Re: Cold emails are not considered spam?

ertainly artificial but not very intelligent :-) It is also worth noting that Bayesian spam filtering is conceptually related to what LLM "AI" tools do. They assemble texts word-by-word based on the likelihood of each one being next based on the preceding series of $bignum words. T

Re: Cold emails are not considered spam?

On 2025-05-09 at 13:10:21 UTC-0400 (Fri, 9 May 2025 13:10:21 -0400) Mark London is rumored to have said: Hi - Our site has recently been getting lots of "cold emails". You have my sympathy. I've read according to a Google search, they aren't considered "spam&

Re: Cold emails are not considered spam?

On 5/9/2025 13:10, Mark London wrote: > Hi - Our site has recently been getting lots of "cold emails". I've read > according to a Google search, they aren't considered "spam". And websites > provide instructions and templates for people, on how to send

Re: Cold emails are not considered spam?

On 5/9/2025 13:10, Mark London wrote: Hi - Our site has recently been getting lots of "cold emails". I've read according to a Google search, they aren't considered "spam". And websites provide instructions and templates for people, on how to send cold emails.  Or

Cold emails are not considered spam?

Hi - Our site has recently been getting lots of "cold emails". I've read according to a Google search, they aren't considered "spam".  And websites provide instructions and templates for people, on how to send cold emails.  Or there are web sites that prove a servi

Re: Can't figure out how to "aggregate" the spam training for aliased users

, and said "editor" address is valid not only for denninger.net, but also for a couple of other domains that I run a web property for on behalf of someone else. If someone spams that "editor" user Spamassassin will use its built-in rules -- but it does /not /honor the Bayesian cla

Re: Can't figure out how to "aggregate" the spam training for aliased users

ules -- but it does /not /honor the Bayesian classifier training that my account ("karl") has, and so if I put a spam that got through in "Junk" while the classifier will do its job if someone spams "k...@denninger.net" later with that same classified content /it w

Re: Can't figure out how to "aggregate" the spam training for aliased users

, and said "editor" address is valid not only for denninger.net, but also for a couple of other domains that I run a web property for on behalf of someone else. If someone spams that "editor" user Spamassassin will use its built-in rules -- but it does /not /honor the Bayesian cla

Can't figure out how to "aggregate" the spam training for aliased users

not only for denninger.net, but also for a couple of other domains that I run a web property for on behalf of someone else. If someone spams that "editor" user Spamassassin will use its built-in rules -- but it does /not /honor the Bayesian classifier training that my account (&qu

Re: Spam with broken URI (Zero-Width-Space Unicode characters)

ched the gzipped spam in the previous mail)

Re: French spam passed all SA tests with flying colors

gt; ce traitement à des fins de marketing. [...] I've received 2 of them with this DATAVENTURE GROUP text, and I got X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DMARC_PASS,HTML_MESSAGE, HTML_TAG_BALANCE_CENTER,SPF_HELO_PA

Re: Spam with broken URI (Zero-Width-Space Unicode characters)

On Fri, Mar 07, 2025 at 10:54:16AM +0100, Michel Arboi wrote: > This piece of HTML triggers my rules, it shouldn't: > Mar 7 02:37:14.474 [162580] dbg: uri: running uri_detail > _HFD_URI_HOSTNAME_NOT_RFC_COMP: > =3D"https://jbcorrie.co.uk/wp-content/uploads/2022/11/JB-Corrie-and-Co-Ltd-= Just t

Re: Spam with broken URI (Zero-Width-Space Unicode characters)

This piece of HTML triggers my rules, it shouldn't: Mobile: 01250 873989 https://www.jbcorrie.co.uk";>https://jbcorrie.co.uk/wp-content/uploads/2022/11/JB-Corrie-and-Co-Ltd-= Signal-Box-Road-Blaigowrie-Perthshire-PH10-6ER-01250-873989.jpg" width=3D"7= Mar 7 02:37:14.474 [162580] dbg: uri: r

