Ray, Redfish.com is on a shared virtual host on hostgo.com. the Friam mailing list is run by the python script Mailman ( http://www.gnu.org/software/mailman/) with mailserver on paris.hostgo.com.
Google shouldn't be in the middle. Doing a quick spot check of headers going back a year, the spam message appears to be there. And the spam scores typically are reporting "clean" with "Content analysis details: (-2.3 points, 5.0 required)". So it appears that the filter is happy. Why your message is getting garbled, I'm not sure. Perhaps something in the Sandia Exchange server? Is anyone else getting garbled messages? -S --- -. . ..-. .. ... .... - .-- --- ..-. .. ... .... stephen.gue...@redfish.com 1600 Lena St #D1, Santa Fe, NM 87505 office: (505) 995-0206 tollfree: (888) 414-3855 mobile: (505) 577-5828 fax: (505) 819-5952 tw: @redfishgroup skype: redfishgroup gvoice: (505) 216-6226 redfish.com | simtable.com On Wed, Aug 7, 2013 at 10:09 AM, Parks, Raymond <rcpa...@sandia.gov> wrote: > Is anybody else getting these weirdly mangled messages? A significant > percentage of the messages from friam are being reported as possible spam. > I am not sure, but I believe that I am not getting the original message. > > From my reading of the headers, it appears that google gets the mailing > list message on behalf of friam@redfish.com (I'm assuming the redfish > hosts their email on gmail). Google then sends it through > paris.hostgo.com, which flags the email as possible spam and then sends > it on to me via Sandia's corporate email. DNS whitelisting is cited as the > source for identifying the originating sender as a past spam site. This > happens with multiple participants on FRIAM, so I doubt that the actual > person's address is the problem and dnswl.org confirmed that when I > looked up Robert's personal domain. I also checked on redfish.com and > you-all are not the problem. The only other domain involved at the point > where the email passes through hostgo.com is google.com - so I don't > understand what is being detected. > > Ray Parks > Consilient Heuristician/IDART Program Manager > V: 505-844-4024 M: 505-238-9359 P: 505-951-6084 > NIPR: rcpa...@sandia.gov > SIPR: rcpar...@sandia.doe.sgov.gov (send NIPR reminder) > JWICS: dopa...@doe.ic.gov (send NIPR reminder) > > > > Begin forwarded message: > > *From: *Robert Holmes <rob...@robertholmes.org> > *Subject: **[EXTERNAL] * > *Date: *August 7, 2013 8:13:26 AM MDT > *To: *The Friday Morning Applied Complexity Coffee Group < > friam@redfish.com> > *Received: *from mailgate2.sandia.gov (132.175.109.4) by > mail.sandia.gov(134.253.103.2) with Microsoft SMTP Server id 14.3.123.3; Wed, > 7 Aug 2013 > 08:31:38 -0600 > *Received: *from sentry-two.sandia.gov (sentry-two.sandia.gov > [132.175.109.14]) by mailgate2.sandia.gov (8.14.4/8.14.4) with ESMTP id > r77EVc9x013632; Wed, 7 Aug 2013 08:31:38 -0600 > *Received: *from fbdbrel05.localdomain > (osmtp-mefxp.att-mail.com[12.131.129.86]) (using TLSv1 with cipher > DHE-RSA-AES256-SHA (256/256 > bits)) (No client certificate requested) by sentry-two.sandia.gov(Postfix) > with ESMTPS id 25217D388E6; Wed, 7 Aug 2013 08:20:07 -0600 (MDT) > *Received: *from fbdbscrub11.att-mail.com (unknown [192.168.125.11]) by > fbdbrel05.localdomain (Postfix) with ESMTP id F3DE415F8073; Wed, 7 Aug 2013 > 14:20:06 +0000 (GMT) > *Received: *from fbdbrel03.localdomain > (fbdbrel03.seg.att.com[192.168.10.21]) by > fbdbscrub11.att-mail.com with ESMTP id JkLbmhtSU61Es1Vz; Wed, 07 Aug 2013 > 14:20:06 +0000 (GMT) > *Received: *from sentry-three.sandia.gov (unknown [132.175.109.17]) by > fbdbrel03.localdomain (Postfix) with ESMTPS id 519B3128805E; Wed, 7 Aug > 2013 14:20:06 +0000 (GMT) > *Received: *from paris.hostgo.com (unknown [64.71.164.67]) (using TLSv1 > with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate > requested) by sentry-three.sandia.gov (Postfix) with ESMTPS id > 2FAAB528320; Wed, 7 Aug 2013 08:14:14 -0600 (MDT) > *Received: *from localhost ([::1]:36520 helo=paris.hostgo.com) by > paris.hostgo.com with esmtp (Exim 4.80.1) (envelope-from < > friam-boun...