On Mon, 17 Sep 2018 15:22:48 -0400
"Kevin A. McGrail" wrote:
[snip]
> Good to know. Did the Makefile.PL gracefully tell you that your
> Makemaker was too old?
It did indeed, which made the fix very simple. Thanks for your hard work!
Regards,
Dianne.
On Mon, 17 Sep 2018 13:22:32 -0400
"Kevin A. McGrail" wrote:
> I'd be pretty shocked if you have to do very much to that src rpm for
> 3.4.1 to get 3.4.2 working.
I ran into one gotcha on (ancient) Debian 5; the version of
ExtUtils::MakeMaker was too old. Installing from CPAN did the trick. I'
On Mon, 17 Sep 2018 09:46:19 + (UTC)
Pedro David Marco wrote:
> To my remember Dianne Skoll was in his list...
Hello...
> Does anyone know whether she is still maintaining MIME::Tools ?
Yep, I am.
Regards,
Dianne.
On Wed, 2 May 2018 15:32:50 -0500 (CDT)
David B Funk wrote:
[...]
> The first three terminations weren't good enough, so we're going to
> do it one more time. And if -that- one doesn't do it, we'll proceed
> to the final ultimate termination...
As in "I'm not dead yet!" from Spamalot? :)
Regra
On April 29, 2018 11:11:18 PM EDT, Linda Walsh wrote:
> Except users who have their own rules are not likely
>doing it in the context of the initial choice of whether or
>not to accept the email onto the server.
They do in our system.
> I.e. it "should" never be the case that use
On Fri, 27 Apr 2018 15:18:28 -0500 (CDT)
David B Funk wrote:
> If you have that many different classes of recipients, just set the
> number of allowed recipients/transaction to one and be done with it.
That will cause mail failures. It's not *supposed* to, but I know
from experience it will. S
On Fri, 27 Apr 2018 14:39:43 -0500 (CDT)
David B Funk wrote:
[snip]
> Define two classes of recipients:
>class A == all users who want everything
>class B == all users who want "standard" filtering
This works if you have a limited number of classes, but in some cases
users can make thei
Hi,
I have reluctantly come to the conclusion that in some cases, it is
necessary to silently drop spam rather than reject it. This is the
situation:
An email comes in for two recipients in one SMTP trasaction (ie,
a MAIL, two RCPTs and then DATA).
One recipient's rules say to accept. The othe
On Thu, 26 Apr 2018 13:41:05 -0700
L A Walsh wrote:
> To my way of thinking, dropping someone else's email,
> telling the sender the email is being rejected for having
> spam-like characteristics and telling the recipient nothing
> seems like it might have legal liability for the for the
> user p
On Mon, 9 Apr 2018 09:56:20 -0500
David Jones wrote:
> On 04/09/2018 09:44 AM, Reindl Harald wrote:
> > you simply don't want connect to every innocent MX which inbound
> > mail is forged because for the sake of god you are attacking the
> > victim of spoofed mails and you are easily part of a di
On Wed, 4 Apr 2018 17:16:04 +0200
Tom Hendrikx wrote:
> Sounds like a mimedefang question, not a spamassassin one. But did you
> restart mimedefang after adding the rule?
You can force MIMEDefang to reread everything without restarting it:
md-mx-ctrl reread
Regards,
Dianne.
Thank you everyone. I hope this leads to good things for email filtering.
> Sorry, but what is AppRiver, and what is Roaring Penguin, and who is
> Dianne?
Answers to those questions are all a Google query away.
It is off-topic for Spamassassin, I grant you, and hence the OT: tag.
Thank you agai
On Tue, 3 Apr 2018 11:21:35 -0400
Rob McEwen wrote:
> Thanks for all you do! And good luck with that. But there are a few
> potential problems. When I analyzed Google's shortners about a month
> ago, I found that a VERY large percentage of the most malicious
> shortened URLs were a situation w
On Tue, 3 Apr 2018 11:09:38 -0300
Leandro wrote:
> This means, for example, your system do 10 queries at same second,
> then the query frequency is 100ms.
In SI units, frequency has the unit s^(-1) and period has the unit s,
where s stands for "second"
So 100ms is the period, and 10/s is the fr
On Mon, 26 Feb 2018 00:07:54 -0600 (CST)
David B Funk wrote:
> So my bet is that the spammers are crafty enough to check things like
> browser referrer, cookies, etc to detect/differentiate a browser vs a
> link-checker.
