; tflags __RCVD_IN_MSPIKE_L net
> reuse __RCVD_IN_MSPIKE_L
> header __RCVD_IN_MSPIKE_Z
> eval:check_rbl_sub('mspikeb-lastexternal', '127.0.0.2')
>
> Am 20.05.25 um 18:42 schrieb Rupert Gallagher:
>
> > I assume some of you is using it.
> >
> > https:/
I assume some of you is using it.
https://cwiki.apache.org/confluence/display/spamassassin/DnsBlocklists#dnsbl-block
On Tuesday, May 20th, 2025 at 5:32 PM, Rupert Gallagher
wrote:
>
>
> Hello,
>
> Is rep.mailspike.net working for you?
>
> If I query 7
Hello,
Is rep.mailspike.net working for you?
If I query 78.153.140.99 at https://mailspike.io/ip_verify I get 127.0.0.11,
however if I query using dig I get no answer at all, and the name server itself
does not exist.
> dig +short -t A 99.140.153.78.rep.mailspike.net
[no answer]
> dig @1.1.1
https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=561ac22d-1661-421c-85c3-52f68d2f46cb
Original Message
> Given the From: address can be so easily faked is a rule testing its
> validity a great idea?
Yesterday I disabled DKIM as a spam indicator, because I got tired of adding
exceptions. Non-compliant relays should fail hard, but they do not. This is a
tragedy.
mostly spam.
Original Message
On May 10, 2024, 17:18, Rupert Gallagher wrote:
> I only have stock and KAM, and it is definitely not a custom rule of mine.
>
> Original Message
> On May 10, 2024, 17:11, Matus UHLAR - fantomas wrote:
>
>> On 1
I only have stock and KAM, and it is definitely not a custom rule of mine.
Original Message
On May 10, 2024, 17:11, Matus UHLAR - fantomas wrote:
> On 10.05.24 15:08, Rupert Gallagher wrote: >My local evidence does not
> support the general claim that 90% of .com is s
My local evidence does not support the general claim that 90% of .com is spam.
I just received a mail from informat...@info.email.ikea.com marked as spam,
with positive R_DCD. The rule did not trigger on mail from other .com addresses.
I do not know what R_DCD means, and search indexes do not he
When hotmail user sends from outbound.protection.outlook.com, the SA rule must
not intervene.
I see this in live mail, sent by RFC clueless administrators, causing business
mail to be either rejected or quarantined.
On production systems, the good mail server should self-discipline and fail
hard, compelling the system administrator to take action.
Original Message
On F
cyber spaking -> cyber spanking
---
The Grammar Nazi in me
Original Message
On Feb 16, 2024, 12:12, Rupert Gallagher wrote:
> You are seing it yourself. Their e-mails fail SPF allignment, SPF
> authentication and DKIM authentication. As a consequence, they fail DMA
You are seing it yourself. Their e-mails fail SPF allignment, SPF
authentication and DKIM authentication. As a consequence, they fail DMARC.
I see a deluge of DMARC failures, mostly from forwarding accounts, mailing
lists, and the mass mailer musvc.com
I do not have the resources to contact the
Rule broken. Please update.
We all need a rule for things like the following:
coinbase.com=
/VERIFY
Note: Both client and server are not Windows. The attached file type is a
generic "data" on unix. On a Windows client the file runs as executable. A SA
rule should merely detect that the file type is a generic "data" file.
Original Message
On Feb 7,
I received a spam with score -1. Well written, looks legit commercial, asking
for a quotation, with details in the attachment, a 3MB file with unknown
extension ".one".
The file turns out to be a Windows Trojan:
https://www.virustotal.com/gui/file/f4d587f60f2d34add9f77fcbd8c3c0df3ca51cfaecd9de8
Message-Id:
Read RFC 822, pp. 44-46.
If your answer is that the latest RFC allows for it, the my reply is: my mail,
my rules, so I apply the most stringent rules.
