On 16.12.22 15:18, Alex wrote:
This GoDaddy/M365 quarantined email passes SPF, but despite now adding it
to my welcomelist, it is still marked as spam.
https://pastebin.com/VpPmgGN4
On 19.12.22 09:54, Matus UHLAR - fantomas wrote:
* 6.0 KAM_ZWNJ Use of null characters indicates a goal to elude scanners
try finding out why this matches:
meta KAM_ZWNJ (__KAM_ZWNJ1 + (__KAM_ZWNJ2 >= 16) >= 2)
body __KAM_ZWNJ2 /(?:\x9D|\xe2\x80\x8c)/
score KAM_ZWNJ 6.0
I haven't found anything about 9D character, but the other:
https://www.utf8-chartable.de/unicode-utf8-table.pl?start=8192&number=128
U+200C e2 80 8c ZERO WIDTH NON-JOINER
Only when I create a welcomelist_from_rcvd does it get delivered.
what exactly did you add to your welcomelist that did not work?
The sender's SPF record includes the sending IP (40.107.96.128) in the
secureserver.net entry, and SPF_PASS is hit.
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
There's also a FP on KAM_ZWNJ, or at the least is not a malicious email
intended to elude anything.
Can someone help me understand what's happening here?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse
