Hi, On Sun, Apr 30, 2017 at 3:25 PM, Martin Gregorie <mar...@gregorie.org> wrote: > On Sun, 2017-04-30 at 14:42 -0400, Alex wrote: >> It sounds like you're saying you're adding points to bounce emails >> that don't originate from email sent by your system? >> > Correct, or more specifically this is intended to catch spam spoofing > my domain as sender and rejected by its destination. > > Of course there are still domains out there that don't look at SPF, so > they don't realise they're bouncing spam. I also have a suspicion that > at least some spammers have deliberately sent spoofed bounce reports as > a way past SA and friends.
I'm talking about legitimate, non-spam mail sent by users on our systems with valid accounts having their bounces being tagged as spam. > I was receiving a lot of bounces where the bounced message was obvious > spam and which had not been sent from here but where the bounce wrapper > was either genuine or a very good fake. > > In any case, regardless of whether I get bounced spam containing my > domain as forged sender or whether the whole bounce message is a > forgery, it can be safely binned, hence my rule. I would think people would want their legitimate bounce notifications, no? And if they are fakes, how effective could they really be, with "Undeliverable" in the subject, and the spam/payload only appearing well down into the body of the email, past all the notification messages? That's somewhat rhetorical, but I wish there was an answer on how to more effectively deal with these. John Hardin wrote: > BAYES_50 should have no real effect on the score of a message, > because that's Bayes saying "insufficient data for an opinion". It still accounts for 0.8 points :-( With the headers appearing all mangled to SA due to the "email within an email" where the original email is wrapped in a bounce message, it often appears to hit MISSING_HEADERS or other weird combinations that add points incorrectly.
