Re: The word on messages w/ no Message-Id
Am 29.09.2015 um 23:45 schrieb coolhandluke:
based on just what i've found in the last 10 minutes, i would be very
careful about scoring anything related to {invalid|missing|extra}
headers too high. definitely test your rules extensively (with very low
scores) before rolling them out to production!
you need to train your bayes at the same time and raise the neagtive
score of BAYES_00-BAYES_20 - a spamfilter is always a adaptive system
here the combination if missing MID/DATE with a good bayes is never a
problem and in combiantion with a high spam-byes core a clear sign for
mails to reject (yes all spamass-milter rejects are reviewed careful)
signature.asc
Description: OpenPGP digital signature
Re: The word on messages w/ no Message-Id
On 2015-09-28 14:32, Joe Quinn wrote:
If you don't want to be getting those emails, they are spam and you
should score it something reasonable that doesn't prevent you getting
other desired messages. While I don't have any specific examples of
ham without Message-ID, it's not a stretch to imagine they exist. I
personally wouldn't write that rule.
out of curiosity, i decided to grep my inbox for e-mails without any
message-id: header. i found 37 e-mails without a message-id out of a
total of 1144.
29 - domain {renewal|transfer}-related e-mails all from godaddy
5 - spam
2 - receipts from apple retail stores
1 - newsletter from the local credit union
it would have been a major inconvenience if these 37 messages had been
marked as spam (well, the domain-related e-mails and receipts, at
least).
i should note, however, that each of these 37 e-mails matched the
MISSING_MID rule with a score of 0.14.
on a related note, i sometimes receive messages missing the Date: header
(which *is* required by rfc5322). several months ago, i began testing
scoring/blocking them only to discover that level3.com (one of my
upstream transit providers) was sending out some rather important
notification e-mails without a Date: header. even though they were in
violation of rfc, i still couldn't do anything about it because i needed
to receive those notices.
also, out of those 1144 e-mails currently in my inbox, seven (all
receipts from atlantic.net's billing system) contain two Date: headers.
based on just what i've found in the last 10 minutes, i would be very
careful about scoring anything related to {invalid|missing|extra}
headers too high. definitely test your rules extensively (with very low
scores) before rolling them out to production!
/chl
Re: The word on messages w/ no Message-Id
On Mon, 28 Sep 2015, Philip Prindeville wrote:
I’m getting a lot of messages from head-hunters, my wife’s auto dealership,
etc. that look like they’re being generated by legitimate [sic] email
campaigns, but they don’t have a message-id.
Since the message-id needs to be universally unique, the general guidelines are
that it be generated by the originator using a locally-unique value
concatenated with the originator’s identity (which as a domain name, should be
globally unique) thus guaranteeing universal uniqueness.
RFC-5322 says the “Message-ID” SHOULD be present, and per Section 3.6.4:
[snip..]
Extracting the operative text: "The "Message-ID:" field provides a unique
message identifier that refers to a particular version of a particular message. The
uniqueness of the message identifier is guaranteed by the host that generates it […]. The
message identifier (msg-id) itself MUST be a globally unique identifier for a message.”
Obviously a missing Message-ID is hardly unique, and hence this requirement is
not being fulfilled.
Does this warrant scoring the message severely?
I say “yes”.
Anyone else?
-Philip
Been there, tried that, got burned by the FPs, tried rules that hit non-RFC
compliance for Message-IDs, burned by even more FPs.
(people tend to get pissed when their airline reservation messages get
spam-score Junked).
So have some low-scoring rules for missing/bad M-IDs, but not heavily scored.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
Re: The word on messages w/ no Message-Id
On Mon, 28 Sep 2015 12:22:20 -0600 Philip Prindeville wrote: > I’m getting a lot of messages from head-hunters, my wife’s auto > dealership, etc. that look like they’re being generated by legitimate > [sic] email campaigns, but they don’t have a message-id. Yes, we see that quite a bit. > RFC-5322 says the “Message-ID” SHOULD be present, and per Section > 3.6.4: [... big chunk snipped ...] It wasn't really necessary to quote that much of the RFC. > Does this warrant scoring the message severely? > I say “yes”. It's up to you. Are you trying to stop spam? Or punish those who ignore RFCs? Because the two goals are not necessarily the same. Here's some data. In our logs today, we have seen about 146,000 messages that lacked a Message-Id: header. Of those, about 74000 were caught as spam (due to other rules) and about 72000 were accepted. That doesn't mean that the 72000 accepted messages were definitely not spam, but I think we would have heard from our customers had a significant number been spam. So: No, I do not think lack of a Message-Id: header warrants scoring the message "severely". Maybe a point or so. Regards, Dianne.
Re: The word on messages w/ no Message-Id
On 9/28/2015 2:22 PM, Philip Prindeville wrote: Though listed as optional in the table in section 3.6, every message SHOULD have a "Message-ID:" field. Furthermore, reply messages SHOULD have "In-Reply-To:" and "References:" fields as appropriate and as described below. This is much more plain-english and clearly says SHOULD, so my interpretation of the rest would be what MUST be done IF "Message-ID" is present. In any event, RFC compliance is orthogonal to being spam or ham and at the end of the day, SA is an "I don't want this email" spam classifier and not an RFC validator. If you don't want to be getting those emails, they are spam and you should score it something reasonable that doesn't prevent you getting other desired messages. While I don't have any specific examples of ham without Message-ID, it's not a stretch to imagine they exist. I personally wouldn't write that rule.
