Re: MSGID_BELONGS_RECIPIENT and DKIMWL

2024-06-21 Thread Alex 
Kris, thanks so much for the direction. It was enough for me to investigate
and make some changes. I hadn't realized I still had Paul Stead's rules
locally as well as updated rules in SA proper.

Thanks,
Alex

On Thu, Jun 20, 2024 at 11:23 AM Kris Deugau  wrote:

> Alex wrote:
> > Hi,
> >
> > I had an obit email very unfortunately get tagged as spam for what
> > appears to be the result of a few DKIMWL rules and
> MSGID_BELONGS_RECIPIENT.
> >
> >   *  1.0 DKIMWL_BULKMAILER_LOW ASKDNS: DKIMwl.org - Low scoring
> bulkmailer
> >   *  [tbias-com.20230601.gappssmtp.com.lookup.dkimwl.org
> >  A:127.0.2.1]
>
> Not a stock rule.
>
>
> >   *  1.5 DKIMWL_BL ASKDNS: DKIMwl.org - Low trust sender
> >   *  [tbias-com.20230601.gappssmtp.com.lookup.dkimwl.org
> >  A:127.0.2.1]
>
> The lookup result looks to have shifted somewhat from "low" to "low-med":
>
> $ host tbias-com.20230601.gappssmtp.com.lookup.dkimwl.org
> tbias-com.20230601.gappssmtp.com.lookup.dkimwl.org has address 127.0.2.2
>
> however it looks likely you've redefined the rule, so it's not behaving
> as per stock or per DKIMwl.org's usage guidelines: http://dkimwl.org/usage
> .
>
> The stock version of this rule should only match results ending in .0.
>
>
> >   *  1.0 MSGID_BELONGS_RECIPIENT Message-ID domain belongs to recipient
>
> Also not a stock rule.  It's difficult to tell with the redactions in
> the pastebin, but it also appears to be misfiring.  You'll have to post
> unredacted headers along with the rule details for specific help.
>
>
> > How reliable are the DKIMWL_ rules? They seem to hit a lot of ham,
>
> That's the intention.  They're to help otherwise legitimate senders that
> may send spammier content still get through.
>
> I've scored them to an advisory -0.001 locally, as I had a few too many
> cases of outright abuse of an otherwise fairly clean platform to send
> scams.  It's been easier to deal with the resulting occasional false
> positive one at a time instead.
>
> -kgd
>

Re: MSGID_BELONGS_RECIPIENT and DKIMWL

2024-06-20 Thread Kris Deugau 

Alex wrote:

Hi,

I had an obit email very unfortunately get tagged as spam for what 
appears to be the result of a few DKIMWL rules and MSGID_BELONGS_RECIPIENT.


  *  1.0 DKIMWL_BULKMAILER_LOW ASKDNS: DKIMwl.org - Low scoring bulkmailer
  *      [tbias-com.20230601.gappssmtp.com.lookup.dkimwl.org 
 A:127.0.2.1]


Not a stock rule.



  *  1.5 DKIMWL_BL ASKDNS: DKIMwl.org - Low trust sender
  *      [tbias-com.20230601.gappssmtp.com.lookup.dkimwl.org 
 A:127.0.2.1]


The lookup result looks to have shifted somewhat from "low" to "low-med":

$ host tbias-com.20230601.gappssmtp.com.lookup.dkimwl.org
tbias-com.20230601.gappssmtp.com.lookup.dkimwl.org has address 127.0.2.2

however it looks likely you've redefined the rule, so it's not behaving 
as per stock or per DKIMwl.org's usage guidelines: http://dkimwl.org/usage.


The stock version of this rule should only match results ending in .0.



  *  1.0 MSGID_BELONGS_RECIPIENT Message-ID domain belongs to recipient


Also not a stock rule.  It's difficult to tell with the redactions in 
the pastebin, but it also appears to be misfiring.  You'll have to post 
unredacted headers along with the rule details for specific help.




How reliable are the DKIMWL_ rules? They seem to hit a lot of ham,


That's the intention.  They're to help otherwise legitimate senders that 
may send spammier content still get through.


I've scored them to an advisory -0.001 locally, as I had a few too many 
cases of outright abuse of an otherwise fairly clean platform to send 
scams.  It's been easier to deal with the resulting occasional false 
positive one at a time instead.


-kgd