On 4/28/10 4:47 PM, Kris Deugau wrote:
Michael Scheidell wrote:
On 4/28/10 3:13 PM, Kris Deugau wrote:
0.0 TO_EQ_FM_HTML_ONLY To == From and HTML only
0.0 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.7 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX
so. its also obviously bulk email.
I don't know how these rules positively identify a message as "bulk".
Taking them at face value, they certainly represent "not following
best-practices".
sorry, usually if the to and from are the same, its bulk. looks like the
regex's are in need of tweaking.
the best way to do this is to open a bug on SA's bugzilla. that way
they can track it, vote on it, and will know when its fixed.
Now, if ING direct cared about about such things as SPF (yes, SPF is
broken) but in this case you would whitelist_from_spf @ingdirect.com in
local.cf and not worry about forgeries slipping through.
the to/from AND, HTML is because its only html, and 'direct to mx' means
that you probaly did not see a second received header in the email. (so
it was machine generated)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
