Re: Geniuses at expedia.com
On Thu, Aug 06, 2009 at 01:50:45PM -0700, Mike Cappella wrote: On 8/6/09 6:31 AM, Mark Martinec wrote: No it doesn't. Header fields names are case-insensitive. A space after : is shown in every example in 2822, but I don't see a requirement that it be there. It is extremely unusual not to see it. There is no requirement for a space after a colon. (but yes, the rest of the header field body is wrong) Perhaps useful, this has proven to be 100% no FP over the past 3 years # From w/tab header L_TAB_IN_FROMALL =~ /\nFrom:\t/s score L_TAB_IN_FROM6 ymmv Pretty good here.. OVERALLSPAM% HAM% S/ORANK SCORE NAME 024942799550.238 0.000.00 (all messages) 0.676 2.7504 0.02880.990 0.000.01 T_TAB_IN_FROM For some reason all the FPs appeared to come through MailScanner. Seems it liked to delimit all headers with tabs? Wonder what was that.. maybe some old version bug. Mind if I put that in SA mass checks?
Re: Geniuses at expedia.com
header L_TAB_IN_FROM ALL =~ /\nFrom:\t/s - header L_TAB_IN_FROM From:raw =~ /^\t/m Mark
Re: Geniuses at expedia.com
On 8/6/09 11:44 PM, Henrik K wrote: Pretty good here.. OVERALLSPAM% HAM% S/ORANK SCORE NAME 024942799550.238 0.000.00 (all messages) 0.676 2.7504 0.02880.990 0.000.01 T_TAB_IN_FROM For some reason all the FPs appeared to come through MailScanner. Seems it liked to delimit all headers with tabs? Wonder what was that.. maybe some old version bug. Mind if I put that in SA mass checks? Good to see other's stats. Go ahead, its all yours. This was a real hitter a while back; it has slowed somewhat of late. On 8/7/09 4:45 AM, Mark Martinec wrote: header L_TAB_IN_FROM ALL =~ /\nFrom:\t/s - header L_TAB_IN_FROM From:raw =~ /^\t/m Thanks Mark. Much nicer. -- Mike
Re: Geniuses at expedia.com
tests=[BAYES_00=0.1, DCC_CHECK=1.5, DCC_REPUT_60_69=0.1, HTML_MESSAGE=0.001, INVALID_DATE=1.245, MIME_HTML_ONLY=0.957, NO_REAL_NAME=1, RELAY_COUNTRY_US=0.001, SARE_OEM_S_PRICE=1, SPF_SOFTFAIL=1] autolearn=no received:from Why positive score for BAYES_00? It's supposed to mean that the mail is HAM.
Re: Geniuses at expedia.com
tests=[BAYES_00=0.1, DCC_CHECK=1.5, DCC_REPUT_60_69=0.1, HTML_MESSAGE=0.001, INVALID_DATE=1.245, MIME_HTML_ONLY=0.957, NO_REAL_NAME=1, RELAY_COUNTRY_US=0.001, SARE_OEM_S_PRICE=1, SPF_SOFTFAIL=1] autolearn=no received:from On 06.08.09 09:36, Jari Fredriksson wrote: Why positive score for BAYES_00? It's supposed to mean that the mail is HAM. because he apparently uses own scoreset with different scores: score INVALID_DATE 2.303 1.651 1.329 1.245 score SPF_SOFTFAIL 2.301 0.654 0.698 0.596 score DCC_CHECK 0 1.37 0 2.17 score MIME_HTML_ONLY 2.299 1.672 1.925 1.457 DCC_CHECK and MIME_HTML_ONLY have higher default scores than he uses... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. It's now safe to throw off your computer.
Re: Geniuses at expedia.com
Michael Scheidell scheid...@secnap.net wrote: and did you ever hear of Y2K? can't you afford to send out two more digits in the year? date:31 Jul 09 10:13 -0800 Do they really write date: instead of Date:? That violates RFC 2822. A space after : is shown in every example in 2822, but I don't see a requirement that it be there. It is extremely unusual not to see it. The two-digit year is obs-year, and MUST NOT be used to generate messages, but MUST be honored when interpreting messages. Hm. Is the Expedia server really in Alaska? I think that's the only place in timezone -0800 this time of year. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology
Re: Geniuses at expedia.com
Joseph Brennan writes: date:31 Jul 09 10:13 -0800 Do they really write date: instead of Date:? That violates RFC 2822. No it doesn't. Header fields names are case-insensitive. A space after : is shown in every example in 2822, but I don't see a requirement that it be there. It is extremely unusual not to see it. There is no requirement for a space after a colon. (but yes, the rest of the header field body is wrong) Mark
Re: Geniuses at expedia.com
The geniuses send their regards; they are a customer so I pinged them: Hi Neil, Thanks for heads-up. I've forwarded the information to our corporate domain/smtp management folks. Sincerely, MUNGED Lead Operations Manager, EWW Database Marketing On 06/08/09 9:23 AM, Joseph Brennan bren...@columbia.edu wrote: Michael Scheidell scheid...@secnap.net wrote: and did you ever hear of Y2K? can't you afford to send out two more digits in the year? date:31 Jul 09 10:13 -0800 Do they really write date: instead of Date:? That violates RFC 2822. A space after : is shown in every example in 2822, but I don't see a requirement that it be there. It is extremely unusual not to see it. The two-digit year is obs-year, and MUST NOT be used to generate messages, but MUST be honored when interpreting messages. Hm. Is the Expedia server really in Alaska? I think that's the only place in timezone -0800 this time of year. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology -- Neil Schwartzman Director, Certification Security Standards Return Path Inc. 0142002038
Re: Geniuses at expedia.com
On 8/6/09 6:31 AM, Mark Martinec wrote: No it doesn't. Header fields names are case-insensitive. A space after : is shown in every example in 2822, but I don't see a requirement that it be there. It is extremely unusual not to see it. There is no requirement for a space after a colon. (but yes, the rest of the header field body is wrong) Perhaps useful, this has proven to be 100% no FP over the past 3 years # From w/tab header L_TAB_IN_FROMALL =~ /\nFrom:\t/s score L_TAB_IN_FROM6 ymmv -- Mike