You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2021/03/05 18:10:12 UTC

[Bug 7887] SpamAssasin reporting company email as SPAM

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7887

Bill Cole <bi...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |billcole@apache.org
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Bill Cole <bi...@apache.org> ---
SHORT FORM: There's no "bug" here, just SpamAssassin operating as designed.
That is not to say that your problem isn't real. You may find more assistance
on the SpamAssassin Users mailing list. 
See https://lists.apache.org/list.html?users@spamassassin.apache.org

LONGER FORM: 
There are multiple issues here... 

1. Mail-tester.com runs a test against THEIR variant version and configuration
of SpamAssassin. A recent report indicates that they are using a ruleset which
is long out of date, with manually-adjusted scores. There is no way that we can
treat their analysis as evidence of anything wrong with the current version of
SpamAssassin in a normal configuration. Also: they show your message scoring
4.5, which is safely below the standard SA threshold of 5.0 So: garbage results
from mail-tester.com are never an indicator of any sort of bug in SA. 

2. Legitimate streams of mail matching one or more SA rules DOES NOT constitute
a bug per se, particularly if the rules show high accuracy in our QA system
(ruleqa.spamassassin.org) and that mail is not routinely scored over the
standard threshold of 5.0. Both of the cited rules together only add 3.8 points
with the current scoring. So: legitimate mail hitting both of those rules is
not an indicator of any sort of bug in SA.

3. Historically, the 'online' TLD was abused for large batches of apparent
'trial' domains set up solely to send spam from domains with no prior
reputation. By allowing that, the people running the TLD permanently damaged
the email reputation of the TLD for EVERYONE they sell domains to. Using a
*.online domain for the sender of email continues to correlate to mail being
spam, so that rule remains useful, even if it matches a tiny fraction of
legitimate mail. So: hitting PDS_OTHER_BAD_TLD due to use of the "online" TLD
specifically is not an indicator of any sort of bug in SA.

4. If you set a "Reply-To" header to any freemail address (in this case,
according to that mail-tester.com page, a gmail.com address) which is not in
the same domain as the address in the "From" header, your mail will hit the
highly accurate and highly effective FREEMAIL_FORGED_REPLYTO rule. Do not do
that: it is a widely-used trick of account hijackers and phishing
practitioners. Many spam filters other than SA will see that as a spam
indication. So: hitting FREEMAIL_FORGED_REPLYTO specifically is not an
indicator of any sort of bug in SA. 

5. The .online TLD has been part of the PDS_OTHER_BAD_TLD rule for over a year
and FREEMAIL_FORGED_REPLYTO  is much older, so any recent change in how your
mail is handled cannot be a result of that SpamAssassin rule. So: a recent
change in how anyone is handling your mail is not an indicator of any sort of
bug in SA.

6. When you say your mail "goes to SPAM folder" that seems like an indictment
of some specific site's email filtering policy. If it is happening at GMail, I
am 100% certain that no changes to SpamAssassin can be related to that, as they
do not use SA. In fact, none of the major retail mailbox providers will admit
to using SA, even though we would be happy if they did so and it would be as
free to them as it is to all users. How mail is delivered at any particular
site is entirely out of our control, all we do is provide a framework for
scoring email as "spam" or "ham" (i.e. non-spam) and mail systems which use SA
scores make their own decisions entirely on how to handle mail based on SA
scores. So: delivery to a "spam folder" by any particular mail provider is a
choice of that provider, not an indicator of any sort of bug in SA.

I am sympathetic to your very real problem, however it is not likely to be
caused in any way by SpamAssassin and even if it is due to some non-standard
way that one or more mail systems is using SpamAssassin, there is no way for it
to be fixed within SpamAssassin without reducing its efficacy for most users.

-- 
You are receiving this mail because:
You are the assignee for the bug.