Re: French spam passed all SA tests with flying colors

On Thu, 6 Mar 2025, Michel Arboi wrote: I guess I'll have to blacklist some URI domains, but if anybody finds a btter idea, I'll take it. Bayes should handle that - especially if you don't actually speak French... Note the GDPR pseudo legal text. This is utter BS of course, as this was not

French spam passed all SA tests with flying colors

I guess I'll have to blacklist some URI domains, but if anybody finds a btter idea, I'll take it. Note the GDPR pseudo legal text. This is utter BS of course, as this was not sent to a professional address. Ce message vous a été envoyé par DATAVENTURE GROUP dans le cadre de nos activités de prosp

Re: Spam body template with diacritics and variants

couple of years ago maybe? They were correctly identified as spam but I do not remember if the basic rules were very efficient. Maybe by the network tests or the Bayesian filtering and/or CRM114 -- these filters are also fed by my spamtrap addresses, this could be the reason for the detection. I a

Re: Spam body template with diacritics and variants

On Wed, 5 Mar 2025, Tom Hendrikx wrote: Hi, Just received a, what seems to be, incorrectly used template for generating mail bodies for bitcoin ripoffs. Interesting to see all the variants and diacritics used. Maybe we can improve some rules based on the variants. There are already a bunc

Spam body template with diacritics and variants

Hi, Just received a, what seems to be, incorrectly used template for generating mail bodies for bitcoin ripoffs. Interesting to see all the variants and diacritics used. Maybe we can improve some rules based on the variants. I never received anything like this, so sharing for the people inte

Googlegroups spam Re: MAILING_LIST_MULTI

general. Yes, Google is a net bad actor regarding spam. I personally treat them as a default spam source, so that mail from any part of their open sewer must have some affirmatively positive indicators to even be seen by SA. Obviously, I don't believe that such a policy fits SA or even the

Re: [External] [ZeroDay] Spam with broken URI (Zero-Width-Space Unicode characters)

Hi Michel, you can find more about the ruleset channel at https://mcgrail.com/template/kam.cf_channel Take a look at the rules with KAM_ZW at the beginning of them. Regards, KAM On 2/22/2025 1:24 PM, Michel Arboi wrote: Where is it? I found a couple of blog articles on zero width characters

Re: [External] [ZeroDay] Spam with broken URI (Zero-Width-Space Unicode characters)

On 2/22/2025 4:06 PM, Andrew C Aitchison wrote: Would it be worth including codes that control text direction, like "Trojan Source" - CVE-2021-42574 and CVE-2021-42694. I generally only look at things being actively used or predictably used in the wild.  If you aren't seeing it in spamples, I

Re: [External] [ZeroDay] Spam with broken URI (Zero-Width-Space Unicode characters)

On Sat, 22 Feb 2025, Michel Arboi wrote: On Sat, 22 Feb 2025 12:31:37 -0500 "Kevin A. McGrail" wrote: You might want to look at the KAM ruleset Interesting. KAM_REPLACE and KAM_OBFURL I suppose? and look at the ZW rules as well. -KAM Where is it? I found a couple of blog articles on ze

Re: [External] [ZeroDay] Spam with broken URI (Zero-Width-Space Unicode characters)

On Sat, 22 Feb 2025 12:31:37 -0500 "Kevin A. McGrail" wrote: > You might want to look at the KAM ruleset Interesting. KAM_REPLACE and KAM_OBFURL I suppose? > and look at the ZW rules as well. -KAM Where is it? I found a couple of blog articles on zero width characters used for obfuscation, b

Re: [External] [ZeroDay] Spam with broken URI (Zero-Width-Space Unicode characters)

You might want to look at the KAM ruleset and look at the ZW rules as well. -KAM On 2/21/2025 5:41 PM, Michel Arboi wrote: I received this phishing spam yesterday. That was not the first of this kind. (attached, w/o the image) I thought about this and wrote this uri-bad-unicode.cf Insert it

Spam with broken URI (Zero-Width-Space Unicode characters)

I received this phishing spam yesterday. That was not the first of this kind. (attached, w/o the image) I thought about this and wrote this uri-bad-unicode.cf Insert it in your local.cf or in /etc/spammassin, adjust the scores and restart spamd. Comments welcome. I am pretty sure there are

