Alex wrote:
I recently had an account activation email blocked due
to AC_FROM_MANY_DOTS in the From address:
From: VitalSource <do.not.re...@vitalsource.com
<mailto:do.not.re...@vitalsource.com>>
It also hit KAM_SENDGRID and BAYES_50 and KAM_MARKETINGBL_PCCC,
pushing it over to spam.
* 1.5 KAM_SENDGRID Sendgrid being exploited by scammers
* 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
* 0.2 KAM_MARKETINGBL_PCCC Message contains URI associated with
in addition to a few smaller rules, like KAM_DMARC_NONE.
Does it sound reasonable to add 3 points plus another 1.5 simply for
having been sent by sendgrid? How do we offset those points? Do we
just rely on bayes/txrep?
I think my bayes db is pretty well-trained, but there's also a lot
of account activation fraud emails.
On 16.11.23 10:29, Kris Deugau wrote:
Third party rule sets always need evaluation for your local mail flow.
Just FYI:
AC_FROM_MANY_DOTS stock SA rule and has score 3 as OP complained:
score AC_FROM_MANY_DOTS 2.999 2.999 2.999 2.999
from this point of view KAM rules are a bit safer:
score KAM_MARKETINGBL_PCCC 1.0
score KAM_SENDGRID 1.50
And you can always override scores in a third party channel with a
local channel loaded after any others, or in a .cf in your local
configuration directory.
the same applies to stock SA rules FYI.
I looked at the KAM rules and decided that using them as-is was a
nonstarter. However, using selected rule groups, at a reduced score,
for spam I've had a hard time writing my own rules, has worked quite
well. (Up until the spammers started just dropping their fake invoice
content into an attached image - or PDF.)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #99999: Out of error messages.
