On Tue, 15 Sep 2020, Mark London wrote:
Hi - I receive email from spiceworks.com help desk, which are sent via sendgrid. Why do these URLs trigger the SENDGRID_REDIR rule score, which is 3.4 ? Thanks. - Mark
They trigger the rule because they match the rule's conditions - a message having a Sendgrid redirect URL. They've been abused in a lot of phishing lately.
The score is that high because spams that have such aren't scoring highly based on all the other rules, and the SpamAssassin masscheck corpora does not have many instances of legitimate Sendgrid redirects.
An important question is: are these mails being scored as spammy and is that interfering with proper delivery? Or are you just worried about a single high-scoring rule hit?
I will take a look and see if the FP rate can be reduced. If you could send me an example of one or more of these messages privately (zipped, with all message headers intact) then I might be able to do a better job of that.
As a workaround, you could whitelist the spiceworks.com help desk email address.
-- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Gun Control laws cannot reduce violent crime, because gun control laws assume a violent criminal will obey the law. ----------------------------------------------------------------------- 2 days until the 233rd anniversary of the signing of the U.S. Constitution
