Re: add_header all Date of Scan _DATE_

On 09.06.14 05:49, Karsten Bräckelmann wrote: Found the culprit after some digging. Bug 6915 [1], revision 1453407. As a band-aid, the following trivial one-line patch fixes it. Can easily be applied manually. can that by any chance fix problem with Date: in mail received by SSL ? That one beha

Spam score range and distribution statistics?

As far as I found out SpamAssassin calculates the spam score and puts the value into the email header. What is the maximum range of the score? -10,,+10 or other? Is there a statistic for an average email account how much emails get which score? In other words is there something like a ga

Re: Forged yahoo and mass mailers

I have a few messages that have been incorrectly tagged because the sender used their yahoo address as the sender, but used a mass mailer ( contactbeacon.com) to send their newsletter for them. Apparently this is enough for it to hit FORGED_YAHOO_RCVD and L_UNVERIFIED_YAHOO, causing it to be mar

Re: Spam score range and distribution statistics?

On 09.06.14 09:47, Ben Stover wrote: As far as I found out SpamAssassin calculates the spam score and puts the value into the email header. What is the maximum range of the score? -10,,+10 I don't think it has limits. Maybe just limist for integer. -- Matus UHLAR - fantomas, uh...@fantom

Re: Spam score range and distribution statistics?

On Monday 09 June 2014 at 09:50, Matus UHLAR - fantomas wrote: > On 09.06.14 09:47, Ben Stover wrote: > >As far as I found out SpamAssassin calculates the spam score and puts the > > value into the email header. > > > >What is the maximum range of the score? > > > >-10,,+10 > > I don't think

Re: add_header all Date of Scan _DATE_

On Mon, 2014-06-09 at 05:49 +0200, Karsten Bräckelmann wrote: > On Sun, 2014-06-08 at 20:56 -0500, Chris wrote: > > In my etc/mail/spamassassin/local.cf I have the above line. I just > > For completeness: That add_header option does work, although there are > actually exactly 3 arguments. > > a

Re: Viagra spam not caught

On 06/07/2014 03:55 PM, Matus UHLAR - fantomas wrote: On 06.06.14 18:06, Daniele Paoni wrote: I deleted the bayes database and trained it using real spam&ham I would not clear the BAYES DB so fast. Even BAYES_00 spam can become BAYES_99 after a few properly trained samples. OK, I will keep

Re: Can't keep up with spam from SolarVPS sites

On 6/7/2014 3:31 AM, David B Funk wrote: This does require some baby-sitting as it will get traffic that is the results of a real human fat-fingering a legit recipient. Perhaps use just subdomains then? Such as venusflyt...@invalid.uiowa.edu to eliminate the risk of legit fat-fingered emai

Re: Forged yahoo and mass mailers

On 6/8/2014 10:49 PM, Alex wrote: I have a few messages that have been incorrectly tagged because the sender used their yahoo address as the sender, but used a mass mailer (contactbeacon.com ) to send their newsletter for them. Apparently this is enough for it to hit

Re: Spam score range and distribution statistics?

On 6/9/2014 3:47 AM, Ben Stover wrote: As far as I found out SpamAssassin calculates the spam score and puts the value into the email header. What is the maximum range of the score? -10,,+10 or other? There are no limits on the score. The higher the score, the more likely the email is

Re: Spam score range and distribution statistics?

On 6/9/2014 11:34 AM, Bowie Bailey wrote: On 6/9/2014 3:47 AM, Ben Stover wrote: As far as I found out SpamAssassin calculates the spam score and puts the value into the email header. What is the maximum range of the score? -10,,+10 or other? There are no limits on the score. The high

RE: SPAM from a registrar

I have been tracking this for about 2 weeks now myself. Comparing my list of new domains, shows that DOB seems to pick them up after they are 2 days old. I also tried to compair my list to fresh.spameatingmonkey.net, but none of my domains in the 0-5days old would get a match for com/net

Re: Spam score range and distribution statistics?

