SPAM checking/detecting/filtering

[Suncatcher]

Any spam solutions for forwarding script? I found only one mention of spam in the script help:

Finish by naming the rule, ensuring it's enabled and that spam and virus checking are used.

which says nothing meaningful to me. Where should I ensure this? In what config?

I receive multiple spam messages to the whole range of addresses of my domain:

x2cuft5@maildomain.com
yd2ojit@maildomain.com
l0aaqdq@maildomain.com
ooyq101@maildomain.com

How to eliminate them? How to debug the reason of spam?

[jakubboucek]

Honestly, I have the same issue – AWS SES has very weak spam filter and here is no simple way to catch more spam until AWS doesn't make better filter on SES.

You cat try to use AWM ML to make your custom filtering, but currently this tool does not help you as is.

Naturally, if you have problem ONLY with spam from your own domain, you should protect your domain to spoofing domain identity by SPF & DKIM. It sure help with spam on AWS SES too.

[Suncatcher]

Ok, thanks, will research this tool. It worth implementing some filter in Lambda, even primitive one.

[Suncatcher]

If I got it right, SPF helps if someone is spoofing my domain and sends messages on my behalf, aka like from my domain. I suppose this is not the case for me, I receive usual spam generated for mass sending, and for some reason a big bunch of addresses (or the all) of my domain was caught.

Can we temporarily disable some domain via script? Something like forwarding all messages from domain0 to >/dev/null?
Is deleting domain from forwardMapping: { } dict is equivalent to that?

[Suncatcher]

Still no solution?

[ibarrajo]

@Suncatcher do you have an example spam email?

It would be very simple to add a header check for the following values that are included in the email file:

X-SES-Spam-Verdict: PASS
X-SES-Virus-Verdict: PASS

From AWS docs

Code example:
https://github.com/awsdocs/amazon-ses-developer-guide/blob/master/doc-source/receiving-email-action-lambda-example-functions.md

[Suncatcher]

do you have an example spam email?

already deleted all. It was something like: "I've got access to you PC, send me X bitcoins to get your data back". Surprisingly, all SPAM was sent only to domain highmail.ml, I've got rid of it already so can't provide you samples.

Anyway, thanks for the solution, if I encounter any, I will use it.

[Tharit]

I had the issue that I was forwarding a lot of spam and discovered this issue; turns out all the necessary info (spamVerdict etc) is in the first event passed to the lambda, so the email file does not even have to be loaded.
I added the following function:

/**
 * Filters out SPAM emails
 *
 * @param {object} event - Lambda event from inbound email received by AWS SES.
 *
 * @return {boolean} - true if classified as spam
 */
exports.filterSpam = function(event) {
  if(!event ||
    !event.Records ||
    event.Records.length != 1 ||
    !event.Records[0].ses) return false;

  const receipt = event.Records[0].ses.receipt;
  if(!receipt) return false;

  const verdicts = ['spamVerdict', 'virusVerdict', 'spfVerdict', 'dkimVerdict', 'dmarcVerdict'];
  for(let key of verdicts) {
    const verdict = receipt[key];
    if(verdict && verdict.status === 'FAIL') {
      console.log({level: "info", message: `rejected by spam filter; ${key} = ${verdict.status}`});
      return true;
    }
  }
      
  return false;
};

And then just insert the following three lines in the the lambdas entry point, directly at the start of the method:

if(exports.filterSpam(event)) {
    callback();
    return;
}

That way messages that fail any of the checks will simply be skipped. Seems to be working fine, and should not be overly strict, as according to the SES docs "FAIL" is only given as a verdict if something is really wrong.

[Suncatcher]

Wow, very cool. Will definitely worth a try.
Thanks a lot.

[arithmetric]

It would be great to add a configuration option for filtering/dropping emails that do not pass the AWS SES spam checks.