Hello, we've had a false positive reported for those headers:
Return-Path: <...@northernnetworking.co.uk>
X-Spam-Flag: YES
X-Spam-Score: 3.679
X-Spam-Level: ***
X-Spam-Status: Yes, score=3.679 tagged_above=0 required=3.1
tests=[BAYES_00=-3.599, DYN_RDNS_AND_INLINE_IMAGE=1.168,
FH_HELO_EQ_D_D_D_D=3.177, HELO_DYNAMIC_IPADDR=1.951,
HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.982, SPF_PASS=-0.001] autolearn=no
[...]
Received: from lvps92-60-123-131.vps.webfusion.co.uk
(lvps92-60-123-131.vps.webfusion.co.uk [92.60.123.131])
[...]
Without BAYES, that email would have been discarded on the sole
base that it is coming from a server whose hostname (both PTR
record and HELO hostname) looks like a dynamic one.
That IP address is the MX and SPF for northernnetworking.co.uk
(and also the MX for a number of other domains as seen at
http://www.reversemx.com/mxip/92.60.123.131/), all genuine
AFAICT.
AFAICT, "vps" stands for "virtual private server" at the
webfusion hosting company, the IP address is not dynamic.
But even if it were, wouldn't that score be a bit excessive?
Aren't FH_HELO_EQ_D_D_D_D and HELO_DYNAMIC_IPADDR
redundant/overlapping?
--
Stephane