On Mon, 2014-06-09 at 11:34 -0400, Bowie Bailey wrote: > > In other words is there something like a gaussian distribution > > graphic visualisation? > > That would be different on every server depending on what type of spam > and ham you see and which rule sets you are running. I graphed mine ou

Re: SPAM from a registrar

On 6/9/2014 1:23 PM, Patrick Domack wrote: I have been tracking this for about 2 weeks now myself. Comparing my list of new domains, shows that DOB seems to pick them up after they are 2 days old. I also tried to compair my list to fresh.spameatingmonkey.net, but none of my domains in the 0-

Re: SPAM from a registrar

Quoting "Kevin A. McGrail" : On 6/9/2014 1:23 PM, Patrick Domack wrote: I have been tracking this for about 2 weeks now myself. Comparing my list of new domains, shows that DOB seems to pick them up after they are 2 days old. I also tried to compair my list to fresh.spameatingmonkey.net, b

Re: SPAM from a registrar

On Mon, 9 Jun 2014, Kevin A. McGrail wrote: On 6/9/2014 1:23 PM, Patrick Domack wrote: Comparing my list of new domains, shows that DOB seems to pick them up after they are 2 days old. I wonder how we can use DNS, an RBL and distributed lookups to get the age of domains AND share the infor

Re: SPAM from a registrar

On 6/9/2014 2:24 PM, Patrick Domack wrote: Quoting "Kevin A. McGrail" : On 6/9/2014 1:23 PM, Patrick Domack wrote: I have been tracking this for about 2 weeks now myself. Comparing my list of new domains, shows that DOB seems to pick them up after they are 2 days old. I also tried to compa

Domain ages (was Re: SPAM from a registrar)

On Mon, 09 Jun 2014 14:24:19 -0400 Patrick Domack wrote: > That could be easily done. Only issue is, if you trust the > distributed lookups to have accurate infomation. > I suppose we could build in a trust system, where if enough > distributed clients upload the same info, it could be trusted.

Re: SPAM from a registrar

On 6/9/2014 2:33 PM, John Hardin wrote: On Mon, 9 Jun 2014, Kevin A. McGrail wrote: On 6/9/2014 1:23 PM, Patrick Domack wrote: Comparing my list of new domains, shows that DOB seems to pick them up after they are 2 days old. I wonder how we can use DNS, an RBL and distributed lookups to ge

Re: Domain ages (was Re: SPAM from a registrar)

On 6/9/2014 2:38 PM, David F. Skoll wrote: On Mon, 09 Jun 2014 14:24:19 -0400 Patrick Domack wrote: That could be easily done. Only issue is, if you trust the distributed lookups to have accurate infomation. I suppose we could build in a trust system, where if enough distributed clients upload

Re: SPAM from a registrar

On Mon, 9 Jun 2014, Kevin A. McGrail wrote: On 6/9/2014 2:33 PM, John Hardin wrote: On Mon, 9 Jun 2014, Kevin A. McGrail wrote: > On 6/9/2014 1:23 PM, Patrick Domack wrote: > > Comparing my list of new domains, shows that DOB seems to pick > > them up after they are 2 days old. > > I

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, 9 Jun 2014, Kevin A. McGrail wrote: So there is merit in building a distributed look-up system using SA. Distributed lookup of *what*, though? Can you clarify that part of your idea? Are you referring to distributed whois queries for a domain name, to determine its age? -- John Ha

Re: SPAM from a registrar

Quoting "Kevin A. McGrail" : On 6/9/2014 2:24 PM, Patrick Domack wrote: Quoting "Kevin A. McGrail" : On 6/9/2014 1:23 PM, Patrick Domack wrote: I have been tracking this for about 2 weeks now myself. Comparing my list of new domains, shows that DOB seems to pick them up after they are 2

Re: SPAM from a registrar

On Mon, Jun 9, 2014 at 2:39 PM, Kevin A. McGrail wrote: > On 6/9/2014 2:33 PM, John Hardin wrote: > >> On Mon, 9 Jun 2014, Kevin A. McGrail wrote: >> >> On 6/9/2014 1:23 PM, Patrick Domack wrote: >>> Comparing my list of new domains, shows that DOB seems to pick them up after they ar

