You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2021/12/16 23:12:08 UTC

[Bug 7949] SpamAssassin & .online domains

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7949

Bill Cole <bi...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |billcole@apache.org
         Resolution|---                         |WORKSFORME

--- Comment #1 from Bill Cole <bi...@apache.org> ---
(In reply to sikro94 from comment #0)
> Hello! I don't know if this is the right place, but I see that your
> SpamAssassin filter gives my domain name a bad reputation. 

No, the past users of the same gTLD have given it a bad reputation.
SpamAssassin merely reports that. 

[...]

NOTE: whatever you're using to get a SpamAssassin score is broken. It seems to
be showing negative scores for rules that should have positive (spammy) scores
and the score values do not match recent versions of the standard ruleset. 

> -0.249	HEADER_FROM_DIFFERENT_DOMAINS	From and EnvelopeFrom 2nd level mail
> domains are different

That's not specific to your domain or TLD, it is a result of the addressing of
your email: different domains in the From header and SMTP envelope.

> -0.001	MIME_QP_LONG_LINE	Quoted-printable line longer than 76 chars

That's entirely unrelated to domains, it's a quirk of your email's transport
encoding which is formally improper but not *per se* significantly correlated
to a message being spam or non-spam. 

> -0.499	FROM_SUSPICIOUS_NTLD	From abused NTLD
> -0.001	FROM_SUSPICIOUS_NTLD_FP	From abused NTLD
> -1.725	PDS_OTHER_BAD_TLD	Untrustworthy TLDs
>  	 	 URI: combien.online (online)

Total score: 2.225 as shown, 2.800 by current release scoring. Most of that is
from the last rule, which checks domains found in the body of mail: in theory
just from URLs, but that's loosely parsed.

To be deemed "spam" by SpamAssassin using the default configuration, you'd need
a score over 5. 

> Do you know how to avoid this by keeping the same domain name so that I
> don't end up spamming my recipients?

Whether you are spamming or not isn't determined by a SA score, it's determined
by whether you have the consent of the people you're mailing. We assume that no
one filing a bug here is actually spamming unless they say so. :)

Note that the inclusion and scoring of rules in the default ruleset is
controlled by a daily automated process that uses submitted corpora of "spam"
and "ham" mail 
and their scoring. By design, every message will match some SA rules that have
positive (spammy) scores and some that have negative (hammy) scores. If your
mail scores below 5 IN TOTAL then SpamAssassin is saying that it is probably
not spam. It's not critical to minimize your SA score, it only matters that you
don't score too high (i.e. definitely below 5.) Some sites set their thresholds
lower, but very rarely lower than 4. 

There is nothing about this that is addressable as a "bug" in SA. The inclusion
of the 'online' TLD in the "suspicious" list is grounded in observed empirical
fact, and the scoring of the rules using that list is constrained to limit the
potential for broad damage (i.e. actually marking legitimate mail as spam.)

-- 
You are receiving this mail because:
You are the assignee for the bug.