Interesting though who told you that html was more spammy because the data doesn't back that up. Multipart html with text alternative will usually score lower because like 99% of the mail flow looks like that.
It is only old school people like us that even know how to send text only, heh. On Thu, Dec 12, 2019, 11:36 sebb <[email protected]> wrote: > Please don't ever use HTML for announce mails. > > They are more likely to be treated as spam -- as this one was -- and so > may be overlooked by the moderators. > > Thanks. > S. > > On Thu, 12 Dec 2019 at 16:26, Kevin A. McGrail <[email protected]> > wrote: > >> On behalf of the Apache SpamAssassin Project, I am proud to share the >> release notes for Apache SpamAssassin v3.4.3. -KAM >> >> Release Notes -- Apache SpamAssassin -- Version 3.4.3 >> >> Introduction >> ------------ >> >> Apache SpamAssassin 3.4.3 contains numerous tweaks and bug fixes as we >> prepare to move to version 4.0.0 with better, native UTF-8 handling. >> >> There are a number of functional patches, improvements as well as security >> reasons to upgrade to 3.4.3. In this release, there are bug fixes for two >> CVEs. >> >> *** On March 1, 2020, we will stop publishing rulesets with SHA-1 signatures. >> If you do not update to 3.4.2 or later, you will be stuck at the last >> ruleset with SHA-1 signatures. *** >> >> Many thanks to the committers, contributors, rule testers, mass checkers, >> and code testers who have made this release possible. >> >> Happy Birthday >> -------------- >> Apache SpamAssassin turned 18 on September 5th, 2019. >> >> Now in its 18th year, 15 of which as an Apache project, SpamAssassin is the >> world's most popular email anti-spam platform. Apache SpamAssassin can be >> used on a wide variety of email systems including Postfix, procmail, qmail, >> sendmail, and more. >> >> It serves as the spam-filtering and detection solution for numerous ISPs and >> hosting providers, and is integrated in commercial software including Plesk, >> cPanel, Vesta Control Panel, and many others. >> >> SpamAssassin was originally created by Justin Mason, who had maintained a >> number of patches against an earlier program named filter.plx by Mark >> Jeftovic, which began in August 1997. Mason rewrote all of Jeftovic's code >> from scratch and uploaded the resulting codebase to SourceForge on April 20, >> 2001. SpamAssassin entered the Apache Incubator in December 2003 and >> graduated as an Apache Top-Level Project in June 2004. >> >> Notable features: >> ================= >> >> New plugins >> ----------- >> There is 1 new plugin added with this release: >> >> # OLEVBMacro - Detects both OLE macros and VB code inside Office documents >> # >> # It tries to discern between safe and malicious code but due to the threat >> # macros present to security, many places block these type of documents >> # outright. >> # >> # For this plugin to work, Archive::Zip and IO::String modules are required. >> # loadplugin Mail::SpamAssassin::Plugin::OLEVBMacro >> >> >> This plugin is disabled by default. To enable, uncomment the loadplugin >> configuration options in file v343.pre, or add it to some local .pre file >> such as local.pre. >> >> Notable changes >> --------------- >> >> Safer and faster scanning of large emails using body_part_scan_size and >> rawbody_part_scan_size settings. >> >> New tflag "nosubject" for 'body' rules, to stop matching the Subject header >> which is part of the body text. >> >> Two CVE security bug fixes are included in this release: >> >> CVE-2019-12420 for Multipart Denial of Service Vulnerability >> >> CVE-2018-11805 for nefarious CF files can be configured to >> run system commands without any output or errors. >> >> Security updates include deprecation of the unsafe sa-update '--allowplugins' >> option, which now prints a warning that '--reallyallowplugins' is required >> to use it. >> >> New configuration options >> ------------------------- >> >> A new subjprefix keyword used to add a prefix to the subject of the >> email if a rule is matched. >> >> A new template tag _SUBJPREFIX_ that maps to the subject prefix that >> has been added by the subjprefix keyword. >> >> A new template tag _SUBTESTSCOLLAPSED(,)_ that maps to subtests that >> hits with duplicated rules collapsed. >> >> A config option rbl_headers has been added to DNSEval plugin, >> this option is used to specify in which headers check_rbl_headers >> should check for content used to query the specified rbl. >> >> A new check_rbl_ns_from function has been added to check >> the dns server of the from addrs domain name against a specific rbl. >> >> A new check_rbl_rcvd function has been added to check >> all received headers domains or ip addresses against a >> specific rbl. >> >> New options has been added to check_hashbl_emails function >> has been added; it is now possible to specify in which headers >> the function should check for content used to query the >> specified rbl and an acl to filter the email addresses the rule >> should apply. >> >> A new check_hashbl_bodyre function has been added, it is now possible >> to search body for matching regexp and query the string captured >> against the specified rbl. >> >> A new check_hashbl_uris function has been added, it is now possible >> to match uris in email's body and query the uris against the >> specified