February is synonymous with Valentine’s Day, but unfortunately this year February seems more synonymous with SPAM…
We have seen a dramatic increase in spam in the past week, and perhaps so have you. The bad guys are smart and are designing their junk email to evade spam filters. They seem to be using all the tricks in the book, sending from legitimate domains (compromised mailboxes) and crafting messages using “good” grammar. In the case of SpamAssassin (the system we use), the junk email often arrives with a spam score fractionally too low to be filtered.
Not all is lost. We have done a few things to improve the situation…
We have added a few more SpamAssassin checks to identify spam messages that are currently in circulation. We have also tweaked the SpamAssassin scoring to attach a higher value to number of databases of recent spamming servers. These tweaks are helping SpamAssassin to do a better job of identifying junk email.
To get the full benefit of this, you also need to do a few things…
You should do:
Enable SpamAssassin to scan you incoming email: Log in to your cPanel, go to the Apache SpamAssassin function and enable the SpamAssassin.See update note below. We recommend that you use the default spam score setting of 5.0.- Delete spam automatically: Using the Apache SpamAssassin function, enable the “auto-delete spam” feature.
UPDATE: We are now globally forcing SpamAssassin to be enabled for all hosting accounts. If you really, really disagree with this, then you can contact us to disable SpamAssassin for your account.
You should NOT do:
- Do NOT click links in spam emails. Doing so may confirm your email address to spammer or possibly infect your computer with a virus.
- Do NOT reply to spam and ask to be removed from an email list. Your response does nothing more but confirm your email address; you will probably receive even more spam as a result. If the spam email seems to be from a legitimate business and has a proper unsubscribe link, then it ***may*** be OK to use that link to unsubscribe.
How SpamAssassin works:
Once you have enabled SpamAssassin, it will scan incoming email for signs of spam. It uses several rules to do so, each rule assigning a score (e.g. 0.2 or 2.5) when it identifies a given spam characteristic. It then adds up all these scores to arrive at a total spam score. If the spam score exceeds the account spam score (that you set with the Apache SpamAssassin function), then the message is considered spam.
If an email’s spam score in very high (we use a value of 10.0), then the message is almost certainly spam. In the case the server deletes it. You cannot change this behaviour.
If an email has a moderate spam score of between 5.0 and 10.0, then one of two things will happen. The message will be deleted automatically if you enabled the “auto-delete spam” (recommended setting) or it will deliver to your inbox with ***SPAM*** added to the subject line. In the latter case you can set up rules in your email program to help you quarantine such messages.
Tweaking SpamAssassin:
There is a risk of false positives — legitimate messages incorrectly identified as spam. You can deal with this as follows:
- If you suspect that the “auto-delete spam” feature deleted a legitimate email, then you use the Track Delivery function in cPanel to verify that it was indeed the case.
- Increase the spam score from the default value. The default spam score of 5.0 works well in most cases, but if your correspondence uses common spam words and phrases, then you may need to increase the spam score.
- Add legitimate senders of bulk email (.e.g. newsletters) or business partners to the whitelist. You can add individual addresses or domains, e.g. *@good-domain.com.
Final words…
A common conduit for spam is compromised mailboxes. Spammers use keylogger viruses and other techniques to find obtain users’ passwords, and then send email using their logins. This is an all to familiar situation with Anno client too; people are not careful enough. Please take due care with your mailboxes:
- Use strong passwords.
- Do not use the same email address and password combinations. Never, ever. Service XYZ gets hacked, and the bad guys know your login for other services and your mailbox.
- Use an antivirus program on all your computers and mobile devices.
- Worth emphasising: Use an antivirus program on your Apple computers and mobile devices. The large proportion of mailboxes that have been compromised on our servers in recent months were for Mac users. It is a myth that Macs are immune to computer viruses.
- Also worth emphasising: Stay away from free anti-virus offerings like AVG and Avira. In our opinion they do a poor job; you are getting what you pay for. An exception to this is Windows Defender on Windows 8 and 10, that seems to do a decent job.
Thanks a lot for your support
Thank you always Stephen for your insightful blog posts and also for sorting out any problems speedily.
Many thanks Stephen, your actions have dramatically reduced the flood.
We shall follow your advice.