Original Message
On 15 Jan 2023, 20:47, Alex wrote:
> Hi,
>
> X-Spam-Status: No, score=1.102 tagged_above=-200
Original Message
On Nov 4, 2021, 09:34, Damian < spamassas...@arcsin.de> wrote:
> >> Please convert all source code to ASCII. If it fails to compile,
> then it may have a trojan hiding in Unicode clothing.
>
> >Instructions unclear.
>
> CVE 2021-42574
> It remains unclear (to me)
Original Message
On Nov 4, 2021, 07:45, Damian < spamassas...@arcsin.de> wrote:
>> Please convert all source code to ASCII. If it fails to compile, then it may
>> have a trojan hiding in Unicode clothing.
>Instructions unclear.
CVE 2021-42574
Please convert all source code to ASCII. If it fails to compile, then it may
have a trojan hiding in Unicode clothing.
Original Message
On Sep 24, 2021, 18:30, Grant Taylor < gtay...@tnetconsulting.net> wrote:
On 9/24/21 10:17 AM, Rupert Gallagher wrote:
>> The RFC 5322 as cited is concerned about domains and their internet
>> address, where the sender's address needs t
Anyway, this part of the original RFC 822 reads loud and clear on the matter.
Each new RFC aiming to improve it seems the result of spamming lobbies aiming
at hiding themselves. The latest grammar for MIDs is horrible.
Original Message
On Sep 24, 2021, 18:17, Rupert Gallagher
cross autonomous systems
calls for *public* fully qualified domain names and their *public* IP
addresses, or the delivery will fail.
Original Message
On Sep 23, 2021, 19:56, Grant Taylor < gtay...@tnetconsulting.net> wrote:
On 9/23/21 2:38 AM, Rupert Gallagher wrote:
> A LAN
A LAN address is not the "Internet address of the particular host", and
therefore, by RFC 5322 line 969, the header in the OP is not RFC compliant.
Original Message
On Sep 21, 2021, 20:54, Grant Taylor wrote:
The use of a domain name or IP literal is RECOMMENDED, not even a
SHO
My mistake in quoting. The IP was 192.168.1.30, a LAN address.
Original Message
On Sep 21, 2021, 19:25, Dave Funk < dbf...@engineering.uiowa.edu> wrote:
On Tue, 21 Sep 2021, Bill Cole wrote:
> On 2021-09-21 at 12:25:30 UTC-0400 (Tue, 21 Sep 2021 10:25:30 -0600)
> Grant Taylor
>
An unknown MUA (user agent header removed by sender) writes its Message-IDs as
.
Is the header syntactically corrext?
A custom SpamAssassin rule added a penalty for syntax error, and another for
using a non-public address.
A clickable picture should trigger a web client only if the pdf contains a
script for this action, which you can detect using clamav.
Original Message
On Jun 4, 2021, 08:19, Benoît Panizzon < benoit.paniz...@imp.ch> wrote:
Hi Gang
In the last couple of weeks, I have seen a lot o
Original Message
On Apr 7, 2021, 20:40, Jared Hall <> wrote:
- Better Unibabble bibber-blabber blockage.
This makes sense not.
We get that from face-to-face leads from hell.
Original Message
On Apr 7, 2021, 03:27, Grant Taylor wrote:
I've seen a few where they are asking for samples prior to -- purportedly --
submitting an order.
I love projects that are long in technical nonsense and short in motivation.
Original Message
On Mar 26, 2021, 21:40, Jared Hall < ja...@jaredsec.com> wrote:
A new version of CHAOS.pm is available: https://github.com/telecom2k3/CHAOS
The module can run in Tag mode, AutoISP mode,
Note that gmail lets the first Received non public (it is the sender's
machine). This is both a violation of the RFC and a tiny data breach. If you
are ok with it, then whitelist the stinker.
Original Message
On Jan 28, 2021, 08:11, Rupert Gallagher < r...@proton
All Received must be public domains or literals by RFC. We reject such non
compliant e-mails upfront, and I recommend you do the same.
