Menu
Reply
  • 13
  • 0
  • 9
AndyPandy3
On our wavelength
809 Views
Message 61 of 192
Flag for a moderator

Re: Spam Email - sysprem.com

Got two more since posted, it’s annoying, and that’s about 10/12 just today. 

 

Do not understand when I blacklist someone how it still gets through, blacklist and filters should stop them. 

0 Kudos
Reply
  • 9.19K
  • 1.02K
  • 4.26K
Superuser
Superuser
757 Views
Message 62 of 192
Flag for a moderator

Re: Spam Email - sysprem.com

I have been referring people to this thread and discussion in the hope they would get some simple messages, but it is clear from the frustration being expressed that those messages are not getting through. I am not surprised and I sympathise.

This spam attack, largely from the domain sysprem.com is unusual. The spammers have once again got one step ahead of the anti-spam defences at VM (and other ESPs and ISPs I surmise, I saw something similar on the MS Outlook Forums).  In the battle against spam that is just how it is, and how it is always likely to be. The spammers have been able to access servers used by Amazon Web Services (AWS) to send spam, perhaps using hijacked accounts. The spam they are sending mostly looks perfectly normal to the VM incoming spam filters which is why a lot of it ends up in inboxes.  Let me be blunt here - any proposal that VM should filter out all mail from AWS will lead to genuine e-mail being blocked. Hardly a prospect that AWS or recipients expecting mail would relish. And also let me say that VM are using a highly reputable supplier for its spam filtering. The world isn't that perfect - yet!

If the spam ends up in boxes then blacklisting or filtering the domain should work, either to send the mail to your spam folder or discard it - depending on what you chose. If the mail is being correctly marked as spam then those filters don't work to stop the mail arriving because the filters only work on mail arriving in your inbox. Equally settings on your security software will not defeat this spam attack. 

The Superusers have been pressing hard for VM to look with their spam filtering suppliers and AWS at ways of defeating this attack. One of the Superusers, who is particularly talented at identifying how these mails are by-passing the spam filters, has done excellent work in analysing the headers from some of this mail to see what is going on. That work has been passed on to VM security via the VM Forum Team. It can't be publicly disclosed because it would tell the spammers that we are on to their tricks. I am sure that a practicable solution will be found soon. But I recognise that my fine words butter no parsnips and in the meantime the spamming will continue.

Bear this in mind. Spammers only succeed because some people respond to the spam and the spammers make money. It doesn't take many people to respond because the spammers have little or no delivery costs.  And given the poor security on a number of web sites which have been hacked for e-mail addresses it not surprising that there is a never ending supply of fresh addresses for the spammers to seize and trade between themselves. The moral of the story is surely obvious. In the meantime you suffer the pain.

 


-----------------------

Superuser since 2015/16
Use Kudos to say thanks
Tick an answer as "helpful" only when the problem is solved
Please don't send me private messages unless I ask you to.
I do not work for VM. The advice I give is based on my best understanding of VM policy and practice. You rely on it at your own risk.
  • 53
  • 1
  • 9
Whatsisname
Dialled in
747 Views
Message 63 of 192
Flag for a moderator

Re: Spam Email - sysprem.com

Hi HowardML,

                       Your post is one of measured logic and I hope signals a coming closure to our recent problems. Thank you to all the team.

Now something else is affecting my Windows Live Mail. I noticed the other day that I had a new mail folder SPAMfighter, It wouldn't delete. VM mail also had it but allowed me to deleted from the blueyonder server. Went back to WLM and reset the IMAP folder list, problem solved. Now this morning I find SPAMfighter and SPAMfighter_2 folders living in trash but nothing on VM mail. I have hidden them from the list rather than run into trouble with syncing if they are meant to be there as a trap or something. 

MailWasher seems OK but rather acts like a plaster not seeming to being fully integrated with WLM as Spamfighter was. I did try Spamfighter when all these spam messages started but didn't like being told I could download a free app and then have to pay after 10 days of using it once downloaded, not that old chestnut I thought and got rid of it with no residual folders.

I thought I saw something about Microsoft and Spamfighter making some sort of tie up but I might be mistaken.  Any ideas as to what is going on?

