On Fri, Jul 12, 2002 at 12:04:11PM -0700, Marsha Hanchrow wrote: | A few more examples of tests that should be fine tuned or looked at | suspiciously: | | This is (part of) a completely legitimate note, from someone who couldn't | forge a "received" header if her life depended on it. I've received a | number of legitimate notes that tripped the "RCVD_IN_OSIRUSOFT_COM" test, | so I'm starting to think that one is scored dangerously high.
Check out relays.osirusoft.com and see what they're about. It means the message passed through a server that is an open relay, or a confirmed spam source (or something along those lines). Everyone knows that the RBLs aren't perfect, and the amount of collateral damage varies from list to list and from time to time. That's why it is part of a score-based system. The forged yahoo received really means that the From: header has an @yahoo.com address, but the message didn't come through a yahoo server. Spammers tend to forge yahoo/hotmail/msn/aol addresses a lot. Users of those services tend to use those services, and thus their legit mail will have passed through their server. The scores for those tests are terribly high either, your friend just triggered 3 of them. (it's easy enough not to hit the SUPERLONG_LINE test too, and is better for all involved when mail messages are properly wrapped) -D -- A wise servant will rule over a disgraceful son, and will share the inheritance as one of the brothers. Proverbs 17:2 http://dman.ddts.net/~dman/
msg07353/pgp00000.pgp
Description: PGP signature