Am 06.10.2015 um 19:44 schrieb Reindl Harald:
Am 06.10.2015 um 19:38 schrieb Alex:I've received a handful of messages that appear to be facebook notifications, but fail SPF. They otherwise look completely legit - links to profiles, only URLs to facebook.com and CDN caching sites, and even appears to have been routed through facebook's outgoing mail.All of that could be faked, but it would mean the payload is in the actual facebook profiles themselves. Has anyone else found this to be the case? http://pastebin.com/jE8G5LXJwhitelist_auth *@facebookmail.com *@pages.facebookmail.com and then safely train the junk as spam
BTW: i trained your sample with 5 copies (generic date/message-id) as spam reaching BAYES_95 and none of the 70 facebook ham-smaples in our corpus lost it's BAYES_00
signature.asc
Description: OpenPGP digital signature