Yep. You need to fake your User-Agent (not hard) and put a limit on
the nu
On Wed, 21 Feb 2018 12:41:05 -0700
Amir Caspi wrote:
> On that note -- regardless of what OTHER HW/SW solutions might do,
> since this is a SpamAssassin mailing list ... is there any facility
> to implement this in SA?
Someone earlier posted a link to https://github.com/smfreegard/DecodeShortURL
On Wed, 21 Feb 2018 16:48:40 +
Anthony Cartmell wrote:
> If you mean following URLs in messages, you do need to be aware that
> this can break one-time login links.
Big time. That's why you only want to do it for URLs that are
absolutely known to be shortened URLs. You have to keep a list
On Wed, 21 Feb 2018 16:35:27 +
Karol Augustin wrote:
> I think the point here might be that if Google acted promptly on abuse
> spammers would stop using shorteners.
True, that might happen. OTOH, I see about as many spams with bit.ly
shorteners as goo.gl shorteners which is not what one mi
On Wed, 21 Feb 2018 11:29:00 -0500
Rob McEwen wrote:
> Nevertheless, it is a shame to have to shift more of the burden onto
> spam filters to do more work (some of which requires MORE latency) -
> in order to partly mitigate Google's failure to prevent/correct the
> abuse.
Yes, I agree. On the
On Wed, 21 Feb 2018 11:00:48 -0500
Rob McEwen wrote:
> > [Expanding shorteners] been part of our practice for about a year now.
> Excellent! I wish others would be as innovative and on top of things
> as you are! Unfortunately, your statement doesn't alter my point you
> were replying to, even o
On Wed, 21 Feb 2018 10:58:17 -0500
Rob McEwen wrote:
> On 2/21/2018 10:37 AM, Dianne Skoll wrote:
> > The concern voiced in another email about overloading Google's
> > infrastructure is quite charming and quaint.
> My concern was NEVER about overloading google.
I
Hi,
> mimedefang.pl[10245]: w1K87JOB027594: action_drop_with_warning called
> outside of filter context
> then the attachment was not dropped.
> here is my filter:
Please read mimedefang-filter man page very carefully.
Regards,
Dianne.
On Wed, 21 Feb 2018 02:30:40 -0500
Rob McEwen wrote:
> (a) it might not "scale" for high volume mail flows and DNSBLs who,
> like invaluement, process dozens (or more) spams per second.
We use HEAD requests to expand known URL-shorteners on a cluster that
peaks around 60 msgs/s
> (b) and this i
On Tue, 20 Feb 2018 23:38:53 -0700
"@lbutlr" wrote:
> As I suspected, it is possible to get the goo.gl target URL without
> loading the site, though using curl is probably not realistic in this
> specific case.
We do a HEAD request and it works on most URL shorteners.
The concern voiced in anot
On Thu, 15 Feb 2018 16:06:40 +0100
Matus UHLAR - fantomas wrote:
> >Or if you like using your ISP's servers, most DNS server software
> >lets you forward by default but make exceptions for specific
> >domains.
> although possible, this does not make sense IMHO.
It makes a lot of sense, IMO.
On Wed, 14 Feb 2018 14:05:54 -0800 (PST)
John Hardin wrote:
> This detail always gets glossed over: set up a local NON-FORWARDING
> resolver.
> If you set up a local resolver and it just forwards requests to your
> ISP's DNS servers, you have not materially changed the problem.
Or if you like
On Fri, 26 Jan 2018 11:49:07 -0800
Ted Mittelstaedt wrote:
[snip]
> Do you think this approach might work?
Not any better than Bayes. All your "spam archetype" examples are
already easy to stop; we whack them all handily with Bayes. The
annoying ones are more like:
Subject: hi
Subject: 'sup
On Thu, 25 Jan 2018 05:19:38 -0500
Bill Shirley wrote:
> I'm all for tightening up standards compliance with email, but what I
> would see if this would happen is a request from my customers saying:
> Bob'semails (b...@bad-spf.com) are going to the spam folder; whitelist
> him please Bob's email
On Wed, 24 Jan 2018 14:20:57 -0800 (PST)
John Hardin wrote:
> > At this point, I would be willing to penalize sites with bad SPF
> > records (syntactically invalid; more than one different SPF record
> > attached to the same domain, etc.) Those people really deserve
> > penalties because they've
At this point, I would be willing to penalize sites with bad SPF
records (syntactically invalid; more than one different SPF record
attached to the same domain, etc.) Those people really deserve
penalties because they've messed up.
