How does the spam filter work and does it work correctly at all? These are the questions I have been asking myself for some time now. I receive emails on one of my mail accounts with the following details, which I can see in the advanced view in Roundcube (with criteria for dangerous spam that are absolutely self-evident to me):
From field, which is the only one shown in the normal view, like e.g.:
Amazon Prime © ™
Mediamarkt
UEFA EURO 2024 ©™
Lidl©™ customer service
But if you then dig a bit deeper, you’ll find out all kind of the following from-addresses:
info@arum998.everlasting065.hamidreza.co
info@angelica011.daffodil444.dreamcrafter.co
support@mellifluous720.rhapsody679.golfapponline.com
support@incandescent840.serene29.golfapp.club
support@euphoria458.sempiternal312.golfappweb.com
… then you look at the X-Spam-Report and see something like this:
* 1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
* 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
* 2.0 PYZOR_CHECK Listed in Pyzor
* 1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
* 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
* https://senderscore.org/blocklistlookup/
* [94.23.147.187 listed in bl.score.senderscore.com]
And after all those mails are going into the inbox, which is something I cannot understand and accept.
- I think all alarm bells should go off if the sender address does not match the sender, as can be seen here.
- Then so many, on top of that cryptic subdomains: this is unusual and very suspicious, the score should be downgraded significantly in my opinion.
- Finally, the spam filter should learn over time, don’t you think? One of the first such mails came at the beginning of the year and in more than half a year of being marked as spam, the filter has learned nothing. I still get those mails delivered into my inbox folder.
I mean this is no problem for me, just a really annoying and avoidable thing. But I don’t want to confront the people who use this mail server with it.
In the mean time I also checked the MiaB server at emailspooftest.com and mostly all of the mails that should not been delivered at all were delivered to the inbox or at least spam folder.
Is there anything that can be done here?