On Fri, Jul 12, 2002 at 12:04:11PM -0700, Marsha Hanchrow wrote: | A few more examples of tests that should be fine tuned or looked at | suspiciously: | | This is (part of) a completely legitimate note, from someone who couldn't | forge a "received" header if her life depended on it. I've received a | number of legitimate notes that tripped the "RCVD_IN_OSIRUSOFT_COM" test, | so I'm starting to think that one is scored dangerously high.
Check out relays.osirusoft.com and see what they're about. It means
the message passed through a server that is an open relay, or a
confirmed spam source (or something along those lines). Everyone
knows that the RBLs aren't perfect, and the amount of collateral
damage varies from list to list and from time to time. That's why it
is part of a score-based system.
The forged yahoo received really means that the From: header has an
@yahoo.com address, but the message didn't come through a yahoo
server. Spammers tend to forge yahoo/hotmail/msn/aol addresses a lot.
Users of those services tend to use those services, and thus their
legit mail will have passed through their server.
The scores for those tests are terribly high either, your friend just
triggered 3 of them. (it's easy enough not to hit the SUPERLONG_LINE
test too, and is better for all involved when mail messages are
properly wrapped)
-D
--
A wise servant will rule over a disgraceful son,
and will share the inheritance as one of the brothers.
Proverbs 17:2
http://dman.ddts.net/~dman/
msg07353/pgp00000.pgp
Description: PGP signature