Re: SPAM from a registrar

On 06/09/2014 08:39 PM, Kevin A. McGrail wrote: On 6/9/2014 2:33 PM, John Hardin wrote: On Mon, 9 Jun 2014, Kevin A. McGrail wrote: On 6/9/2014 1:23 PM, Patrick Domack wrote: Comparing my list of new domains, shows that DOB seems to pick them up after they are 2 days old. I wonder how we

Re: Domain ages (was Re: SPAM from a registrar)

Domain age is a good metric to factor in. But I'm always fascinated with some people's desire to block all messages with extremely new domains. (NOT saying that this applies to everyone who posted on this thread!) Keep in mind that many large and famous businesses... who have fairly good mail sen

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, 9 Jun 2014 11:51:21 -0700 (PDT) John Hardin wrote: > > So there is merit in building a distributed look-up system using SA. > Distributed lookup of *what*, though? Can you clarify that part of > your idea? Are you referring to distributed whois queries for a > domain name, to determine i

Re: Domain ages (was Re: SPAM from a registrar)

On 6/9/2014 2:51 PM, John Hardin wrote: On Mon, 9 Jun 2014, Kevin A. McGrail wrote: So there is merit in building a distributed look-up system using SA. Distributed lookup of *what*, though? Can you clarify that part of your idea? Are you referring to distributed whois queries for a domain

Re: Domain ages (was Re: SPAM from a registrar)

On 6/9/2014 3:02 PM, Rob McEwen wrote: Domain age is a good metric to factor in. But I'm always fascinated with some people's desire to block all messages with extremely new domains. (NOT saying that this applies to everyone who posted on this thread!) Keep in mind that many large and famous bus

Re: Domain ages (was Re: SPAM from a registrar)

Quoting "David F. Skoll" : On Mon, 9 Jun 2014 11:51:21 -0700 (PDT) John Hardin wrote: > So there is merit in building a distributed look-up system using SA. Distributed lookup of *what*, though? Can you clarify that part of your idea? Are you referring to distributed whois queries for a do

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, 9 Jun 2014, David F. Skoll wrote: On Mon, 9 Jun 2014 11:51:21 -0700 (PDT) John Hardin wrote: So there is merit in building a distributed look-up system using SA. Distributed lookup of *what*, though? Can you clarify that part of your idea? Are you referring to distributed whois que

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, 09 Jun 2014 15:24:29 -0400 Patrick Domack wrote: > The point was, I have already done this, and have it in production. > I did this cause this subject keeps coming up from time to time, and > I was personally interested to see the results of it. Interesting. If you don't mind my asking.

Re: Domain ages (was Re: SPAM from a registrar)

On 6/9/2014 3:24 PM, Patrick Domack wrote: The point was, I have already done this, and have it in production. I did this cause this subject keeps coming up from time to time, and I was personally interested to see the results of it. And I do agree with Rob McEwen on many points. And I would b

RE: Domain ages (was Re: SPAM from a registrar)

If SEM was able to detect newly registered domains more quickly then that would solve the problem. From: John Hardin Sent: Monday, June 09, 2014 2:24 PM To: users@spamassassin.apache.org Subject: Re: Domain ages (was Re: SPAM from a registrar) On Mon, 9 J

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, 9 Jun 2014, Kevin A. McGrail wrote: On 6/9/2014 2:51 PM, John Hardin wrote: On Mon, 9 Jun 2014, Kevin A. McGrail wrote: > So there is merit in building a distributed look-up system using SA. Distributed lookup of *what*, though? Can you clarify that part of your idea? Are you refe

Re: Domain ages (was Re: SPAM from a registrar)

Quoting "David F. Skoll" : On Mon, 09 Jun 2014 15:24:29 -0400 Patrick Domack wrote: The point was, I have already done this, and have it in production. I did this cause this subject keeps coming up from time to time, and I was personally interested to see the results of it. Interesting. I