Re: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

rumored to have said: Hi Bill, so do you have another idea? Hi Stefan, No, I do not, aside from the implicit starting point: do not send spam. Make sure every recipient is an individual who has asked for your email and wants it, to the greatest degree possible. If you cannot do that, nothing anyone

Re: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

have another idea? Hi Stefan, No, I do not, aside from the implicit starting point: do not send spam. Make sure every recipient is an individual who has asked for your email and wants it, to the greatest degree possible. If you cannot do that, nothing anyone can tell you will fix your

Re: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

On 16/02/2025 01:07, Bill Cole wrote: On 2025-02-15 at 07:42:44 UTC-0500 (Sat, 15 Feb 2025 13:42:44 +0100) wissen.online | Stefan Mehlhorn is rumored to have said: Hi Bill, so do you have another idea? Hi Stefan, No, I do not, aside from the implicit starting point: do not send spam

Re: AW: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

Users Betreff: Re: Request for Whitelisting or Spam Score Adjustment for our TDL Domain On 2025-02-15 at 07:42:44 UTC-0500 (Sat, 15 Feb 2025 13:42:44 +0100) wissen.online | Stefan Mehlhorn is rumored to have said: Hi Bill, so do you have another idea? Hi Stefan, No, I do not, aside from the imp

AW: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

Whitelisting or Spam Score Adjustment for our TDL Domain On 2025-02-15 at 07:42:44 UTC-0500 (Sat, 15 Feb 2025 13:42:44 +0100) wissen.online | Stefan Mehlhorn is rumored to have said: > Hi Bill, > > so do you have another idea? Hi Stefan, No, I do not, aside from the implicit starting poin

Re: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

On 2025-02-15 at 07:42:44 UTC-0500 (Sat, 15 Feb 2025 13:42:44 +0100) wissen.online | Stefan Mehlhorn is rumored to have said: Hi Bill, so do you have another idea? Hi Stefan, No, I do not, aside from the implicit starting point: do not send spam. Make sure every recipient is an individual

Re: off topic, Request for Whitelisting or Spam Score Adjustment for our TDL Domain

On Fri, 14 Feb 2025 10:59:11 +0100, Marc wrote: > > > > > Actually, if you look at ICANN's finances, they're retrenching because > > the new TLDs have mostly been a failure. There's a huge one-time pot > > of unexpected money from domain auctions, but they've promised to give > > it away. Other

Re: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

On 2025-02-13 12:49:31 -0500, John Levine wrote: > It appears that wissen.online | Stefan Mehlhorn said: > >Are there any specific configurations or adjustments we can make to lower > >the high spam score of our emails? > > > >Or can you put us on one of your global whi

RE: off topic, Request for Whitelisting or Spam Score Adjustment for our TDL Domain

> > Actually, if you look at ICANN's finances, they're retrenching because > the new TLDs have mostly been a failure. There's a huge one-time pot > of unexpected money from domain auctions, but they've promised to give > it away. Other than that, it's been at best meh, and over 100 of the > vanity

Re: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

wissen.online | Stefan Mehlhorn skrev den 2025-02-13 18:22: Dear SpamAssassin Support Team, https://matrix.spfbl.net/212.83.50.80 non-compliance domain. i never will pay $2 for resolving this, same reason i dont use it in spamassassin anymore sorry that i did miss that you had spf pass fr

Re: off topic, Request for Whitelisting or Spam Score Adjustment for our TDL Domain

It appears that John Hardin said: >> PS: If this leads to questions like "what exactly was the point of the >> thousand new TLDs?" >> you're not the only one asking. > >ICANN monetizing their product. Period. Actually, if you look at ICANN's finances, they're retrenching because the new TLDs hav

Re: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

On 2025-02-13 at 12:49:31 UTC-0500 (13 Feb 2025 12:49:31 -0500) John Levine is rumored to have said: [...] I'm guessing that wissen.online is the same company as wissenonline.de. It's pretty clear from the 2 websites that they are entirely different. "Wissen" is German for "knowledge" so I

