On 08/07/2017 05:56 PM, Jacek Osuchowski wrote:
We use emails to allow users to reset their passwords to our website. We send very brief emails containing the reset password. Example between >>>>:



Your password to access your account is:

S]U3bC7k

Upon successful login you may change your password by going to Modify Account / Change Your Password.



The emails are marked as spam. Sample report from IsnotSpam.com:

SpamAssassin check details:

---- ---------------------- -------------------------------

* 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%

* [score: 0.9995]

* -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

* [50.31.63.50 listed in wl.mailspike.net]

* -0.0 SPF_PASS SPF: sender matches SPF record

* 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%

* [score: 0.9995]

* 2.1 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words

* 0.1 HTML_MESSAGE BODY: HTML included in message

* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

* domain

* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

* valid

* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

* -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

X-Spam-Status: Yes, hits=5.7 required=-20.0 tests=BAYES_99,BAYES_999,

DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_IMAGE_ONLY_12,HTML_MESSAGE,

RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_PASS autolearn=no autolearn_force=no

version=3.4.0

X-Spam-Score: 5.7

I understand you trying to provide great software to fight email spam but you are making my live miserable. I am having more problems with our emails marked as spam then from the spam itself. Any help on how avoid being marked as spam would help. Is there a way to be whitelisted by SpamAssasin globally. Most emails are blocked by internet providers like Cablevision or comcast and getting them to help is IMPOSSIBLE. They just install the software and let it run as it is.

Thank You


Perhaps you should take a little time to figure out what should be changed in that message body to make those emails not score so high.

First, it's a bad idea for a number of reasons to send passwords via email. Most modern "lost password" mail loops use a unique URL that expires after a short period of time.

Secondly, that text in the body is very commonly used by bad actors trying to phish passwords. Why not change the text a bit and run it through the isnotspam.com site until it doesn't hit such a high Bayesian rule. This won't guarantee the Bayesian score of other SpamAssassin platforms but should give a good hint as to what wording is not good to use.

Third, if you could send us complete headers, then we may be able to provide more help. The SPF and DKIM look good and you seem to be doing all of the reputation stuff properly. It comes down to content checks (BAYES) then.

--
David Jones

Reply via email to