Re: Domain ages (was Re: SPAM from a registrar)

On 6/9/2014 3:11 PM, David F. Skoll wrote: On Mon, 9 Jun 2014 11:51:21 -0700 (PDT) John Hardin wrote: So there is merit in building a distributed look-up system using SA. Distributed lookup of *what*, though? Can you clarify that part of your idea? Are you referring to distributed whois queri

Re: Domain ages (was Re: SPAM from a registrar)

Quoting John Hardin : On Mon, 9 Jun 2014, Kevin A. McGrail wrote: On 6/9/2014 2:51 PM, John Hardin wrote: On Mon, 9 Jun 2014, Kevin A. McGrail wrote: So there is merit in building a distributed look-up system using SA. Distributed lookup of *what*, though? Can you clarify that part of y

Re: Domain ages (was Re: SPAM from a registrar)

On 6/9/2014 3:33 PM, John Hardin wrote: On Mon, 9 Jun 2014, Kevin A. McGrail wrote: On 6/9/2014 2:51 PM, John Hardin wrote: On Mon, 9 Jun 2014, Kevin A. McGrail wrote: > So there is merit in building a distributed look-up system using SA. Distributed lookup of *what*, though? Can you clar

Re: Domain ages (was Re: SPAM from a registrar)

On 6/9/2014 3:31 PM, David Jones wrote: If SEM was able to detect newly registered domains more quickly then that would solve the problem. That is the crux of the issue, yes. So how do you identify new domains if the registrars/registries won't give you the data? That's the problem my idea so

RE: Domain ages (was Re: SPAM from a registrar)

On Mon, 9 Jun 2014, David Jones wrote: If SEM was able to detect newly registered domains more quickly then that would solve the problem. Oh, agreed. The problem is, a registrar feed of registration changes costs a lot, and this is a free project. That's why I suggested trying to develop r

Re: Domain ages (was Re: SPAM from a registrar)

On 06/09/2014 09:38 PM, Kevin A. McGrail wrote: That is the crux of the issue, yes. So how do you identify new domains if the registrars/registries won't give you the data? That's the problem my idea solves by monitoring newly seen domains with the idea being that spammers are not going to buy d

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, Jun 9, 2014 at 8:43 PM, Kevin A. McGrail wrote: > I think the core issue is that age of domains is a good indicator of spam. > So there is merit in building a distributed look-up system using SA. > > I have more ideas than resources, of course... > I repeat my question: which domain? H

Re: Domain ages (was Re: SPAM from a registrar)

On 6/9/2014 4:25 PM, Matthias Leisi wrote: On Mon, Jun 9, 2014 at 8:43 PM, Kevin A. McGrail > wrote: I think the core issue is that age of domains is a good indicator of spam. So there is merit in building a distributed look-up system using SA. I ha

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, Jun 9, 2014 at 9:11 PM, David F. Skoll wrote: > The clever part is that once lots of sites begin using this in their > SA setups, we'll very quickly build up quite an accurate database of > newly-seen domains that's completely independent of any registrar for > a data source. > dnswl.or

Re: Domain ages (was Re: SPAM from a registrar)

Quoting Matthias Leisi : On Mon, Jun 9, 2014 at 8:43 PM, Kevin A. McGrail wrote: I think the core issue is that age of domains is a good indicator of spam. So there is merit in building a distributed look-up system using SA. I have more ideas than resources, of course... I repeat my qu

Re: Domain ages (was Re: SPAM from a registrar)

On 06/09/2014 10:32 PM, Patrick Domack wrote: Quoting Matthias Leisi : On Mon, Jun 9, 2014 at 8:43 PM, Kevin A. McGrail wrote: I think the core issue is that age of domains is a good indicator of spam. So there is merit in building a distributed look-up system using SA. I have more ideas

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, 9 Jun 2014 22:31:55 +0200 Matthias Leisi wrote: > *But*, again: which domains would be queried for such a list? I think MAIL FROM domain. Regards, David.

