David B Funk writes:
> While grubbing thru messages in one of my spam traps I came across one
> that had negative scores from:
> -2.2 RCVD_IN_IADB_VOUCHED RBL: ISIPP IADB lists as vouched-for sender
> -0.5 KHOP_RCVD_TRUSTDNS-Whitelisted sender is verified
>
> Since it also hit RAZOR2_CF_RANGE_E8_51_100 & RAZOR2_CF_RANGE_51_100
> it didn't get learned as ham, but it still generated a FP.
>
> Is this worth reporting to somebody? Should that IADB be trustworthy
They say they are. But they all say that (it's how thet earn money).
If you want to go any further, you should read the mail and decide by
yourselve how you classify it. Obviously someone thought it was spam and
reported to razor, but the sender has been paying ISIPP and think they
are legitimate.
Best regards,
Olivier
> or should I contribute this sort of spam to the scoring engine to
> get that -2.2 adjusted down?
>
> It is kind of interesting to track the history of spamtrap fodder.
> These are addresses that were mutations of legit business addresses
> that I noticed regularly bouncing spam. So I created a "catchall"
> (luser relay) handler for them and started tracking the spam fodder.
> At first it was clearly just garbage spam but gradually mutated
> as spammers sold their address lists to others and now it's gotten
> up to legit looking businesses (Verizon, AT&T, PayPal, etc) throwing
> their stuff into this spamtrap (IE drank the cool-aid).
--