Re: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

e OPs own mail server (mail.wissen.online) and it was clearly a normal authenticated mail SUBMISSION, for which no sanely-run system would reject his mail. SA would not look at that handoff in any way and neither should any spam filter. fun part is that abusic whitelist pbl ips, just in ca

Re: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

On Thu, 13 Feb 2025 18:22:44 +0100, "wissen.online | Stefan Mehlhorn" wrote: > > How can we lower our spam score due to your negative rating of our top-level > domain? > You may add your MX to https://www.dnswl.org/ and also add DMARC record like "v=DMARC1; p=none; sp

Re: AW: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

On 13/02/2025 20:16, Richard Doyle wrote: On 2/13/25 10:25 AM, Benny Pedersen wrote: wissen.online | Stefan Mehlhorn skrev den 2025-02-13 19:02: Hi Benny, Hi Levine, tnx! Wissen.online it also the name of our company ... so we need .online and not wissenonline.de (ist another company) stop

Re: AW: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

On 2/13/25 10:25 AM, Benny Pedersen wrote: > wissen.online | Stefan Mehlhorn skrev den 2025-02-13 19:02: >> Hi Benny, Hi Levine, >> >> tnx! Wissen.online it also the name of our company ... so we need .online >> and not wissenonline.de (ist another company) >> >>> stop using send emails from pbl li

Re: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

being flagged as spam by SpamAssassin. Prove it. Provide *evidence* in the form of explicit log entries or bounces specifically citing SA AND a user affirming that they wanted the involved email. Scans by garbage websites (e.g. mail-tester.com) which lie about SpamAssassin are not evidence

Re: AW: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

On Thu, 13 Feb 2025, wissen.online | Stefan Mehlhorn wrote: But, the fact and problem is this : PDS_OTHER_BAD_TLD=1.999 and with website in our signatur on top: FROM_SUSPICIOUS_NTLD_FP=1.999 We probably need to resolve the overlap, but you're not going to avoid getting *some* reputational d

Re: AW: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

wissen.online | Stefan Mehlhorn skrev den 2025-02-13 19:02: Hi Benny, Hi Levine, tnx! Wissen.online it also the name of our company ... so we need .online and not wissenonline.de (ist another company) stop using send emails from pbl listed ips eq dynamic ips Yes we change it next days doing

Re: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

On Thu, 13 Feb 2025, John Levine wrote: It appears that wissen.online | Stefan Mehlhorn said: Are there any specific configurations or adjustments we can make to lower the high spam score of our emails? Or can you put us on one of your global whitelists for trusted .online domains? I doubt

Re: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

John Levine skrev den 2025-02-13 18:49: I'm guessing that wissen.online is the same company as wissenonline.de. That domain should work fine. de tld will fail on pbl listed ip aswell imho :=) oh never mind

AW: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

eff: Re: Request for Whitelisting or Spam Score Adjustment for our TDL Domain wissen.online | Stefan Mehlhorn skrev den 2025-02-13 18:22: > Are there any specific configurations or adjustments we can make to > lower the high spam score of our emails? https://multirbl.valli.org/lookup/90.186.6

Re: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

wissen.online | Stefan Mehlhorn skrev den 2025-02-13 18:22: Are there any specific configurations or adjustments we can make to lower the high spam score of our emails? https://multirbl.valli.org/lookup/90.186.69.50.html avoid using online tld X-Spam-Status No, score=1.375 tagged_above=-999

Re: Request for Whitelisting or Spam Score Adjustment for our TDL Domain

It appears that wissen.online | Stefan Mehlhorn said: >Are there any specific configurations or adjustments we can make to lower >the high spam score of our emails? > >Or can you put us on one of your global whitelists for trusted .online >domains? I doubt there is such a thing.

Request for Whitelisting or Spam Score Adjustment for our TDL Domain

Dear SpamAssassin Support Team, We are a software company that provides an HR tool and we are experiencing significant problems because our emails are constantly being flagged as spam by SpamAssassin. This is a critical issue for our company as it affects our communication with customers. We

Re: [External] Patterns for list broker spam?

hn Levine wrote: >> Every day I get a bunch of spam from fake list brokers, invariably from >> throwaway Gmail or Outlook >> accounts. >> >> The text in them seems fairly consistent. Anyone have patterns to catch >> them? They're quite annoying >> s

RE: Patterns for list broker spam?

On Fri, 17 Jan 2025, Marc wrote: Every day I get a bunch of spam from fake list brokers, invariably from throwaway Gmail or Outlook accounts. What is helping me a lot is when the message has a softfail spf state and an envelope with @outlook.com / @gmail.com I override the ~all and treat

Re: [External] Patterns for list broker spam?

John, Are you using the KAM ruleset?  We have several list/data broker rules and list them in the RBL quite regularly Regards, KAM On 1/17/2025 1:58 PM, John Levine wrote: Every day I get a bunch of spam from fake list brokers, invariably from throwaway Gmail or Outlook accounts. The text

RE: Patterns for list broker spam?

> Every day I get a bunch of spam from fake list brokers, invariably from > throwaway Gmail or Outlook > accounts. What is helping me a lot is when the message has a softfail spf state and an envelope with @outlook.com / @gmail.com I override the ~all and treat is as -all Maybe chec

Patterns for list broker spam?

Every day I get a bunch of spam from fake list brokers, invariably from throwaway Gmail or Outlook accounts. The text in them seems fairly consistent. Anyone have patterns to catch them? They're quite annoying since they're hard to separate from the legit mail we get from giant mai

Re: Strategy for collecting spam to feed Bayes?

On 2025-01-13 at 03:12:25 UTC-0500 (Mon, 13 Jan 2025 02:12:25 -0600 (CST)) Dave Funk is rumored to have said: It's also possible for the messages to differ by things such as network routing headers, better to feed it all to bayes and let it get parsed/scored. That's an important fact. One o

Re: Strategy for collecting spam to feed Bayes?

On 2025-01-13 at 01:51:17 UTC-0500 (Mon, 13 Jan 2025 08:51:17 +0200) Anders Gustafsson is rumored to have said: Hi! When collecting spam I frequently see multiple copies of the same message, but with different fake senders. In this case, should I feed just one or all to Bayes? All. Also

Sv: Re: Strategy for collecting spam to feed Bayes?

Thanks! -- Regards, Anders >>> Dave Funk 2025-01-13 10:12 >>> On Mon, 13 Jan 2025, Anders Gustafsson wrote:

Re: Strategy for collecting spam to feed Bayes?

On Mon, 13 Jan 2025, Anders Gustafsson wrote: Hi! When collecting spam I frequently see multiple copies of the same message, but with different fake senders. In this case, should I feed just one or all to Bayes? Yes, feed all copies of verfied spam to Bayes. As it is a weighted score per

Strategy for collecting spam to feed Bayes?

Hi! When collecting spam I frequently see multiple copies of the same message, but with different fake senders. In this case, should I feed just one or all to Bayes? Also: Is there a point in feeding such spam that is already flagged by other rules than Bayes and if so, should I remove the

Re: opt-out spam

On 2024-12-22 at 10:44:39 UTC-0500 (Sun, 22 Dec 2024 10:44:39 -0500) Alex is rumored to have said: > Hi, > I have collected a bunch of "opt-out" junk at the bottom of emails similar > to this one: > > Not your thing? Just reply 'no tnx' to opt-out :) > > Is it worthwhile to try and create a meta

opt-out spam

Hi, I have collected a bunch of "opt-out" junk at the bottom of emails similar to this one: Not your thing? Just reply 'no tnx' to opt-out :) Is it worthwhile to try and create a meta using these, or perhaps even a fuzzy rule that matches on 'no tnx' or "leave", etc, in combination with opt-out a

Re: Patch to improve detection of offering SEO spam

x27;d like to share with you a patch which allows me to catch an offering SEO spam which I've encountered in my INBOX quite a few missed for last weeks. Changes: 1. adds .xyz as suspicious zone because namecheap sells this domain for ~€1; That's not (in itself) enough for use t

Re: Patch to improve detection of offering SEO spam

On Sat, 14 Dec 2024, Bill Cole wrote: On 2024-12-13 at 06:53:59 UTC-0500 (Fri, 13 Dec 2024 12:53:59 +0100) Kirill A. Korinsky is rumored to have said: Dear SA users, I'd like to share with you a patch which allows me to catch an offering SEO spam which I've encountered in my I

Re: Patch to improve detection of offering SEO spam

On 2024-12-13 at 06:53:59 UTC-0500 (Fri, 13 Dec 2024 12:53:59 +0100) Kirill A. Korinsky is rumored to have said: Dear SA users, I'd like to share with you a patch which allows me to catch an offering SEO spam which I've encountered in my INBOX quite a few missed for last weeks.

