This is a discussion on Re: Clearly bogus false positives -- on "abuse" contact point, no - SpamAssassin ; Karsten Bräckelmann wrote: > Please, do not paste a gigantic blob of multipart MIME messages. Put it > up somewhere, raw, and simply provide a link. > > > On Sat, 2008-02-16 at 18:44 -0800, Philip Prindeville wrote: > >> ...
Karsten Bräckelmann wrote:
> Please, do not paste a gigantic blob of multipart MIME messages. Put it
> up somewhere, raw, and simply provide a link.
> On Sat, 2008-02-16 at 18:44 -0800, Philip Prindeville wrote:
>> Anyway, I have no idea why I'm seeing some of these scores. URL matches
>> when there aren't even URL's in my message?
> There are. Self-inflicted. The ones in square brackets with the leading
> 550 code, which you seem to keep sending back and forth.
And just *mentioning* the domain name, without any sort of valid URL
(ftp: or http: or anything of the sort) is going to match it as a URL?
That's highly bogus.
A domain name alone does not a URL make.
>> A 2.6 score on BAYES_00? URIBL_JP_SURBL and URIBL_OB_SURBL? And what
>> the heck is DNS_FROM_OPENWHOIS???
> Well, if you don't mind having a second look, that is MINUS 2.6 for
> Bayes. What's wrong with that?\
Oh, sorry, read over the scores too quickly. Never mind the BAYES_00.
> Regarding your SURBL questions... Yes. Wait, you where hoping for more?
> Without any actually asked question? OK, good then. The domain
> chalturs.com is listed in these RBLs, as the results tell you. See
> http://surbl.org/ for more.
I read the top-level page, but didn't see anything really pertinent. I
get the idea. But naming the domain in a message, again, is not the
same as embedding an entire URL containing the domain. The two aren't
> Oh, and DNS_FROM_OPENWHOIS probably is http://open-whois.org/, which
> gives you a hint about what it actually is. The hit itself pretty much
> mentions this...
Yeah, I read this. And I don't get that either.
How does having your domain be anonymous (for whatever reason... maybe
you're a small company operating below the radar) make your email any
more likely to be spam????
>> TVD_STOCK1? There's no mention of stock anywhere in the message.
> From a quick glimpse of the code, it appears to identify common words
> used in stock (as in stock exchange, pump-n-dump penny stocks) spam. It
> does not search for the word "stock". Just as pretty much no rule in SA
> ever searches for single words only...
Again, I didn't see anything that should legitimately be causing this
rule to fire, and certainly not with such a high score for such an
>> Why am I seeing all of these bogus matches?
> From what I can tell, and what you sent us, they don't appear to be
Depends on whether you equate bare domains with URL's, I suppose.
>> I looked on the wiki for some of these, but couldn't find descriptions.
>> What should I do? Just block their domain? I don't want to deal with
>> their misconfiguration issues.
> Apparently you already exchanged messages? Try not sending the offensive
> mail in question. Put it up somewhere as reference, if need be. Hmm,
> sounds familiar...
No, I sent them back the offending email, initially. Which they marked
as spam (bloody brilliant, of course it's spam, otherwise I wouldn't be
bothering to report it.... what else do they expect to come to their
"Abuse" mailbox, anyway???).
So I sent back the SA scores back to them, and that's the part that I
How do you report Spam to such a site that's going to block your Spam
reports for being... well, Spam!
(Yes, I'm shocked too to hear there's gambling going on in Casablanca...)