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, June 9, 2014 15:35, Patrick Domack wrote: > > I guess what would need to be hammered out, is, the exact info wanted. > We know age, and registrar. Though doing the registrar isn't so > simple, as the same for just ENOM changes between tld, and even within > a single tld (likely from the me

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, Jun 9, 2014 at 9:11 PM, David F. Skoll wrote: > The DNS software that serves the zone newdomain.example.net runs > the following pseudo-code when "example.org" is looked up: > [..] So who's volunteering to do this? :) > *raises hand* I still have an experimental DNS server (writte

Local BL support?

I’d like to add a plugin (and eventually share it once the bugs are out) that uses either Net::CIDR::Lite to allow manual entry of IP-based blacklists for known offending address blocks, or else using the Geo::IP module to blacklist based on the country or ISP. It would need to expose parts of

Re: Local BL support?

On 06/09/2014 10:46 PM, Philip Prindeville wrote: I’d like to add a plugin (and eventually share it once the bugs are out) that uses either Net::CIDR::Lite to allow manual entry of IP-based blacklists for known offending address blocks, or else using the Geo::IP module to blacklist based on the c

Re: Can't keep up with spam from SolarVPS sites

On Jun 6, 2014, at 3:50 PM, Axb wrote: > If you have to post a spam sample, pls use pastebin and post the full msg > > On 06/06/2014 11:32 PM, Philip Prindeville wrote: >> We’re getting a lot of spam that contains URL’s which look like (remove the >> ): >> >> http://mabsut.com/2022036

Re: Domain ages (was Re: SPAM from a registrar)

On 06/09/2014 10:43 PM, James B. Byrne wrote: On Mon, June 9, 2014 15:35, Patrick Domack wrote: I guess what would need to be hammered out, is, the exact info wanted. We know age, and registrar. Though doing the registrar isn't so simple, as the same for just ENOM changes between tld, and even

Re: Can't keep up with spam from SolarVPS sites

On 06/09/2014 11:03 PM, Philip Prindeville wrote: On Jun 6, 2014, at 3:50 PM, Axb wrote: If you have to post a spam sample, pls use pastebin and post the full msg On 06/06/2014 11:32 PM, Philip Prindeville wrote: We’re getting a lot of spam that contains URL’s which look like (remove the #

Re: Domain ages (was Re: SPAM from a registrar)

On 06/09/2014 12:29 PM, Kevin A. McGrail wrote: > On 6/9/2014 3:24 PM, Patrick Domack wrote: >> The point was, I have already done this, and have it in production. I >> did this cause this subject keeps coming up from time to time, and I >> was personally interested to see the results of it. >> >>

Re: Local BL support?

On Mon, 9 Jun 2014, Axb wrote: On 06/09/2014 10:46 PM, Philip Prindeville wrote: I’d like to add a plugin (and eventually share it once the bugs are out) that uses either Net::CIDR::Lite to allow manual entry of IP-based blacklists for known offending address blocks, or else using the Geo::

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, Jun 9, 2014 at 11:31 PM, Richard Doyle wrote: > A caching whois client (jwhois, for example) can significantly reduce > the volume of queries. > You will need to query potentially hundreds or thousands of domains *per day* - mostly throw away domains from spammers. 1) What are the typi

Re: Domain ages (was Re: SPAM from a registrar)

Quoting Matthias Leisi : On Mon, Jun 9, 2014 at 11:31 PM, Richard Doyle wrote: A caching whois client (jwhois, for example) can significantly reduce the volume of queries. You will need to query potentially hundreds or thousands of domains *per day* - mostly throw away domains from spamme

Re: Can't keep up with spam from SolarVPS sites

On Jun 9, 2014, at 3:10 PM, Axb wrote: > On 06/09/2014 11:03 PM, Philip Prindeville wrote: >> >> On Jun 6, 2014, at 3:50 PM, Axb wrote: >> >>> If you have to post a spam sample, pls use pastebin and post the full msg >>> >>> On 06/06/2014 11:32 PM, Philip Prindeville wrote: We’re gettin

Re: Local BL support?

