Alex wrote:
Hi,
I had an obit email very unfortunately get tagged as spam for what
appears to be the result of a few DKIMWL rules and MSGID_BELONGS_RECIPIENT.
* 1.0 DKIMWL_BULKMAILER_LOW ASKDNS: DKIMwl.org - Low scoring bulkmailer
* [tbias-com.20230601.gappssmtp.com.lookup.dkimwl.org
<http://tbias-com.20230601.gappssmtp.com.lookup.dkimwl.org> A:127.0.2.1]
Not a stock rule.
* 1.5 DKIMWL_BL ASKDNS: DKIMwl.org - Low trust sender
* [tbias-com.20230601.gappssmtp.com.lookup.dkimwl.org
<http://tbias-com.20230601.gappssmtp.com.lookup.dkimwl.org> A:127.0.2.1]
The lookup result looks to have shifted somewhat from "low" to "low-med":
$ host tbias-com.20230601.gappssmtp.com.lookup.dkimwl.org
tbias-com.20230601.gappssmtp.com.lookup.dkimwl.org has address 127.0.2.2
however it looks likely you've redefined the rule, so it's not behaving
as per stock or per DKIMwl.org's usage guidelines: http://dkimwl.org/usage.
The stock version of this rule should only match results ending in .0.
* 1.0 MSGID_BELONGS_RECIPIENT Message-ID domain belongs to recipient
Also not a stock rule. It's difficult to tell with the redactions in
the pastebin, but it also appears to be misfiring. You'll have to post
unredacted headers along with the rule details for specific help.
How reliable are the DKIMWL_ rules? They seem to hit a lot of ham,
That's the intention. They're to help otherwise legitimate senders that
may send spammier content still get through.
I've scored them to an advisory -0.001 locally, as I had a few too many
cases of outright abuse of an otherwise fairly clean platform to send
scams. It's been easier to deal with the resulting occasional false
positive one at a time instead.
-kgd