Original Message
On Jan 27, 2021, 20:18, Loren Wilton < lwil...@earthlink.net> wrote:
Has anyone been getting spams from "ViraLife"? They have s
I see a deluge of spam from google.com, catched at FROM, all containing an
@NXDOMAIN. Google is tripping on its own shoe laces in this period.
Original Message
On Dec 14, 2020, 12:01, Iulian Stan wrote:
> Hi all,
>
> First of all i am writing this email from yahoo because from
Original Message
On Aug 20, 2020, 18:13, Loren Wilton < lwil...@earthlink.net> wrote:
I've started receiving a bunch of spam or more likely phish mails that
contain the following sort of trash in large quantities between almost every
word of the visible text. The invisible font ru
The domains turn out to be already in the rfc-clueless.org database since 2014.
Original Message
On 1 Aug 2020, 14:58, Rupert Gallagher < r...@protonmail.com> wrote:
Two well known companies in my country persist in making the mistake of writing
their mid with a non-publi
Original Message
On 2 Aug 2020, 17:02, Bill Cole < sausers-20150...@billmail.scconsult.com>
wrote:
> if you want to authenticate email, ...
The helo is a necessary, but not sufficient criteria for authentication. I use
them all, up to dane. However, they all fail with those tw
Original Message
On 2 Aug 2020, 17:02, Bill Cole < sausers-20150...@billmail.scconsult.com>
wrote:
> smtpd_helo_restrictions
Good idea. Thank you.
have the doubt on
the authenticity of their e-mails. No thank you.
Original Message
On 2 Aug 2020, 15:54, Kevin A. McGrail < kmcgr...@apache.org> wrote:
On 8/2/2020 9:18 AM, Rupert Gallagher wrote:
> They will procrastinate until the end of time unless we do something.
.
Original Message
On 2 Aug 2020, 12:30, Matus UHLAR - fantomas < uh...@fantomas.sk> wrote:
On 02.08.20 05:11, Rupert Gallagher wrote:
>Correction: it is not the mid, it is the helo.
oh... this is something quite different.
But unless multiple servers start implementing reject_unknown_helo
Correction: it is not the mid, it is the helo.
Original Message
On 1 Aug 2020, 14:58, Rupert Gallagher < r...@protonmail.com> wrote:
Two well known companies in my country persist in making the mistake of writing
their mid with a non-public fqdn, violating the rfc. It ha
They have explicit consent to send rfc compliant e-mail. Rfc-clueless.org
seems.a good starting point.
Thank you
Original Message
On 1 Aug 2020, 15:53, Kevin A. McGrail < kmcgr...@apache.org> wrote:
On Sat, Aug 1, 2020 at 8:59 AM Rupert Gallagher wrote:
Two well
Two well known companies in my country persist in making the mistake of writing
their mid with a non-public fqdn, violating the rfc. It has been so for the
past three years, with me sending detailed, manually written error messages to
their painstakingly collected admin addresses. Their answer i
Your LinkedIn post thanks the Guardian while hitting on us by hiding our lack
of consent.
Original Message
On 16 Jul 2020, 01:24, Kevin A. McGrail < kmcgr...@apache.org> wrote:
All:
We're getting some positive attention from the verbiage change. See
https://www.linkedin.com/post
> racially-charged nature of blacklist
There is no such thing.
Black list originates from black book, that is a book with white pages and
black cover, with black ink, where sins are listed in haven for you to be
judged upon.
On the colour of the cover, it is black because that's how old leathe
Whatever you do under the hood, make sure it does not affect external behaviour.
On your motivation, bear in mind that *lists here contain computer addresses,
not people, so the reference you are trying to fix is mistaken, and changes
will be painstaking for no reason at all.
And the terms mast
Fails with travelling clients.
Original Message
On Mar 3, 2020, 16:49, Benny Pedersen wrote:
> Marc Roos skrev den 2020-03-03 16:15:
>> Use ipset, hardly causing any latency using 50k entries.
>
> i dont need to block 50k entries, but only whitelist few accepted client
> ips, wh
The real problem is their database.
