Spam Issue

[Lease4Less]

We are getting battered by spam.

I am not just talking about the usual SEO rubbish from India, or the lose 8 stone in a minute spam, but the potentially dangerous Zip File Spam that arrives in various formats from Companies House, HMRC, Wells Fargo, Fed Ex etc....

I have been banning the IP address of each spammy email that arrives, and have increased the SPAM assassin level but it hasn't made any difference.

Any suggestions?

Thanks in advance.

 

[leemason]

You might want to have a look at using an external SPAM filtering service like Google Postini: http://www.google.co.uk/postini/compare.html. The starter version is only £6.00 per user per year. It's well worth it.

 

[KM-Tiger]

Are you running your own mailserver? If you are there are things which might help.

I've had some success with the Clamav unofficial signatures for catching phishing type Spams.

And does your mailserver have a DNSRBL configured? zen.spamhaus.org will blcok a lot of botnets.

 

[HGSecurity]

We are getting battered by spam.

I am not just talking about the usual SEO rubbish from India, or the lose 8 stone in a minute spam, but the potentially dangerous Zip File Spam that arrives in various formats from Companies House, HMRC, Wells Fargo, Fed Ex etc....

I have been banning the IP address of each spammy email that arrives, and have increased the SPAM assassin level but it hasn't made any difference.

Any suggestions?

Thanks in advance.

As a company, we probably get about 25 of these a day on average. We just mark them as junk and delete them, but they're getting crafty - we had one today that was allegedly sent from sales@ our domain, but I knew that was fake because we don't have an email address by that name. Of course, the zip files are a dead giveaway, and most of them go straight to the junk folder now anyway.

 

[adamo]

I'm getting exactly the same emails - have tried SpamAssassin with no luck. Will see if ClamAV can help.. has anyone else had success with it?

 

[Lease4Less]

Thanks for the replys.

I'll have a look at the suggestions and see if they will work for us.

They are getting crafty, and I'm getting concerned that one of the staff is going to open up one of these files thinking that they are genuine information sent by a customer.

KM-Tiger - I'm not sure about the DNSRBL - I'll have find out, and I'll definately give the Clamav a go.

 

[lazypbx]

If you are running your own server then I would recommend MailScanner (http://www.mailscanner.info/)

It provides an easy solution which 'glues together' the various applications required to protect against spam and viruses.

 

[Bill1954]

We are getting them from [email protected] How do they do thtat ? we already use that email address. Of course we can't mark them as junk so they are just manually deleted. No one iin our sales wouls send a zip attachment

 

[lazypbx]

It's trivial to forge the from address in emails. A few reasons why spammers use the received domain in the from address; it's more likely to be trusted (so opened), it's not being relayed so it's not authenticated, often scanning is skipped on internal emails.

Generally speaking splitting the inbound/outbound mail servers makes management of email much easier. The incoming gateway can be set to filter any emails coming from your own domain (because internal email will always originate from the outgoing).