I would not be willing to penalize sites with *no* SPF at all jus
On Wed, 24 Jan 2018 19:01:28 +
Vincent Fox wrote:
> SPF is a zombie legacy that someone should shoot in
> the head.
+1
> Maybe then we could design something that
> is useful for what we all desire, which is properly
> authenticating senders.
We cannot authenticate senders and keep SMTP as
On Sat, 20 Jan 2018 00:33:32 -0500
"Bill Cole" wrote:
> On 19 Jan 2018, at 20:02 (-0500), jdow wrote:
> > After your first time being a victim of cyberstalking you'll soon
> > enough wish your "from" line was as generic as mine. People who put
> > their full name in the From: line haven't been m
On Thu, 18 Jan 2018 16:01:13 -0500
Chip wrote:
> I'm tied to a Cpanel/WHM VPS which can't be changed.
That's a problem. It's like having someone require you to play
Hungarian Rhapsody while wearing mittens. I mean sure... maybe it's
possible, but why would you try?
Is there no possibility of
On Wed, 27 Dec 2017 19:21:32 +0100
Reindl Harald wrote:
> > At most, I would do a HEAD on a URL and not a GET. HEAD is
> > probably safer and will usually tell you if the link is a redirect
> no, for the web application it's typically transparent because the
> whole purpose of HEAD is that yo
On Wed, 27 Dec 2017 12:47:00 -0500
Alex wrote:
> It [fetching URLs] would also probably lead to inadvertently
> unsubscribing people from mailing lists.
Yes, if the lists use badly-written mailing list software.
At most, I would do a HEAD on a URL and not a GET. HEAD is probably safer
and will
On Wed, 27 Dec 2017 07:50:38 -0800 (PST)
John Hardin wrote:
> > Hi, is there anything available that can follow a link to either
> > test it itself for its reputation or RBL, or somehow add points to
> > an email that contains a link that just redirects?
> That's unfortunately a way to trigger t
On Wed, 06 Dec 2017 14:37:28 +0100
Benny Pedersen wrote:
> http://www.postfix.org/postconf.5.html#message_strip_characters
That won't work because the doc says:
Note 1: this feature does not recognize text that requires MIME
decoding. It inspects raw message content, just like header_ch
On Thu, 9 Nov 2017 17:02:52 +
Gary Smith wrote:
> I could be absolutely wrong but isn't bayes a hash of the string
> parts which is part of the performance of bayes?
Part right, part wrong. The SpamAssassin Bayes implementation does
hash tokens. But it doesn't improve performance measurabl
Hi,
In case anyone wants an actual sample: https://pastebin.com/raw/R3b0UHsB
Regards,
Dianne.
On Wed, 8 Nov 2017 11:49:38 -0800 (PST)
Jim Dunphy wrote:
> header J_BAD_CONTYPE Content-Type !~
> /^(application|audio|image|message|multipart|text|video|x-)/i
For messages that lack a content type header, I guess you need the
[if-unset:] tag at the end: [if-unset: text/plain]
I know those m
On Wed, 8 Nov 2017 11:02:16 -0500
Rob McEwen wrote:
> This seems to be catching most of them:
> Subject: Invoice [A-Z]{2,3}\d{7}\b
Yes, that'll work. Maybe a better approach is a combo rule that looks
in the headers for Content-Type: .*art/mixed but NOT multipart/mixed
I don't know offhand ho
Hi,
Heads-up: We're seeing weird new malware with a subject that looks like
Invoice XXX
where XXX is two or three random upper-case letters and n is a series
of digits. What's weird is that the Content-Type: header looks like this:
Content-Type: multXXXart/mixed
where the XXX is th
On Wed, 27 Sep 2017 14:24:52 -0500
David Jones wrote:
> Sure. It's not specific to toyrus.com but typically subdomains like
> *.toysrus.com won't include Office 365 so they are candidates for
> whitelist_auth entries.
Ah, gotcha. I was missing that point.
Regards,
Dianne.