For the purposes of SA, the whois database is good enough.
On Mon, May 6, 2019 at 17:20, Alex wrote:
> Hi all,
>
> I'm looking for the GeoIP2 and IP Country packages for fedora/CentOS
> needed for the RelayCountry plugin. I believe there were some license
> c
Let's talk about those works of art that elude our best filters. Written and
posted like a legit message, their only threat is a big red button with a label
that says "do not push me". In truth, they are just a "click here for your
overdue bill" and similar hooks for the gullible few.
There are
I reject tons of spam from OVH. So much that I am banning whole CIDRs. Whatever
they do, it's not working.
On Sat, Mar 23, 2019 at 12:53, Giovanni Bechis wrote
> Hi,
> this is what OVH does (article in french, sorry):
> https://www.numerama.com/magazine/26297-ovh-copie-et-analyse-tous-les-e-mai
I agree with Benny on port 25.
I disagree with Kevin on port 587, because it is vulnerable to mitm attacks.
I was royally pissed when they introduced port 587 and deprecated port 465.
Port 587 is an RFC mandated security loophole. Port 465 is golden.
On Sat, Mar 23, 2019 at 03:01, Kevin A. McGr
I think you are in for a lot of pain. This is the view from my seat. If my
company has a client that sends spam using my IP, then my IP earns a bad
reputation and is blacklisted. Therefore, my other clients are blacklisted too,
even if they do not send spam. If I do not solve the problem, then I
Tarpitting?
On Mon, Mar 11, 2019 at 10:03, Pedro David Marco wrote:
> Hi all,
>
> Not a long time ago someone in the list mentioned an interesting antiDos
> mitigation technique consisting in "playing" with attackers TCP windows
> sizes... (as far as i remember)... but i cannot find the post w
many emails to process. It is even more
> significant if you run the test locally.
>
> On 3/1/2019 5:09 PM, Rupert Gallagher wrote:
>
>> Case study:
>>
>> example.com bans any e-mail sent from its third levels up, and does it by
>> spf.
>>
>> spf-banned
os do the
compliance heavy lifting by forcing a sane To header. That's all. If you want
to talk more in general about GDPR, I do it everyday, so leave me alone on
weekends, will you? :-)
On Fri, Mar 1, 2019 at 22:41, Grant Taylor wrote:
> On 03/01/2019 01:25 AM, Rupert Gallagher wrote
Case study:
example.com bans any e-mail sent from its third levels up, and does it by spf.
spf-banned.example.com sent mail, and my SA at server.com adds a big fat
penalty, high enough to bounch it.
Suppose I do not bounch it, and use your filter to check for its websites. It
turns out that bo
A future-proof list that complies with GDPR would automatically rewrite the To
header, leaving the list address only. Any other recipient will still receive
it from the original sender.
On Thu, Feb 28, 2019 at 20:29, Mike Marynowski wrote:
> Unfortunately I don't see a reply-to header on your
Live backups are unheard of. The best I can do is a write protected hourly
backup, with manual restore...
Sent from ProtonMail Mobile
On Fri, Feb 15, 2019 at 14:07, @lbutlr wrote:
> On 14 Feb 2019, at 19:31, Grant Taylor wrote:
>>
>> If VFE had backups stored off-site via something like Amazo
Cole
wrote:
> On 12 Feb 2019, at 15:04, Rupert Gallagher wrote:
>
>> Ehhh not available on bsd with pf, or so it was the last time I
>> checked.
>
> A good 'tarpit' tool that IS available for *BSD (originating on OpenBSD)
> is 'spamd' which u
On Wed, Feb 13, 2019 at 17:51, Pedro David Marco wrote:
> FYI
>
> [https://thehackernews.com/2019/02/vfemail-cyber-attack.html](https://thehackernews.com/2019/02/vfemail-cyber-attack.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Sec
On Tue, Feb 12, 2019 at 18:34, RW wrote:
> On Tue, 12 Feb 2019 16:49:27 +
> Rupert Gallagher wrote:
>
> Before the change, the
>> service stated that the IP fell into their spamtrap, whatever that
>> is.
