Karsten Bräckelmann wrote:
> Please, do not paste a gigantic blob of multipart MIME messages. Put it
> up somewhere, raw, and simply provide a link.
> On Sat, 2008-02-16 at 18:44 -0800, Philip Prindeville wrote:
>> Anyway, I have no idea why I'm seeing some of these scores. URL matches
>> when there aren't even URL's in my message?

> There are. Self-inflicted. The ones in square brackets with the leading
> 550 code, which you seem to keep sending back and forth.

And just *mentioning* the domain name, without any sort of valid URL
(ftp: or http: or anything of the sort) is going to match it as a URL?
That's highly bogus.

A domain name alone does not a URL make.

>> A 2.6 score on BAYES_00? URIBL_JP_SURBL and URIBL_OB_SURBL? And what
>> the heck is DNS_FROM_OPENWHOIS???

> Well, if you don't mind having a second look, that is MINUS 2.6 for
> Bayes. What's wrong with that?\

Oh, sorry, read over the scores too quickly. Never mind the BAYES_00.

> Regarding your SURBL questions... Yes. Wait, you where hoping for more?
> Without any actually asked question? OK, good then. The domain
> chalturs.com is listed in these RBLs, as the results tell you. See
> http://surbl.org/ for more.

I read the top-level page, but didn't see anything really pertinent. I
get the idea. But naming the domain in a message, again, is not the
same as embedding an entire URL containing the domain. The two aren't

> Oh, and DNS_FROM_OPENWHOIS probably is http://open-whois.org/, which
> gives you a hint about what it actually is. The hit itself pretty much
> mentions this...

Yeah, I read this. And I don't get that either.

How does having your domain be anonymous (for whatever reason... maybe
you're a small company operating below the radar) make your email any
more likely to be spam????

>> TVD_STOCK1? There's no mention of stock anywhere in the message.

> From a quick glimpse of the code, it appears to identify common words
> used in stock (as in stock exchange, pump-n-dump penny stocks) spam. It
> does not search for the word "stock". Just as pretty much no rule in SA
> ever searches for single words only...

Again, I didn't see anything that should legitimately be causing this
rule to fire, and certainly not with such a high score for such an
unreliable rule.

>> Why am I seeing all of these bogus matches?

> From what I can tell, and what you sent us, they don't appear to be
> bogus.

Depends on whether you equate bare domains with URL's, I suppose.

>> I looked on the wiki for some of these, but couldn't find descriptions.
>> What should I do? Just block their domain? I don't want to deal with
>> their misconfiguration issues.

> Apparently you already exchanged messages? Try not sending the offensive
> mail in question. Put it up somewhere as reference, if need be. Hmm,
> sounds familiar...
> guenther

No, I sent them back the offending email, initially. Which they marked
as spam (bloody brilliant, of course it's spam, otherwise I wouldn't be
bothering to report it.... what else do they expect to come to their
"Abuse" mailbox, anyway???).

So I sent back the SA scores back to them, and that's the part that I
pasted previously.

How do you report Spam to such a site that's going to block your Spam
reports for being... well, Spam!

(Yes, I'm shocked too to hear there's gambling going on in Casablanca...)