Massive Amount of SPAM JUNK EMAIL

Same here. The amount of spam received has gone up at least x10 during the last 2 weeks. When forwarded to Gmail, most of the extra spam doesn’t get through! (I read something recently about Gmail now rejecting more emails before they reach users’ accounts. Previously all my DH spam would be received by my Gmail spam folder).

Also the number of spam requests received via my DH FormMail script has gone up x10. Anyone else had an increase in DH FormMail spam?

Still having the same issues, seems like its getting worse. I’m on homiemail-sub5. The reply I got from Dreamhost was that
"The
issue is caused by our spam filtering servers not correctly handling
messages as specific quarantine levels."

Still hope their developers can come up with a solution. This is getting really old to deal with.

Hi, I’m on homie-sub4 also and also have seen a sharp uptick in spam.

Lots of it was from blogspot.com, and for me blacklisting blogspot.com seemed a good option, but I imagine not everyone would want to do that.


sam

Indeed, I’ve seen a mega-increase in SPAM over this summer. Most of it is caught by the filter (set to 1.16) but I still have to check for real email in the 300+ junk ones. Is this DH’s fault or only a delay in updating the filtering software? IF the former, has someone hacked the DH email servers to get all of the domains and/or addresses to target? Could someone be doing this by merely seeing the domains registered by DH, no hack necessary? It is certainly a pain.

I don’t think it’s dreamhost.

I have a number of email addresses hosted on dreamhost servers, with domain’s registered via dreamhost. We only have problem with inbound spam on one email address, that appears on one webpage in a mailto: link (same domain)… it started out as webmaster@example.com but as a workaround when ever the spam gets really bad I update it to webmasterXX@ and update the “forward only” email address. That solves it for awhile, but then the yan____ bot from russia that’s impossible to tell to keep away, or block, eventually notices and the spam begins to build again.

None of our other email addresses (both full email accounts and forward only’s) get spammed to any extent. One thing I suppose worth mentioning is that I don’t have the spam controls in the panel implemented. I don’t think it’s a “leak” at dreamhost, unless it’s just certain mail clusters other than mine that have a problem.

edit to add: I’m on homiemail-master - I suppose it could be a specific cluster with a “leakage”.

Yeah, it’s not hitting just Dreamhost, it’s a ton…

http://arstechnica.com/civis/viewtopic.php?f=21&t=1253157&start=0

But my other e-mails, the spam filters are all sufficiently adaptive to stop them. Dreamhost? No such luck so far… :frowning:

Same problem here.

Just my email gets masses of spam despite winding the Spam Assassin setting down to 2 (and filtering plenty of genuine email in the process).

I’m still getting 100+ spam a day and it has been doing this since the early Summer.

My wife and daughter (on the same domain) are not seeing this spam but I have had a much more active online existence so I guess I am a bigger target.

"I don’t understand why every email does not have x-spam headers."
I would like to know this as well, why do some of the emails have no X-spam headers and How can I fix it? Does anyone from DH ever chime in on this forum?

The SpamAssassin scores on my FormMail generated spam are very low (and sometimes negative) so would never be detected. Therefore I’m creating a separate email address for the “recipient”, and then using DH’s custom filters option to (eg) catch anything with a URL in it, before forwarding to the recipient’s real email address.

But this doesn’t help with all the new non-FormMail spam. (I’m on homiemail-mx1.)

I don’t know if this will help any of you but I have given up waiting for Dreamhosts to sort out the spam filtering. Yesterday I installed SpamDrain on my android phone. This connects to my dreamhost mailbox, finds the spam and removes it continuously thus stopping it ever reaching my inbox on any device.

I’ve only had it running less than a day but it has killed 58 spam so far (82% of my emails).

The only downside is that it is only a 2 week free trial after which I need to pay but at just $9.99 a year it is not too bad.

[quote=“Weed, post:29, topic:61838”]
The SpamAssassin scores on my FormMail generated spam are very low (and sometimes negative) so would never be detected. [/quote]

The spammers have apparently obtained or hijacked so many domain accounts that they are able to send messages with a sender envelope matching the domain of the machine sending them, and the headers do no reflect any funny business going on as a result.

The spam filters include tests, and there appears to be one test in particular that will drop the score of a message given the above situation. And if a message does not match any other tests that add to the score significantly, then it will have a low or negative score and not get tagged as spam or sent to quarantine.

Thanks for the explanation Atropos.

Spam now back to normal levels? Hardly any in the last 12 hours.

Though I’m still getting some FormMail generated spam (30+ in the last 24 hours) but it’s all being picked up by my filter. :slight_smile:

Oh gosh, don’t virtually yell at me…

How do I know which mail server I am on?(errr…yes, novice, sorry!!!) As suggested, who do I send this information too?

I just posted asking for solutions on the SPAM issue before I had understood the debate in this thread. Sorry about that, too.

