On Sat, 12 Feb 2011, Lawrence @ Rogers wrote:
But scoring 3+ for a rule that checks the format of the To: header is a bit excessive, IMO. In an ideal world, everyone would send properly formatted headers, but we don't live in a perfect world and need to account for that.
The format of the To: header _in concert with direct-to-MX_. Per our masscheck corpora that is a reasonably good spam sign.
It appears that the newsletters are being generated directly on a network-facing host and are being sent directly to subscribers' MX hosts rather than via an intervening dedicated MTA. This is very "spammy" behavior, and it's not surprising it hits a rule like this. It looks exactly like something generated by a spambot.
Perhaps adding "must be in ZEN" to that meta might be justified, but that would make it a network test, which for this sort of thing I'm reluctant to do.
How many of your FPs are similar? -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [email protected] FALaholic #11174 pgpk -a [email protected] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- After ten years (1998-2008) of draconian gun control in the State of Massachusetts, the results are in: firearms-related assaults up 78%, firearms-related homicides up 67%, assault-related emergency room visits up 331%. Gun Control does not reduce violent crime. ----------------------------------------------------------------------- Today: Abraham Lincoln's and Charles Darwin's 202nd Birthdays
