S.A. is failing to detect these floods of emails with "viagra" in the subject line. How difficult could that be? I know I'm not alone, because my customers are complaining too.

My theory: the spammers are testing out some new technique, fresh IP's on their botnets, or whatever, by using the most obvious spam subject lines possible. Then the real attack will begin. But in the meantime, it's ridiculous to call it spam-filtering when it's missing dozens of these every time I log on.

Help? I don't want to set up my own keyword filters, because they age so badly. Isn't that what a managed solution like S.A. is for? To stay updated?

My IpNation reports show SA's effective kill rate has dropped from around 95% in late March to about 57% last week. Meanwhile my IpNation filter kill rate is still sitting at 100%

My mistake on the description, often "Viagra" is in the FROM field, not the subject. There are no S.A. headers, so it looks like S.A. is scoring it as 0. I'm not sure how these headers work, but another message that did get a score has "Viagra" in the subject and shows this:
X-Spam-Report:
* 3.2 HELO_LH_HOME HELO_LH_HOME
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.1 RDNS_DYNAMIC Delivered to trusted network by host with
* dynamic-looking rDNS
* 0.6 DRUGS_ERECTILE Refers to an erectile drug

Another, with "Cialis" in the subject, and From: "Free Viagra And Cialis", shows:
X-Spam-Report:
* 0.0 SUBJECT_DRUG_GAP_C Subject contains a gappy version of 'cialis'
* 2.8 FB_CIALIS_LEO3 BODY: Uses a mis-spelled version of cialis.
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.1 RDNS_DYNAMIC Delivered to trusted network by host with
* dynamic-looking rDNS
* 0.6 DRUGS_ERECTILE Refers to an erectile drug
* 0.3 DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and HTML

I can why it is missing, 0.0, etc.

The S.A. version is two years old, but I guess has some more recent data in it.

I am not sure what you are saying there Kitchin. That is the SA information so it is there. That first one adds up to 3.9 and the second to 3.8.

Our install of SA is a little old however the rules are updated regularly.

BTW, here are the SA rules for that cialis test that showed 0.0:
20_drugs.cf:header SUBJECT_DRUG_GAP_C Subject =~ /\bc.{0,2}i.{0,2}a.{0,2}l.{0,2}i.{0,2}s\b/i
20_drugs.cf:describe SUBJECT_DRUG_GAP_C Subject contains a gappy version of 'cialis'
50_scores.cf:score SUBJECT_DRUG_GAP_C 0.001 0.001 0.508 0.003
From the low scores they gave it I am betting that they expect it to hit significant false positives.

I am saying that those two emails DID get a score, so I looked at them to see what SA was detecting. But for every two like that, I have twenty-two with "Viagra" or "Cialis", or both, in the From or Subject, and no SA score.

The subscores and names hint to me that SA is not looking at the From and Subject fields for these keywords.

All this started about 2 to 3 weeks ago. Which means... it will probably all change soon!

It would be helpful to know what are FQ's plans for SpamAssassin and whether it does get updates.

I am also looking for a solution to this. Over the last month or so my spam has increased dramatically. This morning alone the where 60+ spam emails in my inbox and my SA is set at 3.??? with the action of delete.

Outlook does a fantastic job of catching these and placing them in my junk folder but I just started recently using my iPhone to check my main email and getting that much spam on my phone is problematic.

Any solutions?

Lee

If you have the skill to install a script and are prepared to invest a bit of time in training/configuration I'd also make a suggestion that you take a look at ipNation. I've been through this process in the last 4 weeks and I'm currently getting a spam hit rate of 95%+. Yes it takes some time in training, but like Lee I'm not having to read it on my iPhone any longer.

Jarrod

I'm reluctant to reply yet, since any nuance seems to create confusion. For now I would just like to know if SA gets updates.

It would be helpful to know what are FQ's plans for SpamAssassin and whether it does get updates.The SpamAssassin pattern and score data is updated nightly. Unfortunately, the last update for the version we are running (3.2.5) was published on January 1st. The next version (3.3.0) was released on January 27th, so even SpamAssassin hasn't updated their rules since well before they pushed out a new version.

We had been avoiding installing the .0 releases, as they have had a bit of a history of bugs. I appear to have missed the 3.3.1 release announcement :umm: so I was still waiting for it to come out. We have begun planning the upgrade and hope to schedule it ASAP. There are a few dependencies listed that may conflict with existing software, so we're trying to make sure they can all be resolved before announcing.

The spam is now worse than ever! While SpamAssassin does snag several hundred a day for me, it is also letting way too much through.

The really frustrating thing is that while it lets through lots of spam, it also snags a substantial amount of legitimate email. My WhiteList is getting longer and longer.

Thanks Bruce!

Thanks, FQ!!! The spam blocking is much better now since the SA upgrade.