Cris

From my experience DreamHost’s spam filtering was very limited in effectiveness. If you want good filtering, I run my mail through a 3rd party MX before it routes to the DH server. (ie http://www.spamhero.com) With the RoundCube/SpamHero setup, my mail has been rock solid! (With the benefits of being out of the clutches of Google)

for my small domain with like 10 mailboxes, spamhero currently says these stats:
Filtering Statistics (last 90 days):
(up through 09/11/2014)

Total messages: 91,650
Clean: 12,884
Spam: 78,766
False Positives: 134
Missed Spam: 930
Effectiveness: 98.83%

Thats 85% spam!! And myself and my partner manually marked 930 in the last month or so that did get through which in theory contributes to their global filters.

I agree there definitely seemed to be an uptick in spam activity in the last month or so, which in the last 2 weeks seems to have settled down - or SpamHero is now better able to filter them.

I kept on looking for this feature but I never really found it. Does Dreamhost have a “Blacklist” feature? The idea is to connect to dnsbl.info to download IP addresses of known spammers then block emails based on the source IPs from their list. I think if this is possible, it will improve the spam filtering effectiveness.

I’ve had an increase in spam lately too, so I came to this forum looking for info. What might surprise you is that I’ve been a DH customer for about 8 years but I don’t host email here. I get business email through a third-party company dedicated to providing email services. But the volume of spam even through them has increased lately. And I get mailing lists and other non-critical mail through Yahoo, which is also letting through a lot more than previously. So I don’t think this is a DH-specific phenomenon.

I came here because I was hoping to find people singing praises of DH for improved email services, but I see it’s as crappy as always. That’s really a shame. They have such an opportunity to take the industry by storm and do something really amazing - but in this respect they’re content to follow right along with their competitors, just trying to patch the old technology when it breaks. Suggestions for improvement were discussed in another thread a year ago.

So I was hoping I would find compelling reasons to shift my email services here. But now I’m just reassured that the $35/month I’m paying another company is still probably getting me better service.

@Peleus, don’t put too much faith in DNSBLs. All of these companies already rely on the block-lists. Unfortunately those lists will ban a huge block of IPs when there might be a single bad guy using them - and that bad guy might have just hacked someone’s account. The net result is that you won’t get mail from legitimate sources if your BL is too aggressive. My for-fee service was blocked like this, and my mail wasn’t being received by clients. DH gets hit like this once in a while too. So on one hand I’m saying don’t trust the BLs too much, and on the other hand I’m saying you’re already using them. :slight_smile: HTH

I’ve found 2 things associated with the massive influx of spam.

  1. Most of it seems to be coming from hq.newdream.net which is hosted on DreamHost.
  2. Setting filters to label from Headers contains .*198.12.8and Headers contains.*198.12.9` for filtering a range of IP addresses seems to have great efficacy but might label non-spam.

Of my last ~800 e-mail messages, maybe 50% were legitimate, of the other 50%…

Dreamhost’s spam filter missed 95.8% of them. My client-side filter caught the 95.8%, still missed 4.2%-- but missing only 4.2% is a hell of a lot better than missing the 95.8% of the spam e-mails…

I contacted DreamHost support regarding Spam several months ago. They suggested blacklisting addresses and domains frequently. That doesn’t/isn’t going to/will not work for reasons that should be obvious. It is good that they are using some Spam filtering but, it is obviously not enough for some of our email addresses for some reason.

Here are a couple of extracts from Spam email headers:

X-DH-Virus-Scanned: Debian amavisd-new at madmax.dreamhost.com
X-Spam-Flag: NO
X-Spam-Score: -1.05
X-Spam-Level:
X-Spam-Status: No, score=-1.05 tagged_above=-999 required=0
tests=[HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-1.051] autolearn=disabled

X-DH-Virus-Scanned: Debian amavisd-new at diehard.dreamhost.com
X-Spam-Flag: NO
X-Spam-Score: -0.009
X-Spam-Level:
X-Spam-Status: No, score=-0.009 tagged_above=-999 required=0
tests=[HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=disabled

My mail server is homiemail-sub5.

I think a collaberative Spam reporting system would help. I think it’d also help to turn on autolearning but there must be a good reason why it is off.

I found it helped to set my quarantine level to .01 (note the decimal point). I used to be able to set it to a negative number which helped but, we can no longer do that. The system will also not accept 0 for a value. The lowest it can be set is .01.

I would love to use a whitelist system and block all other mail but it won’t work when spam can still get by the quarantine level with negative numbers.

As for mail filtering … It works as long as you are willing to keep the list meticulously updated with the ever changing varieties of Spam that cross your path. I currently have an email filter list with over 50 filters in it based on the “From” field. In the last round of Spam I found that field had the most consistant info in it. In the most recent round the “From” field isn’t very consistant so I can rarely use it to filter the Spam.

Same problem, same timeframe, same lousy detection percentages… Moved to gmail, and in first week got 392 spam, 22 real messages, 100% accuracy for spam detection.