On Wed, 27 Sep 2017 13:24:16 -0500
David Jones wrote:
> Alex brought something interesting to my
> attention that I think is worth passing along. The SPF record for
> email.toysrus.com is pretty sloppy. It includes other SPF records
> that contain Office 365's servers.
I don't think that's
On Fri, 22 Sep 2017 10:43:57 -0700 (PDT)
John Hardin wrote:
> > Are you suggesting people send you their email for scanning? If so,
> > I'd say nobody in their right mind should be interested, for
> > obvious reasons of privacy. It would also be illegal where I live.
> He was only proposing the
On Fri, 22 Sep 2017 08:40:50 -0700
Marc Perkel wrote:
> The next level would be sending the message headers and eventually -
> the full message.
Why would anyone do that as opposed to just purchasing your commercial
spam filtering service? If someone wants to offload spam-detection,
they might
Hi, again,
Aha...
https://cron-job.org/en/spam-statement/
They are victims of a joe-job.
Regards,
Dianne.
On Thu, 14 Sep 2017 11:27:27 -0700
"Loren Wilton" wrote:
> Other than being obvious spam, they seem to be set up as though they
> were legitimate commercial mailing list stuff, often containing
> things like contact-id and the like in the links.
> Is anyone else seeing these?
A small number. T
On Tue, 22 Aug 2017 20:19:06 -0400
Alex wrote:
> > Take a look at podofopdfinfo. It can extract URLs from PDF docs
> > and you can trigger on those.
> Thank you. It didn't work on this one :-(
It worked for me:
$ podofopdfinfo pdf-phish.pdf
Document Info
-
File: pdf-phi
On Tue, 22 Aug 2017 14:55:01 -0400
Alex wrote:
> I know there was a PDF OCR plugin of some sort, but I don't recall it
> being all that effective. Ideas greatly appreciated.
Take a look at podofopdfinfo. It can extract URLs from PDF docs and you
can trigger on those.
Regards,
Dianne.
On Tue, 15 Aug 2017 12:46:59 -0500
Shivram Krishnan wrote:
> Rule-based systems like spamassassin make room for false positives
> from any one of the rules. For instance , a blacklist can have a
> false positive, but there may be other rules which may not agree with
> the blacklist. An ensemble o
On Tue, 15 Aug 2017 12:02:23 -0500
Shivram Krishnan wrote:
> Thanks for the response Bill. I have got a couple of responses from
> this group, which agree with what you are saying - they have their
> own custom techniques to prevent spam and reduce false positives. If
> thats the case, who uses
On Fri, 11 Aug 2017 15:27:52 +
hospice admin wrote:
> text = "v=spf1 exists:%{i}._spf.xyz.com ~all"
> What I'd like to do is turn this into an RBL check, but
> eval:check_rbl('Evil-ESP','_spf.xyz.com')
I understand what you're trying to do, but have you thought about the
implications? You a
On Tue, 08 Aug 2017 20:01:52 +0200
Benny Pedersen wrote:
> why does the OP need to tell sendgrid his users passwords ?
That is indeed a very good question. :)
It's not as if this is some sort of mass-mailing or marketing-oriented
email that needs to be tracked.
Regards,
Dianne.
On Tue, 8 Aug 2017 08:00:04 -0500
David Jones wrote:
> I absolutely agree but it's possible that this part is out of his
> control. Sendgrid might be receiving a plain text email from the
> normal source and adding HTML to get that image in there for
> tracking.
If you can't determine the cont
On Tue, 8 Aug 2017 07:36:01 -0500
David Jones wrote:
> The origin of the email and the path it takes makes a big difference
> in how it's filtered.
Sure, but doing a plain-text message with no HTML will immediately knock
2.2 points off the score. That's a pretty cheap and easy win.
Regards,
D
On Mon, 7 Aug 2017 19:28:04 -0400
"Jacek Osuchowski" wrote:
> This is an email I sent to IsNotSpam.com. They list the whole thing
> when testing for spam. I am getting a lot of complains from our
> customers that our emails are not received. Our domain is not
> blacklisted anywhere so I suspect i
[Just replying to one aspect of the original message.]
On Mon, 7 Aug 2017 18:26:00 -0500
David Jones wrote:
> First, it's a bad idea for a number of reasons to send passwords via
> email. Most modern "lost password" mail loops use a unique URL that
> expires after a short period of time.