>
> Seriously?
>
>> The fact remains that
Ehhh not available on bsd with pf, or so it was the last time I checked.
Good for you as you have it! It is a fantastic piece of aikido.
On Tue, Feb 12, 2019 at 18:19, John Hardin wrote:
> On Tue, 12 Feb 2019, Rupert Gallagher wrote:
>
>> and we have now blocked their IP at
I like it!
On Tue, Feb 12, 2019 at 18:15, John Hardin wrote:
> On Tue, 12 Feb 2019, Rupert Gallagher wrote:
>
>> Let see if the mail arrives with the correct escaping this time.
>>
>> body __HAS_URI /(http|https):///
>> tflags __HAS_URI multiple
>> meta TMU (
Ah, ok...
On Tue, Feb 12, 2019 at 18:04, RW wrote:
> On Tue, 12 Feb 2019 16:38:47 +
> Rupert Gallagher wrote:
>
>> Let see if the mail arrives with the correct escaping this time.
>>
>> body __HAS_URI /(http|https):///
>> tflags __HAS_URI multiple
>>
Note that the "too many uris" thing has nothing to do with the Russian gremlin
who, in the meantime, has disabled the part of the rbl that explains why the IP
was listed. Before the change, the service stated that the IP fell into their
spamtrap, whatever that is. The fact remains that we have n
Let see if the mail arrives with the correct escaping this time.
body __HAS_URI /(http|https):\/\//
tflags __HAS_URI multiple
meta TMU ( _HAS_URI > 10 )
describe TMU Too many URIs (>10)
score TMU 5.0
As rightly noted, the same link is counted twice, for text and html bodies when
they are pres
full __HAS_URI /(http|https):///
tflags __HAS_URI multiple
meta TMU ( _HAS_URI > 10 )
describe TMU Too many URIs (>10)
score TMU 5.0
On Thu, Feb 7, 2019 at 09:12, MAYER Hans wrote:
>
>
>> … All emails were spam with links. …
>
> We receive such spam mails with a lot of links too.
>
> Is there
On Wed, Feb 6, 2019 at 15:42, RW wrote:
> On Wed, 06 Feb 2019 11:55:07 +
> Rupert Gallagher wrote:
>
>> This is to inform about a new type of SPAM aggression.
>>
>> We received from Russia, for months, and redirected them
>> automatically to an administrat
arm is done.
>
> The interesting part is which "engines" (I guess that you mean antispam
> software or antispam saas providers) think that such a DNSBL should be
> actually used. Can you disclose which parties you found?
>
> Kind regards,
>
> Tom
>
> On 06-02-19
The spammers at gremlin.ru have just created a homepage, with no information on
how to delist an IP.
Their fake dnsbl is listed as genuine in at least two antispam engines.
On Wed, Feb 6, 2019 at 12:55, Rupert Gallagher wrote:
> This is to inform about a new type of SPAM aggression.
>
This is to inform about a new type of SPAM aggression.
We received from Russia, for months, and redirected them automatically to an
administrative address for manual inspection. All emails were spam with links.
From the standpoint of the attacker(s), all emails were delivered, but none
turned i
I would focus on the headers: they have plenty for a spam flag. On the body, SA
should already mark the text/code ratio, and the number of links.
On Sun, Jan 27, 2019 at 05:43, Mark London wrote:
> Does anyone have any rules that can catch this type of obfuscated spam?
>
> https://pastebin.com/
row
Sent from ProtonMail Mobile
On Wed, Jan 23, 2019 at 14:42, Rupert Gallagher wrote:
> Nope. We are celebrating the 5th month in a raw with zero spam in users
> folders.
>
> On Tue, Jan 22, 2019 at 18:12, Pedro David Marco
> wrote:
>
>> Out of curiosity...
>
Nope. We are celebrating the 5th month in a raw with zero spam in users folders.