 

  • 9.19K
  • 1.02K
  • 4.26K
Superuser
Superuser
743 Views
Message 64 of 192
Flag for a moderator

Re: Spam Email - sysprem.com

No. I use WLM but with POP. I have checked my web mail and what would be my IMAP subscriptions but those folders are not there, nor have i ever seen them.

-----------------------

Superuser since 2015/16
Use Kudos to say thanks
Tick an answer as "helpful" only when the problem is solved
Please don't send me private messages unless I ask you to.
I do not work for VM. The advice I give is based on my best understanding of VM policy and practice. You rely on it at your own risk.
0 Kudos
Reply
  • 81
  • 4
  • 10
tbernstein
Up to speed
653 Views
Message 65 of 192
Flag for a moderator

Re: Spam Email - sysprem.com

The domain name sysprem.com appears in a majority of the trash. I don't understand how that string isn't identified. Unless they have some way to encrypt it that also modifies continually, which seems a bit too complex for normal spammers.

..................................................................
Mostly a happy customer.
0 Kudos
Reply
  • 2.99K
  • 329
  • 1K
Superuser
Superuser
644 Views
Message 66 of 192
Flag for a moderator

Re: Spam Email - sysprem.com

I have noticed that you cannot reply nor forward these message without a spam content error because of the text sysprem.com in the message body; now if only these miscreants would kindly add the text sysprem.com to the message body instead of the From field these message would then be correctly flagged as spam.

0 Kudos
Reply
  • 81
  • 4
  • 10
tbernstein
Up to speed
619 Views
Message 67 of 192
Flag for a moderator

Re: Spam Email - sysprem.com

So the spam filters at VM can't see the header information, just body text. Really?

..................................................................
Mostly a happy customer.
0 Kudos
Reply
  • 81
  • 4
  • 10
tbernstein
Up to speed
617 Views
Message 68 of 192
Flag for a moderator

Re: Spam Email - sysprem.com

Which would also explain why this stuff can get to users, but can't be forwarded to abuse@ or phishing@ addresses

VM have the locks on the wrong side of the door!.

 

..................................................................
Mostly a happy customer.
0 Kudos
Reply
  • 21
  • 0
  • 6
PJM622
On our wavelength
588 Views
Message 69 of 192
Flag for a moderator

Re: Spam Email - sysprem.com

I’m now on about 20 different filter rules based around sysprem with all sorts of combinations (‘discard’ as the action rather than ‘move to spam’, since they were always going straight to spam anyway), and still some are getting through.

I tried a ‘Reply to all’ (no intention of sending), and it ALWAYS comes up with 2 addresses - the sysprem one plus another one with assorted domain names like :

keyspay

diplodocuses

lookafter

goodforyou

userline

semimechanical

supersensuality

comedownx

guesspay

Are these emails sneaking in through the second email address in the list ? Not a great filter system if that is the case. I set up a new rule every time a new domain accompanies the sysprem one, and promote that rule to the top of the list. Still getting loads, but not nearly as many as when this first started.

  • 484
  • 37
  • 281
MissPasko
Fibre optic
574 Views
Message 70 of 192
Flag for a moderator

Re: Spam Email - sysprem.com


@PJM622 wrote:

I’m now on about 20 different filter rules based around sysprem with all sorts of combinations (‘discard’ as the action rather than ‘move to spam’, since they were always going straight to spam anyway), and still some are getting through.

I don't want to burst your bubble - but if these emails are going to your spam folder, then Virgin's spam filter is doing its job and your filters are redundant as they only work on emails headed to your inbox (AFAIK/understand).

I tried a ‘Reply to all’ (no intention of sending), and it ALWAYS comes up with 2 addresses - the sysprem one plus another one with assorted domain names like :

keyspay

diplodocuses

lookafter

goodforyou

userline

semimechanical

supersensuality

comedownx

guesspay

Are these emails sneaking in through the second email address in the list ? Not a great filter system if that is the case. I set up a new rule every time a new domain accompanies the sysprem one, and promote that rule to the top of the list. Still getting loads, but not nearly as many as when this first started.


I'll be very interested what the Super users have to say on your info about the second email address.


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

If you want to say thanks > click 'Kudos'.
Have we solved your issue? > click 'Mark as Helpful Answer'