As
On Wed, 26 Jul 2017 08:28:52 -0700 (PDT)
John Hardin wrote:
> ...all of which is, sadly, whack-a-mole.
However, there are few to no alternatives to whack-a-mole for this
spam run. The messages are pretty bland.
We've been diligently adding the URLs to our phishing list and we seem
to have caug
On Wed, 26 Jul 2017 17:15:43 +0200
Michael Storz wrote:
[...]
> /boundary="-{4}=_NextPart_000_[0-9A-F]{4}_[0-9A-F]{8}\.[0-9A-F]{8}"/
You may get FPs. See for example
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk105578
I am guessi
On Tue, 25 Jul 2017 08:36:22 -0400
Dianne Skoll wrote:
> All of the URLs match this pattern:
> /\/[A-Z]{4}\d{6}\/$/
We see a new variant with the subject "Your Virgin Media bill is ready" and
URLs that match:
uri__RP_D_00108_03 /\/\d{12}\/[A-Z]{6}\/?$/
Regards,
Dianne.
On Tue, 25 Jul 2017 13:15:33 +0100
RW wrote:
> https://pastebin.com/p7EnFNf7
We've seen lots of those and collected a few dozen unique URLs for our
URL blacklists. I added a swath of them to the APER project in this
commit:
https://sourceforge.net/p/aper/code/11830/
All of the URLs ma
My only comment on this is that shell scripting is a completely inappropriate
language to use for this. Use a real language like Perl, Python, Ruby, or
whatever.
Regards,
Dianne.
On Wed, 12 Jul 2017 21:04:37 -0400
Alex wrote:
> Has anyone else experienced a spam campaign with any one of the
> following subjects:
> - sometimes enjoy it wild, how bout you?
> - sometimes like it ruff, what bout you?
> - sumtimes enjoy it ruff, wat bout you?
144 hits, all of them except one
On Thu, 15 Jun 2017 10:44:03 -0400
Dianne Skoll wrote:
> Hi, Kevin,
I did not realize I was replying to the list. :P Newbie mistake...
Anyway, this is for the list. Feature idea is up at
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7436
Regards,
Dianne.
Hi, Kevin,
> Diane, I'd appreciate if you would synopsize things to the best of
> what you see from the conversation and add it as a feature request in
> bugzilla bug. https://bz.apache.org/SpamAssassin/
Sure. I've forgotten my Bugzilla password, so just waiting for the
reset token to arrive a
On Wed, 14 Jun 2017 13:38:49 +0100
RW wrote:
> The way I suggested has advantages:
> - there's no need to clean-out expired rules manually
A minor advantage at best. And nothing stops you from keeping your
expiring rules in a separate .cf file so they can be auto-purged.
> - it's clear whic
On Wed, 14 Jun 2017 00:52:15 +0100
RW wrote:
> If you want it to work that way it can be done in an external script
> in about 10 lines.
*SIGH*
Yes. I'm perfectly aware of that.
My point is that we can have hundreds of sysadmins writing hacky little
scripts that all do things slightly differe
On Tue, 13 Jun 2017 23:10:25 +0100
RW wrote:
> Then why not write a script to parse your logs and determine when that
> happens.
Because that's more work, and I'm lazy, just like all true sysadmins.
> > What if we did something like:
> > expire MYRULE_FOO 2017-09-01
> This seems sub-optimal to
On Tue, 13 Jun 2017 14:38:21 -0500
Noel wrote:
> Maybe expired rules could automatically score as 0.01 rather than
> invalid. Then log a warning to remind the admin.
No, I don't like that. As others mentioned, that does nothing for dependent
rules. I think a sensible use case for this would
On Tue, 13 Jun 2017 11:56:57 -0400
"Kevin A. McGrail" wrote:
> Brilliant idea but how to keep that information from spammers?
Would it matter? Especially for private site rules. I wouldn't advocate
this for centrally-distributed rules, which are in any event expired out by
removing the rules.
On Tue, 13 Jun 2017 08:59:27 -0700 (PDT)
John Hardin wrote:
> Dependencies.
Yes, that would mess things up. Probably shouldn't be able to expire
rules that others depend on. The parser could check for that and make
them non-expiring (with a warning.)
Regards,
Dianne.