On Tue, Jan 22, 2019 at 18:12, Pedro David Marco wrote:
> Out of curiosity...
>
> we are noticing a huge spam increase (x10) from the last 2 days... maybe any
> reactivated botnet???
>
> is someone noticing it as w
Sorry! Ignore/delete.
On Thu, Jan 3, 2019 at 11:42, Rupert Gallagher wrote:
> The compiler returns many warnings, and the test returns two IPv6-related
> errors. I am attaching both logs as reference.
>
> ‐‐‐ Original Message ‐‐‐
> On Thursday, January 3, 2019 9:5
Please paste the original header.
On Mon, Dec 17, 2018 at 20:15, Mark London wrote:
> This email hit the new (to me) BITCOIN_PAY_ME rule. Never ending fun. 😟
>
> Begin forwarded message:
>
>> From: "Broaddus Walther"
>> Date: December 17, 2018 at 1:49:04 PM EST
>> To: m...@psfc.mit.edu
>> Subj
Problem solved last year on this list.
Sent from ProtonMail Mobile
On Wed, Dec 12, 2018 at 15:32, Benny Pedersen wrote:
> Matus UHLAR - fantomas skrev den 2018-12-12 14:55:
>
>> From: "name surname "
>
> From:name ne From:addr
>
> dont know if sa can test this
Fri, Nov 30, 2018 at 10:06, Matus UHLAR - fantomas wrote:
> On 29.11.18 09:30, Rupert Gallagher wrote:
>>Message-ID and To have the same domain, but From does not. You should have
>> never received that mail.
>
> this happens when message-id is added by mailserver of the re
Message-ID and To have the same domain, but From does not. You should have
never received that mail.
On Wed, Nov 28, 2018 at 19:15, Rick Gutierrez wrote:
> El mié., 28 nov. 2018 a las 6:03, Christian Grunfeld
> () escribió:
>>
>> Hi,
>>
>> this is a logcould you paste the email headers?
>>
The "right to be forgotten" is the natural outcome of three decades of
self-inflicted pain. Some argue that deleting old e-mails is like re-writing
history. Other, like me, argue that e-mail was born as an informal medium,
different than, for example, a published book or factual evidence of a
g
On Wed, Nov 21, 2018 at 03:41, John Hardin wrote:
> On Tue, 20 Nov 2018, Rupert Gallagher wrote:
>
>> The email address is an address, part of your personally identifiable
>> data.
>
> I'm not disputing that. I write software that deals with PII in my day job.
>
Nov 2018, Rupert Gallagher wrote:
>
>> Yes, if you are European, and might get some money as compensation.
>
> From a US political advocacy group which has no commercial presence in EU?
> How does GDPR apply in that situation?
>
>> On Mon, Nov 19, 2018 at 04:19, Joe Ac
Spam is income for those who sell it, a cost for those who buy it, and a
liability for those who receive it. Thousands of junk and weaponized messages
try their luck while wasting our resources. It is not by accident that we have
anti-spam laws. Our unpaid job is to reject spam efficiently. Some
Yes, if you are European, and might get some money as compensation.
On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4 wrote:
> Gents,
>
> I somehow became subscribed to a list, political in nature, in whose mail I
> have no interest. This is a legitimate AFAIK, US organization.
>
> Thus far, sever
.local is a valid tld for LANs.
Please do not mess with the DNS.
On Sun, Nov 4, 2018 at 17:14, Benny Pedersen wrote:
> is it a problem ?
>
> i think it should be solved to make configfiles local dns resolved only,
> if at all it needs to be dns
>
> so cf changes to cf.localdomain or cf.localhost
...catched sending spam to a gmail address, twice, using our fqdn.
From google:
google.com
noreply-dmarc-supp...@google.com
[...]
example.com
s
s
reject
reject
100
154.57.155.23
2
none
pass
I see a vps and an ".expert" tld sender domain. My servers handle those with a
REJECT rule.