Re: Patch to improve detection of offering SEO spam

On Fri, 13 Dec 2024, Kirill A. Korinsky wrote: Dear SA users, I'd like to share with you a patch which allows me to catch an offering SEO spam which I've encountered in my INBOX quite a few missed for last weeks. Changes: 1. adds .xyz as suspicious zone because namecheap sells this

Patch to improve detection of offering SEO spam

Dear SA users, I'd like to share with you a patch which allows me to catch an offering SEO spam which I've encountered in my INBOX quite a few missed for last weeks. Changes: 1. adds .xyz as suspicious zone because namecheap sells this domain for ~€1; 2. extends PDS_SEO2 regex to catch

Re: moderately personalized spam sneaking past my SA. general approaches to fix it?

On Thu, 21 Nov 2024, pgnd wrote: I'm focused atm on using available rules -- out-of-the-box and KAM. IF the answer is that the only way to cope with this is WITH Bayes, then that's a learning too. Well, I'm not sure out-of-the-box rules will help otherwise they'd already be helping. :) You

Re: moderately personalized spam sneaking past my SA. general approaches to fix it?

On Thu, Nov 21, 2024 at 12:42:58PM -0500, pgnd wrote: > , sneaking past my SA protections. Whether to call it snowshoe, I dunno :-/ > But my usually well fed Bayes isn't getting noticeably better with 'em. > https://gist.github.com/pgnd/5ab934d921939f4c62a4c978a30b9e6f Are you even runnin

Re: moderately personalized spam sneaking past my SA. general approaches to fix it?

my SA protections.  Whether to call it snowshoe, I dunno :-/  But my usually well fed Bayes isn't getting noticeably better with 'em. There's a modicum of badly-done personalization attempted in them.  It's usually laughably obvious spam to the eye. I'd like to make i

Re: bounce spam

ze: On 12.11.24 13:05, natan wrote: What methods do you have to fight with bounce spam? Last time i get some spam v320.pre:loadplugin Mail::SpamAssassin::Plugin::VBounce local.cf:welcomelist_bounce_relays  fantomas.fantomas.sk local.cf:score  BOUNCE_MESSAGE  1 and of course training. Return

Re: bounce spam

On 12.11.24 13:05, natan wrote: What methods do you have to fight with bounce spam? Last time i get some spam v320.pre:loadplugin Mail::SpamAssassin::Plugin::VBounce local.cf:welcomelist_bounce_relays fantomas.fantomas.sk local.cf:score BOUNCE_MESSAGE 1 and of course training. Return

bounce spam

Hi What methods do you have to fight with bounce spam? Last time i get some spam Return-Path: <> Delivered-To: bi...@domain.ltd Received: from MX ([xx.xx.xx.5]) by dovecot3.local with LMTP id aMFYFA8ALWcUjQAApYCB1g:P1 (envelope-from <>) for ; Thu, 07 Nov 2024 18:59:43 +0100 Re

Multiple SpamAssassins: how many X-Spam-Status header fields?

Hi, An email travelling through multiple MTAs at different institutions arrives with the earlier SpamAssassin X-Spam-... header fields intact, including X-Spam-Status, but a later check adds X-Spam-... fields except for X-Spam-Status. The later institution say this is because only one X-Spam

Re: Multiple SpamAssassins: how many X-Spam-Status header fields?