Hi,
Something I and possibly others might find useful would be rules that
expire. Quite often, we might make some very specific rules to handle
a particular spam run and they lose their effectiveness pretty quickly.
What if we did something like:
expire MYRULE_FOO 2017-09-01
or maybe
tflags MY
On Fri, 19 May 2017 12:00:29 -0700
Alan Hodgson wrote:
> This is actually one of the few mailing lists that a DMARC p=reject
> domain can send anything to. Assuming they DKIM-sign their mail, of
> course.
Yep.
> I would argue that setting a DMARC p=reject policy without working
> DKIM is fundam
On Fri, 19 May 2017 20:43:39 +0200
Benny Pedersen wrote:
> some maillists break DKIM, forkus on that first, not last !
Thank you for not adding any value to the conversation. The
domain in question is not using DKIM.
Regards,
Dianne.
Hi,
Tons of list traffic keeps getting quarantined because of DMARC. For
example, a recent message from David Jones :
DMARC policy for domain ena.com suggests Rejection as
DMARC_POLICY_REJECT, but quarantined due to rule settings
$ host -t txt _dmarc.ena.com
_dmarc.ena.com descriptive text "v=D
On Wed, 5 Apr 2017 12:26:56 -0700
Bret Miller wrote:
[...]
> I would never send an unsubscribe to a list because I know it's bad
> etiquette, just like I know that typing in all caps is "shouting".
> But people do it all the time without meaning to offend anyone.
I wonder if technology exists
On Tue, 28 Mar 2017 19:49:10 +0100
Markus wrote:
> Honestly didn't even think of mailing lists such as this, nor BCC
> (don't deal with BCC emails very much to be honest).
> Though, would you not be able to test against the bottom most
> Received header compared to the To: header?
The "for..."
On Tue, 28 Mar 2017 19:04:44 +0100
Markus wrote:
> How likely is it to be in legitimate mail? Highly unlikely (if ever),
> so you'd be pretty safe outright rejecting mail that behaves this
> way, to be honest.
You'd reject every single message in this mailing list if you did that.
Regards,
Dia
On Tue, 7 Mar 2017 00:04:59 +
David Jones wrote:
> >Er... well. The envelope-from is not any more trustworthy than
> >the header From:. But it *is* the thing the SPF spec say to check,
> >and *not* the header From:.
> It should be way more trustworthy since it is where bounces go.
You ass
On Mon, 6 Mar 2017 23:22:00 +
David Jones wrote:
[...]
> Not good. SPF should be checked against the envelope-from
> address which is more trustworthy.
Er... well. The envelope-from is not any more trustworthy than
the header From:. But it *is* the thing the SPF spec say to check,
and *n
On Mon, 6 Mar 2017 11:58:25 -0600 (CST)
David B Funk wrote:
> But that won't help you when the scammers set the user visible from
> as "acco...@paypai.com" or some other variant (with the actual
> address part as or something else.
I recall someone bringing this up on the DMARC discussion list.
On Sun, 5 Mar 2017 10:38:09 -0800
Marc Perkel wrote:
> If the from address is whitelisted AND the SPF of the from address is
> good - I pass the email.
And that's exactly how SPF is supposed to work. You shouldn't whitelist
domains willy-nilly because they can be spoofed, and you shouldn't all
On Fri, 24 Feb 2017 16:26:38 -0500
Alex wrote:
> We've actually had false-positives due to how the list is built into
> rules. In other words, "i...@ca.com" is still on the list from 2011.
> They're also not bounded by default, so noi...@ca.com and
> morei...@ca.com would also be caught, for exam
On Fri, 24 Feb 2017 18:07:50 +
RW wrote:
> > OK. Any FPs, though? That's the other half of the test.
> No, but it's pretty unlikely there would be.
Actually, it's very likely there will be a lot of FPs, but it's also
very likely that any given user of the list won't see them. That's
bec
On Wed, 22 Feb 2017 20:14:33 +
RW wrote:
> FWIW I ran that list against 3k spams received from late 2015
> onwards. I got 2 hits on 2 separate addesses both timestamped with
> 2012.
OK. Any FPs, though? That's the other half of the test.
Regards,
Dianne.
On Wed, 22 Feb 2017 08:45:07 +
Vincent Fox wrote:
> Come on, look at the datestamps on the addresses in that list!
