Re: Phishing rules?
SM <firstname.lastname@example.org> writes:
> At 07:56 01-11-2008, Micah Anderson wrote:[color=green]
>>Here is an example one I received recently, note the hideously low bayes
>>score on this one, caused it to autolearn as ham even, grr.[/color]
>>X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
>> autolearn=ham version=3.2.5[/color]
> The sender is whitelisted by [url]www.dnswl.org[/url].[/color]
Yeah, because this one was forwarded through debian.org, which is
legitimate. The spam originator was not debian.org, but debian.org is
the one in dnswl.org.
>>Received: from master.debian.org (master.debian.org [126.96.36.199])
>> by mx1.riseup.net (Postfix) with ESMTP id AA4465701D1
>> for <email@example.com>; Fri, 31 Oct 2008 20:00:39 -0700 (PDT)[/color]
> The mail is coming through debian.org. Do you want to blacklist that host?[/color]
No, I do not.