On 2024-10-25 at 13:19:58 UTC-0400 (Fri, 25 Oct 2024 18:19:58 +0100) Ralph Corderoy is rumored to have said: > Hi, > > An email travelling through multiple MTAs at different institutions > arrives with the earlier SpamAssassin X-Spam-... header fields intact, > including X-Spa

Re: SPAM-DETECTOR Re: Tips on training bayes?

ain and set up. I had good trained DB from past V3 install, and it behaved really odd. I trained it on new set of mails 3000 spam and 3000 ham (HAND PICKED mail it was PAIN) and I cant get either BAYES_00 or BAYES_99 :) I mean I get them occasionally, but not even close to what it was in

Re: Finance spam

> this whole range of 185.3.229.x is on my dns blacklist and everything on > that is either rejected or marked. I can only suggest doing something > similar ;) > Very helpful. Thanks for sharing. > RCVD_IN_HOSTKARMA_W=-2.5 > change to -0.1 That does seem to be a bit heavy-handed. > and lastly i

Re: Finance spam

Alex skrev den 2024-07-16 15:00: Hi all, Does anyone have any further ideas on how to block "approved for funding" spam? https://pastebin.com/2rKiAEpt This one is another namecheap domain registered from Reykjavik. I can create body rules, but the language is very much in line with

RE: Finance spam

urther ideas on how to block "approved for funding" > spam? > https://pastebin.com/2rKiAEpt > > > This one is another namecheap domain registered from Reykjavik. I can > create body rules, but the language is very much in line with legitimate > lending companies. I'

Finance spam

Hi all, Does anyone have any further ideas on how to block "approved for funding" spam? https://pastebin.com/2rKiAEpt This one is another namecheap domain registered from Reykjavik. I can create body rules, but the language is very much in line with legitimate lending companies. I

Re: How to report SPAM?

They do if you're offering mail service to a large number of users. They login to a phished mailbox, send new phishingmails to that mailbox and check the headers if they can see which rules are hit. Then they adapt the phishingmail to get a lower score until they are below the spam thre

Re: How to report SPAM?

On 27.05.24 23:10, Thomas Barth via users wrote: for months I have been waiting for the type of SPAM I receive to be captured by the DNS block lists. But nothing is happening. I have long since fed Spamassassin with these SPAMs. What else can I do? I have even activated HOSTKARMA-black/brown

RE: How to report SPAM?

> for months I have been waiting for the type of SPAM I receive to be > captured by the DNS block lists. But nothing is happening. I have long > since fed Spamassassin with these SPAMs. What else can I do? put your spam score lower? I don't think you will get many false positives

Fwd: Re: Rule: "1.0 R_DCD 90% of .com. is spam"

oh dear, when do he stop ? Original besked Emne: Re: Rule: "1.0 R_DCD 90% of .com. is spam" Dato: 2024-05-10 20:17 Afsender: "Reindl Harald (gmail)" Modtager: Benny Pedersen Am 10.05.24 um 20:14 schrieb Benny Pedersen: Matus UHLAR - fantomas skrev den 2

Re: Rule: "1.0 R_DCD 90% of .com. is spam"

rule comes from, DCD may actually mean dot-com-dot, and perhaps it is true that they are mostly spam. where is the rule stored? what file? On May 10, 2024, 17:18, Rupert Gallagher wrote: I only have stock and KAM, and it is definitely not a custom rule of mine. grep -r '\.com./'

Re: Rule: "1.0 R_DCD 90% of .com. is spam"

On 2024-05-10 at 11:08:53 UTC-0400 (Fri, 10 May 2024 15:08:53 +) Rupert Gallagher is rumored to have said: > R_DCD That string does not occur anywhere in the SpamAssassin distribution, neither in the code nor in the rules, *including* the rules that are not currently performing well enough

Re: Rule: "1.0 R_DCD 90% of .com. is spam"

, and perhaps it is true that they are mostly spam. where is the rule stored? what file? On May 10, 2024, 17:18, Rupert Gallagher wrote: I only have stock and KAM, and it is definitely not a custom rule of mine. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I

Re: Rule: "1.0 R_DCD 90% of .com. is spam"

mostly spam. Original Message On May 10, 2024, 17:18, Rupert Gallagher wrote: > I only have stock and KAM, and it is definitely not a custom rule of mine. > > Original Message > On May 10, 2024, 17:11, Matus UHLAR - fantomas wrote: > >> On 1

