Black List anomaly

I didn't know where to post this, so to be safe, I picked Lounge.

My ISP provides either an Anti-Spam filter or Black List function with it's e-mail service, not both.

For reasons too lengthy to explain here, I can't use the Anti-Spam filter, so I opt for the Black List. I only have one e-mail address on my Black List (I get very little Spam). That doesn't seem to work, at least not all the time.

It's not really a problem, since I just throw that occassional e-mail into the Trash. I seemed to be getting many more from this addy than before I put it on the Black List, but I would think it would eliminate ALL from them.

I'm just curious as to how any of it gets past the Black List.

Here is the addy I have in my Black List <esisc@esisc.org>

I thought maybe there might be a clue in the heading info.

Here is the heading information (with my actual e-mail address changed by me for this posting to <myrealemailaddress>) from the e-mail that got past the Black List and into my <myrealemailaddress> Inbox.

I asked at the ISP Technical Help desk and they didn't seem to have any idea.

Can anyone explain "how they (Spammers) do that?"

=================================================
From - Sun Oct 22 11:58:47 2006
X-Account-Key: account2
X-UIDL: 1161523110.6093.artemis,S=6118
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <esisc@esisc.org>
Delivered-To: <myrealemailaddress>
Received: (qmail 6091 invoked from network); 22 Oct 2006 13:18:30 -0000
Received: from drdiller.localnet.sys ([10.0.7.56])
by artemis.localnet.sys (qmail-ldap-1.03) with QMQP; 22 Oct 2006 13:18:30 -0000
Delivered-To: CLUSTERHOST inbound4.localnet.com <myrealemailaddress>
Received: (qmail 18444 invoked from network); 22 Oct 2006 13:18:29 -0000
Received: from unknown (HELO outmx015.isp.belgacom.be) ([195.238.4.87])
(envelope-sender <esisc@esisc.org>)
by inbound4.localnet.com (qmail-ldap-1.03) with SMTP
for <myrealemailaddress>; 22 Oct 2006 13:18:29 -0000
Received: from outmx015.isp.belgacom.be (localhost [127.0.0.1])
by outmx015.isp.belgacom.be (8.12.11.20060308/8.12.11/Skynet-OUT-2.22) with ESMTP id k9MDILeE006250
for <myrealemailaddress>; Sun, 22 Oct 2006 15:18:24 +0200
(envelope-from <esisc@esisc.org>)
Received: from IBMLMWW1DB (5.178-65-87.adsl-dyn.isp.belgacom.be [87.65.178.5])
by outmx015.isp.belgacom.be (8.12.11.20060308/8.12.11/Skynet-OUT-2.22) with ESMTP id k9MDI86x006110;
Sun, 22 Oct 2006 15:18:15 +0200
(envelope-from <esisc@esisc.org>)
From: "ESISC" <esisc@esisc.org>
To: "ESISC" <esisc@esisc.org>
Subject: France/Air Security: Islamist propaganda surrounding the affair involving baggage handlers at Roissy airport
Date: Sun, 22 Oct 2006 15:18:07 +0200
Message-ID: <015501c6f5dc$850cd9e0$67fe16ac@IBMLMWW1DB>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0156_01C6F5ED.4895A9E0"
X-Priority: 1 (Highest)
X-MSMail-Priority: High
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Importance: High
Thread-Index: Acb13C7MxV2TwVKwQWG6HEl6EKJpbwAAA5QQ

This is a multi-part message in MIME format.
=================================================

 

I thought the last part of the e-mail addy was the domain i.e. (esisc.org)

I don't really need mailwasher. I only get about one Spam e-mail from this addy each week. I just click on Delete, rather than Open.

 

I'm told (ISP Help Desk Technician) that the Black List is a list of addys that the filter looks for in the From: portion of the incoming e-mail. If the e-mail is 'from' the listed addy then it 'blocks' it from being placed in your Inbox.

That is all it does. If the From: addy is not on the list then it places it in the Inbox.

When I looked at the header (shown in my original post) it seemed to me that the From: addy was exactly the same addy that I have on my Black List.

The ISP technician was at a loss to explain it, but admitted it didn't know much about the various 'tricks' Spammers use to fool filters.

I thought maybe someone on this forum might be more knowledgeable and could explain this apparent deception.

I'm just curious. I'd like to know 'how they do this?'

 

Whos your ISP?

 

You can tell that from the header info -

Specifically -

Delivered-To: CLUSTERHOST inbound4.localnet.com <myrealemailaddress>

Localnet.com

 

I just had a long conversation (via support chat) with a different Help Desk technician and he told me that the Black List function only works to block listed e-mails when one logs on to their web mail.

Doesn't work if you use an e-mailer like Thunderbird, which is what I do.

Sort of a Catch-22. If you don't 'look' at your Inbox by logging on to the web mail, it lets it through. If you do log-on, you won't see it or any evidence that it had been there.

Sorry to have taken up time and space discussing this 'non'-event.

 

I don't believe that one bit, a decent spam filture/block list should remove the mail even if your using pop (outlook or outlook express or a mail cliant from) or a webmail site to retrive your mail. I just don't buy it, as far as the email getting through i believe this is the section that concerns us
From: "ESISC" <esisc@esisc.org>
this is where they forge your form address, thus bypassing your mail filture. The isp isn't using a very great spam filtures solution if it doesn't catch this.

 

They're obviously completely inept. They have a blacklist on their webmail client and not on the MTA itself? That seems ridiculous.

Appart from that, Blacklists are completely usless for stopping spam. Spammers will never, ever use the same address twice and the domains are usually random too.

You should use a Greylist or even a whitelist if you want to stop spam. Spamassasin does a good job of that - who knows why they havn't got that installed....

 

I feel that I should defend the ISP, to some extent. They have been in business since 1995 and that's a looong time, so they must be doing something right.

I've been with 10 or more ISPs in the past 20 years and localnet.com has the best tech support of any of them. Sometimes when I dial their 800 support line a real technician answers on the first ring.

They recently installed a new spam filter. It is separate from the BlackList/WhiteList function, so I am told. I have the filter turned off.

I've never had to use their filter (old or new) and really still don't need it. I get very little spam, but (ah...the big but) I do get orders for my books via PayPal and these have a different From: addy on each one, since it's the addy of the person placing the order. The content of the PayPay e-mail 'looks' very spam like (imbedded links to display their logos and bunches of other stuff) in addition to the basic order information I need to be able to ship out my books. Don't want to block a single one of those.

In any case, I've only been trying to BlackList this one addy, since it's political propaganda that I have no interest in reading.

Since I don't know very much about what spammers do and how the get around filters, I though this post would educate me a bit. Years ago, when I was on AOL, I'd get 20- 25 spam e-mails at a crack. Sometimes more would come in before I could delete those already there. Leaving AOL solved that spam problem.

Didn't mean to make a big fuss about it. I'll continue to click on Delete instead of Open.

Thanks for you interest