@redfish.com>) id 1V74V2-0006YX-Fi; Wed, 07 Aug 2013 > 10:14:04 -0400 > *Received: *from mail-qa0-f48.google.com ([209.85.216.48]:45701) by > paris.hostgo.com with esmtps ( TLSv1:RC4-SHA:128) (Exim 4.80.1) > (envelope-from <rholme...@gmail.com>) id 1V74Ux-0006VD-6u for > friam@redfish.com; Wed, 07 Aug 2013 10:14:00 -0400 > *Received: *by mail-qa0-f48.google.com with SMTP id o19so1065879qap.7 > for <friam@redfish.com>; Wed, 07 Aug 2013 07:13:58 -0700 (PDT) > *Received: *by 10.224.212.66 with HTTP; Wed, 7 Aug 2013 07:13:26 -0700 > (PDT) > *X-Wss-Id: *0MR60CO-0B-12A-02 > *X-Wss-Id: *0MR5ZSK-0C-069-03 > *X-Tmwd-Spam-Summary: *TS=20130807143136; ID=2; SEV=2.4.5; > DFV=B2013080724; IFV=NA; AIF=B2013080724; RPD=8.00.0063; ENG=NA; > RPDID=7374723D303030312E30413031303230362E35323032354134392E303032452C73733D312C72653D302E3030302C726563753D302E3030302C726569703D302E3030302C636C3D312C636C643D312C6667733D30; > CAT=NONE; CON=NONE; SIG=AAABAMQFAAAAAAAAAAAAAAyDgVYAAAM= > *X-Tmwd-Spam-Summary: *TS=20130807141932; ID=1; SEV=2.4.5; > DFV=B2013080724; IFV=NA; AIF=B2013080724; RPD=8.00.0063; ENG=NA; > RPDID=7374723D303030312E30413031303230372E35323032353737382E303044372C73733D312C72653D302E3030302C726563753D302E3030302C726569703D302E3030302C636C3D312C636C643D312C6667733D30; > CAT=NONE; CON=NONE; SIG=AAAAAAAAAAAAAAAAQEekQwAAAw== > *X-Tmwd-Ip-Reputation: *SIP=12.131.129.86; > IPRID=7469643D303030312E30413031303330322E35323032353231302E30303038; > CTCLS=R4; CAT=Unknown > *X-Tmwd-Ip-Reputation: *SIP=64.71.164.67; > IPRID=7469643D303030312E30413031303330322E35323032353633412E30303935; > CTCLS=T2; CAT=Unknown > *Dkim-Signature: *v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; > s=20120113; > h=mime-version:sender:from:date:message-id:subject:to:content-type; > bh=e7jyvb4NAd80a69Oj48hIRji2W+qHLLjep90NLsEWIw=; > b=NpI8ALPi0QSXoAHBP0MSMDBtWnQNZww0/Q5iCLa0ENWo/f0bFgXsCgNfU7uw5E45Va > eWbZpCfJVXsqbU/u3KQAd0LocfNRlm/thRaRhp8NMYM5K/TZgR1Q3E7MpRW8DLGr6Qcn > 0eD/ee68Vw8QrEdSYZrJlUEAmvDyaabTGOt9xOg6GJS8EiGklsxpOOBtroB6WkAG1dkG > OtslZtj9IWv3YDkDQRlNT3FS56EM0CBPkxGKnW8o+GQpTn+AQV4pw/3fNtJlKdK3g3KR > dRb2/i9BXckg/PppIKl/GS89NINP/ubcQ2wQ8PlHdzjkCOLNakGckxVHhHxCxLCMk0r+ qq1g== > *X-Received: *by 10.49.76.68 with SMTP id i4mr963894qew.2.1375884836739; > Wed, 07 Aug 2013 07:13:56 -0700 (PDT) > *X-Google-Sender-Auth: *dUF5YGMksb1T0tYGHrct3Qi4TA0 > *Message-Id: *< > cagapjyfuxsumqhtviddywwwufye4z8no8dxl3-8wrpn6t_o...@mail.gmail.com> > *X-Spam-Status: *No, score=-2.3 > *X-Spam-Score: *-22 > *X-Spam-Bar: *-- > *X-Ham-Report: *Spam detection software, running on the system " > paris.hostgo.com", has identified this incoming email as possible spam. > The original message has been attached to this so you can view it (if it > isn't spam) or label similar future email. If you have any questions, see > root\@localhost for details. > *X-Mef-Scanned: *CLEAN > *Content-Type: *text/plain > *Return-Path: *friam-boun...@redfish.com > *X-Ms-Exchange-Organization-Authsource: *EXCH02.srn.sandia.gov > *X-Ms-Exchange-Organization-Authas: *Anonymous > *X-Ms-Exchange-Organization-Scl: *0 > *X-Ms-Exchange-Organization-Antispam-Report: *v=1.1 > cv=vlXSKHfvZplZRX9x2vvgWaEGzzJKgW97xtqQYo+ZdXg= c=1 sm=1 a=jDpx29WuEQsA:10 > a=wPDyFdB5xvgA:10 a=xqWC_Br6kY4A:10 a=9Zc6gUnS+PR9g6vzQJPDjg==:17 > a=7-t7MVIwAAAA:8 a=Q9gjguzfAAAA:8 a=pGLkceISAAAA:8 a=wctRFIENAAAA:8 > a=7pMlNqJoAAAA:8 a=z4TGNG1rAAAA:8 a=SrrR6NFsJgR0SH8OYMsA:9 > a=mN10d95ihcYA:10 a=dUHvzT4zkI0A:10 a=MSl-tDqOz04A:10 a=LMH-DyN6LR8A:10 > a=meBFHBK-isUA:10 a=4p3lELYsGk8A:10 a=kpAqHXzfObQA:10 a=0HjSaam29XZXaXJ4:21 > a=1vy9Q92IblchGuU0:21 > a=OkpYmSTv7shxIqP+SOO1tA==:117;OrigIP:64.71.164.67;SCL:0 > *X-Ms-Exchange-Organization-Avstamp-Mailbox: *MSFTFF;1;0;0 0 0 > *Mime-Version: *1.0 > > Content preview: ∑ and Google say they have no intention of fixing it. > > http://www.theguardian.com/technology/2013/aug/07/google-chrome-password-security-flaw∑ > and Google > say they have no intention of fixing it. [...] > Content analysis details: (-2.3 points, 5.0 required) > pts rule name description ---- ---------------------- > -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW > RBL: Sender > listed at http://www.dnswl.org/, low trust [209.85.216.48 listed in > list.dnswl.org] 0.0 > FREEMAIL_FROM Sender email is commonly abused enduser mail provider > (rholmes62[at]gmail.com) -0.0 > SPF_PASS SPF: sender matches SPF record 0.2 FREEMAIL_ENVFROM_END_DIGIT > Envelope-from freemail > username ends in digit (rholmes62[at]gmail.com) -1.9 BAYES_00 BODY: Bayes > spam probability is 0 to > 1% [score: 0.0000] 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 > DKIM_VALID Message has at > least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or > DK signature, not > necessarily valid > X-Spam-Flag: NO > Subject: [FRIAM] =?windows-1252?q?Security_flaw_in_Chrome=85?= > X-BeenThere: friam@redfish.com > X-Mailman-Version: 2.1.15 > Precedence: list > Reply-to: "The Friday Morning Applied Complexity Coffee Group" < > friam@redfish.com> > List-Id: The Friday Morning Applied Complexity Coffee Group < > friam_redfish.com.redfish.com> > List-Unsubscribe: <http://redfish.com/mailman/options/friam_redfish.com>, > <mailto:friam-requ...@redfish.com?subject=unsubscribe<friam-requ...@redfish.com?subject=unsubscribe> > > > List-Archive: <http://redfish.com/pipermail/friam_redfish.com/> > List-Post: <mailto:friam@redfish.com <friam@redfish.com>> > List-Help: > <mailto:friam-requ...@redfish.com?subject=help<friam-requ...@redfish.com?subject=help> > > > List-Subscribe: <http://redfish.com/mailman/listinfo/friam_redfish.com>, > <mailto:friam-requ...@redfish.com?subject=subscribe<friam-requ...@redfish.com?subject=subscribe> > > > Content-Type: multipart/mixed; > boundary="===============0038966539546490656==" > Errors-To: friam-boun...@redfish.com > Sender: "Friam" <friam-boun...@redfish.com> > X-AntiAbuse: This header was added to track abuse, please include it with > any abuse report > X-AntiAbuse: Primary Hostname - paris.hostgo.com > X-AntiAbuse: Original Domain - sandia.gov > X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] > X-AntiAbuse: Sender Address Domain - redfish.com > X-Get-Message-Sender-Via: paris.hostgo.com: > acl_c_authenticated_local_user: mailman/mailman > X-Source: > X-Source-Args: > X-Source-Dir: > > > --===============0038966539546490656== > Content-Transfer-Encoding: 7bit > Content-Type: multipart/alternative; > boundary=047d7bdc94dcf23a5004e35c266a > > > --047d7bdc94dcf23a5004e35c266a > Content-Type: text/plain; > charset=windows-1252 > Content-Transfer-Encoding: quoted-printable > > =85 and Google say they have no intention of fixing it. > > > http://www.theguardian.com/technology/2013/aug/07/google-chrome-password-se= > curity-flaw > > --047d7bdc94dcf23a5004e35c266a > Content-Type: text/html; > charset=windows-1252 > Content-Transfer-Encoding: quoted-printable > > <div dir=3D"ltr">=85 and Google say they have no intention of fixing > it.<di= > v><br></div><div><a href=3D" > http://www.theguardian.com/technology/2013/aug/= > 07/google-chrome-password-security-flaw"> > http://www.theguardian.com/technol= > ogy/2013/aug/07/google-chrome-password-security-flaw</a><br> > > </div><div><br></div></div> > > --047d7bdc94dcf23a5004e35c266a-- > > --===============0038966539546490656== > Content-Type: text/plain; > charset=us-ascii > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com > --===============0038966539546490656==-- > > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com >
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com