Hello it's the toymaker with the spam problem again. I am just wondering if I could get a second opinion on a response I just received from Lunarpages tech support (albeit the first level, and probably a canned response). It would be helpful to present other viewpoints, if any, to the higher level techs and executives that I'm in touch with there. They are promising to come out with a "fix" in 60 days, but aren't exactly saying what it is.
I received two near identical pieces of spam. I understand, in advance, that their being sent from two different locations/servers/IP addresses can certainly mean something when it comes to scoring, but just the same, they are both still full of BS. Here are the headers: http://pastebin.com/bMi7Ewju And then here is the response I received from Lunarpages - sorry for the length but you can probably skip alot of it (I've heard from them about "harvestable email" any number of times already) and get the gist of it. The second paragraph in particular offers their policy in regards to the management of Spam Assassin. --------- Hello Andy, Thank you for your update in this case. I have reviewed your feedback along with the point given and I would like to point out certain aspects as there appears to be a confusion concerning the issues experienced so that the problem is properly understood in this case. First of all I would like to point out that just as you have mentioned we're dealing with "nearly identical" emails and not identical emails. Apart from that it's most important to understand that your email is being harvestable. Next moving further I would like to point out that the Spam Assassin is a third party script. We have not developed it, we do not maintain it and we neither update it's databases as Spam Assassin is part of the commercial control panel cPanel. Moreover by being developed by the Apache Foundation it's an open source software that comes with no guarantee of a certain functionality. The software works as it's designed to and blocks spam based upon the blacklists it has in a public database and apart from that it's a free software over which there is no commercial responsibility or guarantee from the developer. With this said and knowing that your email is open to be harvested there is a very high possibility that the email exists in certain lists handled by spammers. Next to explain why one email is blacklisted and another similar is not I would like to point out that when sending out massive spam emails the spammers use multiple sender addresses, some valid and some not, multiple sender IP's (in most cases proxy IP's) and multiple SMTP servers. The fact that when receiving two emails one gets to the spam directory while the other does not is simply because one of the factors involved in the delivery exists in the blacklist database while other doesn't. To work further with the two samples you've provided I have provided the following comparison: The email that reached the spam directory has the following header values: Return-path: <bicentennia...@reliable-net.com> Received: from 89-201-239-218.dsl.optinet.hr ([89.201.239.218]:1788) The email that reached the inbox directory has the following header values: Return-path: <outlet...@rossmaxwell.com> Received: from [182.71.227.171] (port=38224helo=nsg-static-171.227.71.182.airtel.in) Clearly while one sender IP may be blacklisted the other clearly isn't so the delivery goes to inbox unless Spam Assassin has custom rules added as blacklist at client account level to filter such deliveries if a global rule can be created. Please be aware that the spammers have advanced scripts that gather all bounced emails or emails routed to the spam directories by monitoring the delivery logs and re-deliver the message using different data to these addresses in order to insure they are delivered. Such deliveries are sometimes attempted until delivered. Therefore since we cannot control the Spam Assassin global blacklists it's pretty clear that we have no control over such issues and apart from recommendation to tighten the Spam Assassin blacklist locally or use the commercial spam filter we offer MXLogic for $1.25 per email account per month there is nothing more we can do to prevent such issues considering the fact that your email is indeed harvested and among the first to reach the spam lists and the fact that Spam Assassin is open source software that is offered via a third party panel not controlled in any way. Best Regards, [name deleted] Customer Service Representative - Managed Shared Hosting Team Lunarpages Internet Solutions