On Jun 9, 2014, at 3:36 PM, John Hardin wrote: > On Mon, 9 Jun 2014, Axb wrote: > >> On 06/09/2014 10:46 PM, Philip Prindeville wrote: >>> I’d like to add a plugin (and eventually share it once the bugs are >>> out) that uses either Net::CIDR::Lite to allow manual entry of >>> IP-based blacklis

Re: Can't keep up with spam from SolarVPS sites

On Mon, 9 Jun 2014, Philip Prindeville wrote: We’re getting a lot of spam that contains URL’s which look like (remove the ): http://mabsut.com/20220362/vuxtxumsrnsst6unlornt3umtfuwznvv~5v0nmro0ysnx_u_usqzxsrwlln_t_t_tomtdyumplnl_ts_tn_ttce/unnt7uqs_mrn_ttdfw3yuw_h_03xo_gl_67_8gw_buutxv

Re: Domain ages (was Re: SPAM from a registrar)

On 06/09/2014 02:42 PM, Matthias Leisi wrote: > > On Mon, Jun 9, 2014 at 11:31 PM, Richard Doyle > mailto:lists...@islandnetworks.com>> wrote: > > > A caching whois client (jwhois, for example) can significantly reduce > the volume of queries. > > > You will need to query potentially hund

Re: Local BL support?

On Mon, 9 Jun 2014, Philip Prindeville wrote: On Jun 9, 2014, at 3:36 PM, John Hardin wrote: On Mon, 9 Jun 2014, Axb wrote: On 06/09/2014 10:46 PM, Philip Prindeville wrote: I’d like to add a plugin (and eventually share it once the bugs are out) that uses either Net::CIDR::Lite to allow

Re: add_header all Date of Scan _DATE_

On Mon, 2014-06-09 at 05:49 +0200, Karsten Bräckelmann wrote: > Found the culprit after some digging. Bug 6915 [1], revision 1453407. As > a band-aid, the following trivial one-line patch fixes it. Can easily be > applied manually. > > Since it is kind of way past "getting late" here, and there ma

Re: add_header all Date of Scan _DATE_

On Mon, 2014-06-09 at 09:23 +0200, Matus UHLAR - fantomas wrote: > On 09.06.14 05:49, Karsten Bräckelmann wrote: > > Found the culprit after some digging. Bug 6915 [1], revision 1453407. As > > a band-aid, the following trivial one-line patch fixes it. Can easily be > > applied manually. > > can t

Re: Can't keep up with spam from SolarVPS sites

On Jun 9, 2014, at 4:25 PM, John Hardin wrote: > On Mon, 9 Jun 2014, Philip Prindeville wrote: > >> http://mabsut.com/20220362/vuxtxumsrnsst6unlornt3umtfuwznvv~5v0nmro0ysnx_u_usqzxsrwlln_t_t_tomtdyumplnl_ts_tn_ttce/unnt7uqs_mrn_ttdfw3yuw_h_03xo_gl_67_8gw_buutxveumpomte3yuo_tlltcx3yumsrns

Re: add_header all Date of Scan _DATE_

On Tue, 2014-06-10 at 02:03 +0200, Karsten Bräckelmann wrote: > On Mon, 2014-06-09 at 09:23 +0200, Matus UHLAR - fantomas wrote: > > can that by any chance fix problem with Date: in mail received by SSL ? > > That one behaves similarly... > > > > http://mail-archives.apache.org/mod_mbox/spamassas

Re: Can't keep up with spam from SolarVPS sites

On Mon, 9 Jun 2014, Amir Caspi wrote: On Jun 9, 2014, at 4:25 PM, John Hardin wrote: On Mon, 9 Jun 2014, Philip Prindeville wrote: http://mabsut.com/20220362/vuxtxumsrnsst6unlornt3umtfuwznvv~5v0nmro0ysnx_u_usqzxsrwlln_t_t_tomtdyumplnl_ts_tn_ttce/unnt7uqs_mrn_ttdfw3yuw_h_03xo_gl_67_8gw_b