> Plenty from 2009.
The reason they datestamp the addresses is so that sites making use of
the list can determine on their own when data is stale enough to ignore.
I do agree t
On Mon, 20 Feb 2017 14:21:08 -0500
Alex wrote:
> Maybe we're using something different. This is the link I was using to
> download the phishing addresses until the other day, when it became a
> dead link:
> https://aper.svn.sourceforge.net/svnroot/aper/phishing_reply_addresses
That URL works fo
On Sun, 19 Feb 2017 12:21:14 -0500
Alex wrote:
> https://code.google.com/archive/p/anti-phishing-email-reply/
> It appears to no longer be active, as some time yesterday.
It's still active. The most recent commit is dated today, and I still
have commit privileges.
Regards,
Dianne.
On Thu, 16 Feb 2017 10:07:46 +
David Jones wrote:
> Would it make sense for me to setup/manage my own custom
> rules for checking the To: header or could the FreeMail plugin
> be extended to add new rules like FREEMAIL_TO?
The To: header may not contain useful information. I don't think
the
Ruga wrote:
> RFC-822 is the e-mail standard, without "group addresses". What we do
> complies with the standard.
You are wrong. Wrong, wrong, wrong, wrong.
Take a look at RFC-822: https://www.ietf.org/rfc/rfc0822.txt
Go to Section 6. ADDRESS SPECIFICATION. Look at Section 6.1.
Here's a cop
On Thu, 09 Feb 2017 08:21:28 -0500
Ruga wrote:
[nonsense]
I thought I'd take this opportunity to remind everyone of my Perl package
http://search.cpan.org/~dskoll/Mail-ThreadKiller-1.0.1/lib/Mail/ThreadKiller.pm
Regards,
Dianne.
On Thu, 09 Feb 2017 03:44:24 -0500
Ruga wrote:
> Proper snail mail and e-mail have addresses. Those who do not, are
> quickly archived in the trashcan. This is what we do, and it works.
We get it.
I'm overcome with delight that you are implementing the mail policy
that you like. It warms my he
On February 9, 2017 3:41:32 AM EST, Ruga wrote:
>Let see who can read amon us.
You spelled "among" incorrectly.
>What is your highest level of formal education?
Um? None of your business?
Master's degree, if you must know.
-- Dianne
On Wed, 08 Feb 2017 09:01:35 -0500
Ruga wrote:
> How odd, in a mailing list of spam fighters someone really wants me
> to accept junk mail.
Wow. You really don't know how to read, do you? What was unclear
about my statement:
Hey, you do you. You can do whatever you want with your mail, bu
On Wed, 08 Feb 2017 07:16:48 -0500
Ruga wrote:
> It is precisely because I am responsible for other persons that I
> make such rules based upon the RFC standard,
No, you don't. You make the rules based on your misreading of RFC 822.
RFC 822 permits this header:
To: undisclosed recipients:;
E
On Tue, 07 Feb 2017 18:33:49 -0500
Ruga wrote:
> I follow the actual RFC standard, not the proposed revisions.
No you don't. You follow your misunderstanding of the actual standard.
RFC822 permits group syntax. It's right in the ABNF. Learn to read
carefully.
Here's a hint, taken directly fr
On Tue, 07 Feb 2017 02:57:06 -0500
Ruga wrote:
> > To: undisclosed recipients: ;
> The To header is not RFC compliant.
Yes it is. RFC 5322 even gives the header Cc: undisclosed recipients: ;
as an example in Appendix A.1.3, Group Addresses.
> The Subject header exceeds the
> maximum line leng
On Mon, 30 Jan 2017 09:06:34 -0500
Rob McEwen wrote:
> On 1/30/2017 8:54 AM, Matus UHLAR - fantomas wrote:
> > they do and it has been mentioned:
> > https://help.yahoo.com/kb/SLN23997.html
Cool. So Yahoo uses an HTML page that's a pain to process by
computer. Microsoft has
https://support.co
On Mon, 30 Jan 2017 13:40:26 +
David Jones wrote:
> My goal in whitelisting Yahoo servers is to make sure these
> messages get to MailScanner where they are not whitelisted
> and are scores based more on content by Spamassassin rather
> than sender reputation (DNSBLs).
OK, understood now.
I
1 - 100 of 242 matches
Mail list logo