>________________________________________ >From: Dianne Skoll <d...@roaringpenguin.com> >Sent: Thursday, September 24, 2015 9:02 AM >To: users@spamassassin.apache.org >Subject: Re: Test for empty EnvelopeFrom
>On Thu, 24 Sep 2015 12:21:33 +0000 >David Jones <djo...@ena.com> wrote: >> I agree with Reindl. You can't block null senders or you break a lot >> of legit emails. >Well, if you run your own mail server, you can do whatever you like so >long as you accept the consequences. >I would say: A null sender is not necessarily the sign of spam, but it's >also not necessarily the sign of ham. We see a continuous background >chatter of spam messages that have a null envelope sender. And these >are new messages, not backscatter in response to anything. I agree with you and Reindl on this point too. I guess what I meant to say is usually the hardest spam to block with a null sender is backscatter from a normally trusted/good reputation mail server. RBLs and SA with a well-trained Bayes DB do a very good job on new emails with a null sender. >What *is* a very reliable spam indicator (and is a SpamAssassin rule >DSN_NO_MIMEVERSION) is mail from a null sender that lacks a >MIME-Version: header. Almost all auto-generated responses have that >header; a fair bit of null-sender spam does not. Good info. I checked my MailScanner logs and there are a lot of hits on this rule along with an invalid watermark so they seem to be closely related. I do see a number of Yahoo.com legit DSNs that seem to be hitting this rule (not surprised) but have a valid MS watermark. Dave >Regards, >Dianne.