Re: Rule: "1.0 R_DCD 90% of .com. is spam"

I only have stock and KAM, and it is definitely not a custom rule of mine. Original Message On May 10, 2024, 17:11, Matus UHLAR - fantomas wrote: > On 10.05.24 15:08, Rupert Gallagher wrote: >My local evidence does not > support the general claim that 90% of .com is s

Re: Rule: "1.0 R_DCD 90% of .com. is spam"

On 10.05.24 15:08, Rupert Gallagher wrote: My local evidence does not support the general claim that 90% of .com is spam. I just received a mail from informat...@info.email.ikea.com marked as spam, with positive R_DCD. The rule did not trigger on mail from other .com addresses. I do not know

Rule: "1.0 R_DCD 90% of .com. is spam"

My local evidence does not support the general claim that 90% of .com is spam. I just received a mail from informat...@info.email.ikea.com marked as spam, with positive R_DCD. The rule did not trigger on mail from other .com addresses. I do not know what R_DCD means, and search indexes do not

Re: How to get the X-Spam-Flag

On Fri, May 03, 2024 at 08:22:09PM +0200, tba...@txbweb.de wrote: > when a send a test spam message to my server it recognizes it as spam and > puts it into /var/lib/amavis/virusmails as a gz file. In this file I can > find the complete X-Spam-Header, etc: > > But this header is

How to get the X-Spam-Flag

System (fresh installation): Debian 12,5, Postfix, Dovecot, Amavis (Clamav, Spamassassin) Hello, when a send a test spam message to my server it recognizes it as spam and puts it into /var/lib/amavis/virusmails as a gz file. In this file I can find the complete X-Spam-Header, etc: X

Re: How to find why a mail is SPAM DROPPED ?

Pierluigi Frullani skrev den 2024-04-18 20:23: It was simscan, that is compiled with enable-drop. with is fine The problem was a bad expression in blacklist_from section in local.cf [1] this is spam, not virus Sorry for the noise. if you like to reject all / drop all, why not pants

Re: How to find why a mail is SPAM DROPPED ?

Pierluigi Frullani skrev den 2024-04-18 19:52: So could it be simscan ? super you wake up :) configure it to pass spam, and reject virus simscan is very old, btw

Re: How to find why a mail is SPAM DROPPED ?

Pierluigi Frullani skrev den 2024-04-18 19:44: I'm really fighting with spamassasin as one ( legit ) mail get spam dropped with a 99.90 value, also if I have put, in local.cf [1] a required hit of 100. why is 100 required score ? spamassassin does only tag, it does not drop The ma

Re: How to find why a mail is SPAM DROPPED ?

t.net>> ha scritto: > > > > > > > > Am 18.04.24 um 19:44 schrieb Pierluigi Frullani: > > > Hello all, > > > I'm really fighting with spamassasin as one ( legit ) mail get > > spam > > > dropped with a 99.90 value,

Re: How to find why a mail is SPAM DROPPED ?

> I'm really fighting with spamassasin as one ( legit ) mail get spam > > dropped with a 99.90 value, also if I have put, in local.cf > > <http://local.cf> a required hit of 100. > > The mail is sent from a legit gmail account ( my daughter ) to me and > > contains

How to find why a mail is SPAM DROPPED ?

Hello all, I'm really fighting with spamassasin as one ( legit ) mail get spam dropped with a 99.90 value, also if I have put, in local.cf a required hit of 100. The mail is sent from a legit gmail account ( my daughter ) to me and contains some amazon links for stuff to buy. I have dis

Re: problems with Plugin::ASN and spam

RA_FLAGS="-e onholyground.com -u defang -m -r 15 -i 127.0.0.1 -g sa-milt >>> -- --max-size=512 >>> --dest=sa0.int.ohgnetworks.com,sa1.int.ohgnetworks.com —randomize" >> Found it, even with the -m, spamass-milter only replaces a hardcoded set of X-Spam-* headers

  1   2   3   4   5   6   7   8   9   10   >