We've had some false
positives with the X_LIBRARY, MIME_BOUND_RKFINDY rules being tripped on e-faxes
received through www.myvfm.com. Fairly obviously the
service has been built using the Indy.Sockets library (www.indyproject.org).
The Indyproject
knowledge base admits that headers similar to those produced by their library
have been found in worms and spams sent with some spamware.
Has anyone else
experienced this problem ? I could create a rule to decrease the score for
emails generated by myvfm.com, but do the format of emails from this
service change ? How likely is it for spammers to spoof mails from this
service in order to reduce their SA scores using such a rule
?
Thanks,
Martin
Martin Lee
Senior Software Engineer
Anti-spam team
MessageLabs
Senior Software Engineer
Anti-spam team
MessageLabs
Tel: +44 (1452) 627 042
[EMAIL PROTECTED]
[EMAIL PROTECTED]
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
