Jump to content

Spam Detections?


Recommended Posts

Dear TCH friends,

I have some problems with some incorrect "spam detections" which I don't know hot to avoid...

I send mails with some information to myself... and I get the:

"Spam detection software, running on the system "serverXX.totalchoicehosting.com", has identified this incoming email as possible spam.


I have to send some information to my students and colleagues and they get my messages with this annoying 'spam detection'...


My e-mails are not spam... are messages to very (really very) specific people that need my information for them to their jobs!

So, what can I do?

Thank you for your kind and ASAP answers.

:dance: George :dance:

Rock Sign

Link to comment
Share on other sites

George, you're welcome.


The reason I asked if Spam Assassin was turned on was to find out if the format of your email was what was causing the message you were getting. Maybe the settings are set to high in SA and catching your message.


If you are getting the message, some of your respondents will also get the message depending on whether or not they are using SA or another spam detection software.

Link to comment
Share on other sites

*looking at Bruce's reply*... good point. If other people are also show you as spam because their software is flagging it, what is probably happening is that the IP address that you are originating the emails from (your home network maybe?) might be marked as either a dynamic address pool (gives a higher score) or your provider has been known to have spammers use it. Even though you send through TCH, the first Recieved by line in the headers that spam detection reads will in most cases still show the network your PC is on as the originating location.


How are you sending the emails? Are you using a mail program on your computer, or are you using webmail?

Link to comment
Share on other sites

Thank you friends,

Sorry for my many questions... what is SA?

Where I control this SA option?

and, should I keep the Spam Assassin ON?

Yes I have heard of my students that they get the same message... as if the spam catch the message... (actually the original message some times was includeded by the spam assassin as an attach...)

Sorry but I'm getting more and more confused...

;) George :(

Rock Sign

Link to comment
Share on other sites

Dear BigGorilla,

I send my message using the only big DSL IP provider here in Peru... It's the biggest company in south america and spain... called Telefonica, Terra, or in the DSL case: SPEEDY...

Then the program I use is Outlook 2003 on Windows XP...

and... sorry but I ignore what is a Dynamic Address Pool... (it's like chiness for me... whitout offending the bright Chiness people that can deal with it...)

;) George :(

Rock Sign

Link to comment
Share on other sites

SA = Spam Assassin. ;)


Yes, I would keep it on. You configure Spam Assassin thorugh cPanel.

To configure Spam Assassin

Click on the Spam Assassin link in the Mail area.

Click on the Configure Spam Assassin button.

Change the settings as required.

Click on the Save button.


But I know you can create rules to white list certain email addresses. White listing an email address will tell SA to ignore checking the email and let it through. Check the documentation in cPanel, lower left corner there is a link.


But I would try and find out why you are getting the message as Mike (Big Gorrila) states above.

Link to comment
Share on other sites

Thank you Bruce and BigGorilla,

I wil do what you suggets...

and try to configure my own address as 'white'. Please, as soon as you have some further info, please let me know... I 'manage' as webadmin for them other 7 web sites at TCH... and maybe I can help them too with your counceling...

Thanks again! :hug:


Rock Sign (as it do it always!)

Link to comment
Share on other sites

and... sorry but I ignore what is a Dynamic Address Pool... (it's like chiness for me... whitout offending the bright Chiness people that can deal with it...)

Sorry...sometimes I don't elaborate enough when I post while at work, as I'm posting between flipping through different windows. ;)


Dynamic Address Pool just means that your internet address can be different each time you connect. Because the address changes, there is a lack of ability to verify exactly who the sender is and block only that sender, so often the entire network is considered suspect.


The best thing to do is actually look at the response SpamAssassin has returned when the score is high enough to have it flag the email as spam (and make it an attachment). It should show the SpamAssassin rules that applied to the email, and what scores for each one were given. You can look at the ones that caused the highest scores to see if you can do anything about them.


Just grabbing an example analysis from a random one of the thousands of emails in my spam folder:


>Content analysis details:   (7.7 points, 5.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
0.8 HTML_30_40             BODY: Message is 30% to 40% HTML
0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE           BODY: HTML included in message
0.8 BIZ_TLD                URI: Contains a URL in the BIZ top-level domain
2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
             [Blocked - see <http://www.spamcop.net/bl.shtml?>]
2.5 RCVD_IN_DYNABLOCK      RBL: Sent directly from dynamic IP address
                           [ listed in dnsbl.sorbs.net]
0.1 RCVD_IN_SORBS          RBL: SORBS: sender is listed in SORBS
                           [ listed in dnsbl.sorbs.net]
1.1 RCVD_IN_DSBL           RBL: Received via a relay in list.dsbl.org


The above shows all the rules that were triggered when SpamAssassin evaluated the email (in this case, it truly is spam, but I'm just using it as an example).


You can see the highest two values are because the address is listed by Spamcop.net (score of 2.2), a spam reporting service, and because the address is dynamic (score of 2.5).


If you see something similar in your email, one option you have is send those important emails using Neomail (one of your webmail options). Neomail doesn't list your IP address as a received line (instead puts it in a comment header), so therefore shouldn't be used to evalute the email.


I know I just threw a lot of information at ya. If you have any questions, please ask.

Link to comment
Share on other sites

Dear Big Gorilla, THANK YOU A LOT!

I will try just now to learn what you send to me. It seems quite complicated.

I hope I can deal with it.

After I learn it and compare with what I receive. I will be back in contact to 'use' and abuse of your kindness,

It will be a very big problem if I can't use directly my Oulook... and enter each time the webmail, neomail... etc...

I have all my mails, addressess, agendas... etc. for each student and for each university in diffeent countries... already ordered in the Outlook...

It' will be impossible to manage every thing from the Neomail...

I will try to learn a little more waht you just answered to me...

Thank you indeed!

:( george ;)

Rock Sign

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...