On 2025-02-13 at 12:22:44 UTC-0500 (Thu, 13 Feb 2025 18:22:44 +0100)
wissen.online | Stefan Mehlhorn <mehlhorn@wissen.online>
is rumored to have said:
Dear SpamAssassin Support Team,
We are a software company that provides an HR tool and we are
experiencing
significant problems because our emails are constantly being flagged
as spam
by SpamAssassin.
Prove it.
Provide *evidence* in the form of explicit log entries or bounces
specifically citing SA AND a user affirming that they wanted the
involved email.
Scans by garbage websites (e.g. mail-tester.com) which lie about
SpamAssassin are not evidence.
Rejections by giant email providers (GMX, Yahoo, GMail, MS365, etc.) are
NOT evidence, as to the best of our knowledge they don't use SA.
This is a critical issue for our company as it affects our
communication with customers. We use the TDL https://wissen.online
If sending email is part of your business plan, using a *.online domain
is ill-advised, and always has been, because the earliest owners of such
domains sent almost exclusively spam in large volume, and to this day
the overwhelming majoprity of mail in which .online domains are seen are
spam.
How can we lower our spam score due to your negative rating of our
top-level
domain?
I don't expect the well-earned negative reputation of .online domains
changing any time soon. I set up a test rule some years ago when the
first challenge to its listing was made in a bug report. To this day, it
shows that the sites who contribute to our rule QA system see no
legitimate .online mail:
https://ruleqa.spamassassin.org/20250212-r1923752-n/T_SCC_TLD_ONLINE/detail
FROM_SUSPICIOUS_NTLD=0.499,
FROM_SUSPICIOUS_NTLD_FP=1.999,
PDS_OTHER_BAD_TLD=1.999,
Adding up to 4.497. This is NOT enough to cause a standard SA
installation to reject a message.
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
Both of which have tiny negative (not-spam) scores because SPF is not a
great discriminator. Professional spammers actually get SPF right more
often than the average legit sender.
Are there any specific configurations or adjustments we can make to
lower
the high spam score of our emails?
Compose your email to be less spam-like.
Using plain text for email helps. If you must use HTML, use the simplest
possible HTML, make it perfectly formally correct, and don't reference
any remote resources (e.g. in IMG SRC or IFRAME tags)
Also: don't use any .online (or other low-reputation) URIs.
Or can you put us on one of your global whitelists for trusted .online
domains?
Not without real evidence of SA causing rejections and would-be
recipients asking for relief.
Is there a way to add our domain to a global list of trusted .online
domains
to prevent unnecessary spam classification?
There is no such thing as a global list of trusted domains anywhere.
We do have a list of "default welcomelist" domains that SA will give a
substantial negative (i.e. non-spam) score. Those are domains that we
believe to send only non-spam mail and use strong authentication
(ideally DKIM) on aqll of their email. To get on that list a domain has
to send enough mail that *recipients* notice their mail being blocked
*BY SA* and they ask for relief.
What can we do?
Take greater care when selecting a domain name.
Note that we do have a test rule that I set up a few years ago
specifically to address a bug report citing inclusion of .online in our
lists of high-spam gTLDs, and to this day it has consistently shown 100%
spam hitting the rule in our Rule QA system:
https://ruleqa.spamassassin.org/20250213-r1923772-n/T_SCC_TLD_ONLINE
That testing is based on the submissions of mass-scanning results by
some of our users. Looking back through recent days I can find exactly 0
cases of "ham" hitting that rule.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
