.
MailWasher Pro (βeta) | Windows 11 Enterprise LTSC (22H2) | The Bat! Professional (βeta) | Windows 10 Firewall Control (βeta) | ESET Endpoint Antivirus (βeta) | nVIDIA GeForce (GTX 1060) | WebView2 Runtime (118.0.2088.61) | .NET Framework (4.8.1)
User avatar
wally3178
Travelling Tuatara
Location: Australia
Posts: 37
Joined: Thu Aug 19, 2010 5:14 pm

Re: Spam not being detected

Wed Jun 07, 2017 10:41 am

rusticdog wrote:I just edited your post to remove your email address.

I assume too your giving these emails the Thumbs Down, to train them as Spam before you delete, or are you not seeing these emails in MailWasher ?
Rusticdog, you're right, I'm definitely not seeing these emails in MWP so I can't give them the thumbs down. I had two more this morning.

Thank you for the edit

Cheers,

Wal
At my age, sex is like playing pool with a piece of rope
User avatar
rusticdog
Firetrust Monkey
Posts: 15864
Joined: Mon Jun 13, 2005 6:27 pm

Re: Spam not being detected

Thu Jun 08, 2017 12:49 pm

TrustFire could be right about the timing.

I assume too these emails in Outlook are coming into the Inbox folder, not some other Junk/Bulk email folder ?
User avatar
wally3178
Travelling Tuatara
Location: Australia
Posts: 37
Joined: Thu Aug 19, 2010 5:14 pm

Re: Spam not being detected

Thu Jun 08, 2017 5:01 pm

rusticdog wrote:TrustFire could be right about the timing.

I assume too these emails in Outlook are coming into the Inbox folder, not some other Junk/Bulk email folder ?
Yes, straight into the inbox folder.

As for timing, I don't believe that to be the case. Why? I hear you ask. Well, I also check my email on my iOS devices using a rather outstanding app called Airmail and it shows the spam in question. Not being able to report spam from my iPhone or iPad I go to my desktop and use MWP, and would you believe it, the spam isn't there with all the other email but as soon as I open Outlook it downloads. Fortunately I can still report it manually but that takes time and sometimes I don't have the time to spare. The spam is always citing 'Aldi' in the subject field, either offering me money or a ridiculous discount.

Cheers,

Wal
At my age, sex is like playing pool with a piece of rope
User avatar
rusticdog
Firetrust Monkey
Posts: 15864
Joined: Mon Jun 13, 2005 6:27 pm

Re: Spam not being detected

Thu Jun 08, 2017 5:04 pm

OK, next time it happens can you send me some logs. If you go Help >> Send Support Logs >> enter a brief note like 'aldi email not loading' >> in the Ticket Number field enter chris >> Send Logs.


Thanks
User avatar
wally3178
Travelling Tuatara
Location: Australia
Posts: 37
Joined: Thu Aug 19, 2010 5:14 pm

Re: Spam not being detected

Thu Jun 08, 2017 5:13 pm

rusticdog wrote:OK, next time it happens can you send me some logs. If you go Help >> Send Support Logs >> enter a brief note like 'aldi email not loading' >> in the Ticket Number field enter chris >> Send Logs.


Thanks
Thanks Squire, I'll do that.

Wal
At my age, sex is like playing pool with a piece of rope
User avatar
rusticdog
Firetrust Monkey
Posts: 15864
Joined: Mon Jun 13, 2005 6:27 pm

Re: Spam not being detected

Tue Jun 13, 2017 8:40 pm

OK, just got the logs. Nothing unusual that I can see. Can you enable Protocol Logging under the Help menu, for when it happens again (please send more logs) it will give some more data to look at.

Do you still have a copy of the email in your Trash/Outlook. If possible I'd like to have a quick look at the full source, if you right click the message and select Options >> Message Source. If you can copy/paste that into a text file and email it to me at forum@firetrust.com


Unrelated, but you want to remove a mis-configured DNSBL server. Under Settings >> Spam Tools >> Origin of Spam >> remove the ACMA record, as they do not have a IP address checking service.

Cheers
User avatar
wally3178
Travelling Tuatara
Location: Australia
Posts: 37
Joined: Thu Aug 19, 2010 5:14 pm

Re: Spam not being detected

Tue Jun 13, 2017 10:23 pm

Thanks Rusticdog, I've enable protocol logging and removed ACMA.

Unfortunately, I deleted the emails but I think I can recover the header information from Spamcop, I'll try.

Cheers,

Wal
At my age, sex is like playing pool with a piece of rope

Return to “MailWasher Pro 7”