Re: Can't keep up with spam from SolarVPS sites

On Jun 9, 2014, at 4:25 PM, John Hardin wrote: > On Mon, 9 Jun 2014, Philip Prindeville wrote: > >> We’re getting a lot of spam that contains URL’s which look like (remove >> the ): >> >> http://mabsut.com/20220362/vuxtxumsrnsst6unlornt3umtfuwznvv~5v0nmro0ysnx_u_usqzxs

Re: Forged yahoo and mass mailers

Hi, > > is enough for it to hit FORGED_YAHOO_RCVD and L_UNVERIFIED_YAHOO, > > causing it to be marked as spam. > > Scores of 1.63 and 2.5 respectively, according to your sample. With a > total score of 6.995, it is the latter one pushing it over the 5.0 > threshold, not the first one. > > Moreover

Re: Can't keep up with spam from SolarVPS sites

On Jun 9, 2014, at 7:11 PM, David B Funk wrote: > Just beware of FPs, I've seen some ugly URLs from things like airline > reservation confirmations. (spammers are getting better at stealing > features from legit messages to protect their garbage). FWIW, I haven't had a single FP on that or any o

Re: Forged yahoo and mass mailers

Hi, On Mon, Jun 9, 2014 at 11:27 AM, Kevin A. McGrail wrote: > On 6/8/2014 10:49 PM, Alex wrote: > > I have a few messages that have been incorrectly tagged because the > sender used their yahoo address as the sender, but used a mass mailer ( > contactbeacon.com) to send their newsletter for t

auto-learn

Since having to wipe my bayes db I've thought about going back to having 'auto-learn' setup for awhile. It's been so long since I did this I have a fairly dumb question. Do I need the two below lines to be set and if so is this the correct setting? Anything here about a score of 5 is considered spa

Re: Forged yahoo and mass mailers

On Mon, 2014-06-09 at 21:40 -0400, Alex wrote: > > For amusement, search google for UNVERIFIED_YAHOO (and insist you really > > mean it literally with the underscore rather than two words). > This was a set of rules created by Mark back in 2011. Thanks for not > flaming me. Heh. ;) Sorry, but I

Re: auto-learn

On Mon, 2014-06-09 at 21:40 -0500, Chris wrote: > Since having to wipe my bayes db I've thought about going back to having > 'auto-learn' setup for awhile. It's been so long since I did this I have > a fairly dumb question. Do I need the two below lines to be set and if > so is this the correct set

Re: Forged yahoo and mass mailers

Hi, > This was a set of rules created by Mark back in 2011. Thanks for not > > > flaming me. > > Heh. ;) > > Sorry, but I kind of expect some due diligence, in particular by long > time and experienced community members. Coming across blatantly obvious > cases of local rules being complained about

Re: auto-learn

On Tue, 2014-06-10 at 05:13 +0200, Karsten Bräckelmann wrote: > On Mon, 2014-06-09 at 21:40 -0500, Chris wrote: > > Since having to wipe my bayes db I've thought about going back to having > > 'auto-learn' setup for awhile. It's been so long since I did this I have > > a fairly dumb question. Do I

Re: DMARC policy check with AskDNS posible?

On Jun 7, 2014, at 9:49 PM, Christian Laußat wrote: > Am 07.06.2014 19:55, schrieb Franck Martin: >> As DMARC provide a feedback mechanism to the sender, then it is up to >> the sender to deal with these issues, you are just following their >> policy, you don’t need to or have to to second gues

Re: DMARC policy check with AskDNS posible?

Am 10.06.2014 05:53, schrieb Franck Martin: This is not correct. I think it is strange to claim that yahoo or aol, being a co-creator of DMARC and having outstanding engineers in the profession do not know what they are doing. I think that those (co-)creators of DMARC must be different people t