This rule will be hit any time someone sends mail from a website and puts [EMAIL PROTECTED] in the From: field. This was happening to one of my customers who is a recruiter and receives resumes from job engine sites like Monster.com. They send out the mail from a Monster server but the from and reply-to say yahoo.com, so this this rule is triggered. The only way around it is manual Bayes training, and to create custom rules to match certain things you will expect to find in the headers or body of these messages so the mail won't be tagged as spam when it matches the AOL, HOTMAIL, or YAHOO forged rules.
-----Original Message-----
From: Bret Miller [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 22, 2004 12:54 PM
To: [EMAIL PROTECTED]
Subject: RE: Yahoo forged rules on legit email
> Someone at my company received an order inquiry from someone whose
> return address was at a yahoo account, but they must have sent it from
> another account. The message was tagged by several "Forged Yahoo"
> rules and Faked HELO rules. Viewable at:
> http://mail.photoresearchers.com/spam/false-neg20040722.txt
>
> If it hadn't been for a custom positive score and a AWL score, the
> message would have gotten an 11.60. Why does this message look so
> spammy?
Essentially, the user send a message using his yahoo.com address, but
sent it through another provider. SA looked at the message and found
that it didn't at all look like a yahoo.com server and since such
techniques are commonly used by spammers, gave it an appropriately high
score.
Realistically, if the person wants to use a yahoo.com return address, he
should send the e-mail from his yahoo.com e-mail account, not from some
other service. If POP/SMTP access is desired, try the YahooPOPS project
for a nice proxy link.
Bret
----------
Send your spam to: [EMAIL PROTECTED]
Thanks for keeping the internet spam-free!