rbl. >> >> Notable Internal changes >> ------------------------ >> >> None noted. >> >> Other updates >> ------------- >> >> None noted. >> >> Optimizations >> ------------- >> >> None noted. >> >> >> Downloading and availability >> ---------------------------- >> >> Downloads are available from: >> https://spamassassin.apache.org/downloads.cgi >> >> sha256sum of archive files: >> >> a5b8fde50e468be8b36b90f5c39b19dfea947d6184a06cbf6dd16bf97265008d >> Mail-SpamAssassin-3.4.3.tar.bz2 >> bb3adac71b2a5b69d584ee9843460f61c62da0bb7441c4007cc741b404ad27b8 >> Mail-SpamAssassin-3.4.3.tar.gz >> 3f4e55e8b4f2420c6d0b30850acd6cfb8808c7e559e0a9168b93950ca5289e86 >> Mail-SpamAssassin-3.4.3.zip >> d4804c19c5ee2065443fa09e3940462daa48481dfa9d4a1d95e2683d75c7c7d9 >> Mail-SpamAssassin-rules-3.4.3.r1871124.tgz >> >> sha512sum of archive files: >> >> >> 4d50b30a42d318c3a4c868b4940d1f56c329cc501270df12e1a369dd7de670c30f328a5fbc37dbd3b0d06538b9500085e920939c62de80ad6d8740bc47162cb0 >> Mail-SpamAssassin-3.4.3.tar.bz2 >> >> d2fd657d3c20273b0c06cb1da083d757d3f2a7f60c7ed6e6ad8f98e6df33c9c5f3824f0531abf5dbc32b0dde22979d7d671231fa2ef0d8b073ea6804c5de0c3a >> Mail-SpamAssassin-3.4.3.tar.gz >> >> 608d8db07e08475e8eba42584fbff95210539e34fdfdc62cc8112d8aa42e88a7537be5bc1c624d5dd9aadce717c459407e64f1b56592ac743051d2c31e817d14 >> Mail-SpamAssassin-3.4.3.zip >> >> 2089bd97798c64fec8dea127cc12fbd9d9647bfe42c056a7674c7e9f85bb9e29ad73f741317ec74824016192736d57f16f70ff9bfd1eac0a8de747e417e3175f >> Mail-SpamAssassin-rules-3.4.3.r1871124.tgz >> >> Note that the *-rules-*.tgz files are only necessary if you cannot, >> or do not wish to, run "sa-update" after install to download the latest >> fresh rules. >> >> See the INSTALL and UPGRADE files in the distribution for important >> installation notes. >> >> >> GPG Verification Procedure >> -------------------------- >> The release files also have a .asc accompanying them. The file serves >> as an external GPG signature for the given release file. The signing >> key is available via the wwwkeys.pgp.net key server, as well >> ashttps://www.apache.org/dist/spamassassin/KEYS >> >> >> >> The following key is used to sign releases after, and including SA 3.3.0: >> >> pub 4096R/F7D39814 2009-12-02 >> Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 9814 >> uid SpamAssassin Project Management Committee >> <[email protected]> <[email protected]> >> uid SpamAssassin Signing Key (Code Signing Key, replacement >> for 1024D/265FA05B) <[email protected]> >> <[email protected]> >> sub 4096R/7B3265A5 2009-12-02 >> >> The following key is used to sign rule updates: >> >> pub 4096R/5244EC45 2005-12-20 >> Key fingerprint = 5E54 1DC9 59CB 8BAC 7C78 DFDC 4056 A61A 5244 EC45 >> uid updates.spamassassin.org Signing Key >> <[email protected]> <[email protected]> >> sub 4096R/24F434CE 2005-12-20 >> >> To verify a release file, download the file with the accompanying .asc >> file and run the following commands: >> >> gpg --verbose --keyserver wwwkeys.pgp.net --recv-key F7D39814 >> gpg --verify Mail-SpamAssassin-3.4.3.tar.bz2.asc >> gpg --fingerprint F7D39814 >> >> Then verify that the key matches the signature. >> >> Note that older versions of gnupg may not be able to complete the steps >> above. Specifically, GnuPG v1.0.6, 1.0.7 & 1.2.6 failed while v1.4.11 >> worked flawlessly. >> >> See https://www.apache.org/info/verification.html for more information >> on verifying Apache releases. >> >> >> About Apache SpamAssassin >> ------------------------- >> >> Apache SpamAssassin is a mature, widely-deployed open source project >> that serves as a mail filter to identify spam. SpamAssassin uses a >> variety of mechanisms including mail header and text analysis, Bayesian >> filtering, DNS blocklists, and collaborative filtering databases. In >> addition, Apache SpamAssassin has a modular architecture that allows >> other technologies to be quickly incorporated as an addition or as a >> replacement for existing methods. >> >> Apache SpamAssassin typically runs on a server, classifies and labels >> spam before it reaches your mailbox, while allowing other components of >> a mail system to act on its results. >> >> Most of the Apache SpamAssassin is written in Perl, with heavily >> traversed code paths carefully optimized. Benefits are portability, >> robustness and facilitated maintenance. It can run on a wide variety of >> POSIX platforms. >> >> The server and the Perl library feels at home on Unix and Linux platforms >> and reportedly also works on MS Windows systems under ActivePerl. >> >> For more information, visit https://spamassassin.apache.org/ >> >> >> About The Apache Software Foundation >> ------------------------------------ >> >> Established in 1999, The Apache Software Foundation provides >> organizational, legal, and financial support for more than 100 >> freely-available, collaboratively-developed Open Source projects. The >> pragmatic Apache License enables individual and commercial users to >> easily deploy Apache software; the Foundation's intellectual property >> framework limits the legal exposure of its 2,500+ contributors. >> >> For more information, visit https://www.apache.org/ >> >> ## >> >> -- >> Kevin A. [email protected] >> >> Member, Apache Software Foundation >> Chair Emeritus Apache SpamAssassin >> Projecthttps://www.linkedin.com/in/kmcgrail - 703.798.0171 >> >>
