On Sun, 2014-06-08 at 22:49 -0400, Alex wrote:
> I have a few messages that have been incorrectly tagged because the
> sender used their yahoo address as the sender, but used a mass mailer
> (contactbeacon.com) to send their newsletter for them. Apparently this
Which is a particularly bad (to avoid the term cheap) way of sending
"mass" mailings.
> is enough for it to hit FORGED_YAHOO_RCVD and L_UNVERIFIED_YAHOO,
> causing it to be marked as spam.
Scores of 1.63 and 2.5 respectively, according to your sample. With a
total score of 6.995, it is the latter one pushing it over the 5.0
threshold, not the first one.
Moreover, the responsible rule is NOT stock SA. The obvious L "local"
prefix should be a clear hint. You defined it as "from yahoo, but not
DKIM valid".
For amusement, search google for UNVERIFIED_YAHOO (and insist you really
mean it literally with the underscore rather than two words).
"Yahoo uses DKIM and this wasn't signed". Funnily enough, that's a quote
from a bug report back April 2007. Actually the OP closing its own
report as not a bug.
> Is there something I'm missing, or is there a better way to do this to
> avoid the FPs in the future?
If by "doing this" you mean writing a safer variant of your local rule,
you should have (a) clearly stated it's a local rule, and (b) pasted
the complete current version of that local rule.
By making us chase your local rules in archives, all you'll get is
fingers pointing at your own, local rule.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