On Fri, Oct 12, 2018 at 15:11, Brent Clark wrote:
> Good day Guys
>
> I am getting quite a bit of image spam, and googling put me in the
> direction of a tool called FuzzyOCR.
>
> What I did was configur
My comments on
http://pralab.diee.unica.it/en/ImageCerberus
IC is an effort to dig a hole in the water, because the problem of image spam
with obfuscated text cannot be solved by ocr.
My approach is a "better safe than sorry" best practice that anyone can
implement with existing software:
1.
, 2018 at 08:17, Daniele Duca wrote:
> On 13/10/2018 19:51, Rupert Gallagher wrote:
>
>> "The message was marked as spam by the content filter."
>>
>> Nice... so they know they are sending spam!
>
> Who doesn't :)
>
> I mean, for a setup big enough
"The message was marked as spam by the content filter."
Nice... so they know they are sending spam!
Sent from ProtonMail Mobile
On Sat, Oct 13, 2018 at 11:40, Daniele Duca wrote:
> On 12/10/2018 23:12, Pedro David Marco wrote:
>
>>>On Friday, October 12, 2018,
I love outlook.com ...
Sent from ProtonMail Mobile
On Thu, Oct 11, 2018 at 22:30, Alex wrote:
> Hi,
>
> I'm curious what people think of this:
>
> https://pastebin.com/1XjwaCY1
>
> It's unsolicited, so that makes it spam to me, but is it dangerous?
> yesinsights.com appears to be a legitimate c
correctly.
The third reason is the Message-ID.
RG
On Fri, Oct 5, 2018 at 23:57, David Jones wrote:
> On 10/5/18 4:38 PM, Antony Stone wrote:
>> On Friday 05 October 2018 at 23:26:12, Rupert Gallagher wrote:
>>
>>>> https://pastebin.com/TRD7FzRQ
>>>>
>>>&
> https://pastebin.com/TRD7FzRQ
> I have a sample here
There are at least three reasons to reject that e-mail upfront, with no need to
parse its body.
This is a subject line:
Re: Habemus APP LG 😉
On Sat, Sep 1, 2018 at 14:15, Antony Stone
wrote:
> On Saturday 01 September 2018 at 14:09:52, Rupert Gallagher wrote:
>
>> On Sat, Sep 1, 2018 at 09:35, Pedro David Marco wrote:
>> >
>> >> On Saturday, September
Of course I do.
On Sat, Sep 1, 2018 at 09:35, Pedro David Marco wrote:
> Do you have any sample, Rupert?
>
>>On Saturday, September 1, 2018, 7:02:20 AM GMT+2, Rupert Gallagher
>> wrote:
>>
>>Do you have an SA rule for it?
Do you have an SA rule for it?
OK at a second glance I would say rejected upfront again, because its From
domain is NXDOMAIN.
On Wed, Jul 18, 2018 at 14:34, Daniele Duca wrote:
> On 18/07/2018 14:22, Rupert Gallagher wrote:
>
>> At first glance I would say rejected upfront, because the client
>> 180.25
At first glance I would say rejected upfront, because the client
180.252.178.204 does not have RDNS. No need for SA.
On Wed, Jul 18, 2018 at 02:00, Chip M. wrote:
> http://puffin.net/software/spam/samples/0058_extortion_numeric_domain.txt
A little survey on your local policies...
What do you do when a subject line is longer than 78 characters?
A. Reject
B. Accept as spam
C. Accept
On Wed, Jun 13, 2018 at 10:38, Matus UHLAR - fantomas wrote:
> MISSING_SUBJECT is here because when message has no Subject:, it is highly
> probably spam.
Right. Well, my new accountant, being an external company of 16 people, insists
in sending messages without a subject, "because we always d
On Fri, Jun 8, 2018 at 23:05, David Jones wrote:
> 2.2 MISSING_HEADERS Missing To: header
The fillowing is all one needs.
5.0 MISSING_HEADERS Missing To: header
Remember that e-mail is mail after all.
1 - 100 of 214 matches
Mail list logo
