[Declude.JunkMail] Another automated e-mail fails BADHEADERS

2003-08-27 Thread Marc Catuogno 
It's a shame because I was catching a great deal more spam, but I may have
to back off on the weight of this test.  This looks like a log file that one
guy has e-mailed from a D-link router.  Why don't companies have this stuff
compliant.  sigh


Received: from DI-604 [65.41.30.4] by mail.prudentialrand.com
  (SMTPD32-7.15) id A52966300A0; Wed, 27 Aug 2003 11:58:33 -0400
From: [EMAIL PROTECTED]
Subject: [SPAM]DI-604 Log
Sender: DI-604
To: [EMAIL PROTECTED]
Message-Id: [EMAIL PROTECTED]
X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client
[c020020c].
X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam
[c020020c].
X-RBL-Warning: WEIGHT10: Weight of 22 reaches or exceeds the limit of 10.
X-Declude-Sender: [EMAIL PROTECTED] [65.41.30.4]
X-Declude-Spoolname: Dd529066300a0a1b4.SMD
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for
spam.
X-Spam-Tests-Failed: BADHEADERS, IPNOTINMX, SPAMHEADERS, NOLEGITCONTENT

---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Another automated e-mail fails BADHEADERS

2003-08-27 Thread Matthew Bramble 
There's not even a date header in that message.  What would an E-mail 
client even do with that?  1969?

I probably switched from Scott's methodologies very early on, requiring 
a message to fail BADHEADERS, SPAMHEADERS (combined score of 8) plus at 
least one other test before it gets rejected with a score of 10.  This 
actually still works pretty reliably and allows a lot of the poorly 
configured automated stuff get through.  If I failed on just those two 
tests, I would false reject more than double the rate that I am now 
(like Scott said, this is based on the types of customers I have and 
where they get their E-mail from).

The reason why I changed the methodology was because I noticed early on 
that almost all E-mail that failed BADHEADERS also fails SPAMHEADERS, so 
I'm essentially treating those two tests as one with the lower scoring 
on each.

Matt

Marc Catuogno wrote:

It's a shame because I was catching a great deal more spam, but I may have
to back off on the weight of this test.  This looks like a log file that one
guy has e-mailed from a D-link router.  Why don't companies have this stuff
compliant.  sigh
Received: from DI-604 [65.41.30.4] by mail.prudentialrand.com
 (SMTPD32-7.15) id A52966300A0; Wed, 27 Aug 2003 11:58:33 -0400
From: [EMAIL PROTECTED]
Subject: [SPAM]DI-604 Log
Sender: DI-604
To: [EMAIL PROTECTED]
Message-Id: [EMAIL PROTECTED]
X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client
[c020020c].
X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam
[c020020c].
X-RBL-Warning: WEIGHT10: Weight of 22 reaches or exceeds the limit of 10.
X-Declude-Sender: [EMAIL PROTECTED] [65.41.30.4]
X-Declude-Spoolname: Dd529066300a0a1b4.SMD
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for
spam.
X-Spam-Tests-Failed: BADHEADERS, IPNOTINMX, SPAMHEADERS, NOLEGITCONTENT
 

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.