You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Marie Gabriele Licht <li...@rssgmbh.de> on 2008/10/30 09:37:56 UTC
Problems with the email adress of our company
Hi there,
we have some problems with the email-address of our company. When we
write emails to people with a ...@gmx.de address, the receiver won't
get the email because it's in the spam folder.
Gmx's support told us that they use spam assassin.
Can you help us? Can you verify that we are no spam but a serious company?
Or is it gmx's business to do so?
Thank you so much!
Marie Licht
______________________________________
Dipl.-Ing. (Geodäsie & Geoinformatik)
Maria Gabriele Licht
RSS - Remote Sensing Solutions GmbH
Büro München
Wörthstr. 49
81667 München
Tel.: +49 89 48954765
Fax: +49 89 48954767
Geschäftsführer: Prof. Dr. Florian Siegert
Registergericht: Amtsgericht Potsdam
Handelsregister: HRB 17931 P
Umsatzsteuer: ID-Nr. DE 193162464
<ma...@rssgmbh.de> licht@rssgmbh.de
<http://www.rssgmbh.de/> www.rssgmbh.de
<http://www.reality-maps.de/> www.reality-maps.de
______________________________________
Aktuelles bei RSS:
>> NEU! 3D-Landkarten "Tegernseer und Schlierseer Berge in 3D" und
"Isarwinkel 3D"
>> Zugspitze 3D: Ab sofort ist die 2. Auflage erhältlich
>> Juli 2008: Die Doppel-DVD "König Ludwig II. - Schlösser in 3D" wird in
zweisprachigen (englisch/deutsch) Einzel-DVDs herausgegeben
-----------------Disclaimer-----------------
Die in dieser E-Mail und den dazugehoerigen Anhaengen (die Nachricht)
enthaltenen Informationen sind nur fuer den Adressaten bestimmt und koennen
vertrauliche und/oder rechtlich geschuetzte Informationen enthalten. Sollten
Sie die Nachricht irrtuemlich erhalten haben, loeschen Sie die Nachricht
bitte und benachrichtigen Sie den Absender, ohne die Nachricht zu kopieren
oder zu verteilen oder ihren Inhalt an andere Personen weiterzugeben. Ausser
bei Vorsatz oder grober Fahrlaessigkeit schliessen wir jegliche Haftung fuer
Verluste oder Schaeden aus, die durch virenbefallene Software oder E-Mails
verursacht werden.
-----------------Disclaimer-----------------
The information contained in this e-mail and any attachments (the message)
is intended for the addressee only and may contain confidential and/or
privileged information. If you have received the message by mistake please
delete it and notify the sender and do not copy or distribute it or disclose
its contents to anyone. Except in case of gross negligence or wilful
misconduct we accept no liability for any loss or damage caused by software
or e-mail viruses.
Re: Problems with the email adress of our company
Posted by mouss <mo...@netoyen.net>.
Kelson wrote:
> Per Jessen wrote:
>> I guess it's a matter of opinion, but an email address is a significant
>> part of a corporate identity - you don't go around changing it ad-hoc,
>> and you certainly try to avoid having one domain in your email-address
>> and another on your brochures and businesscards.
>
> Exactly. That sort of thing would train users to expect your company's
> email to come from multiple and/or unfamiliar domains, such that they
> will be less likely to notice phishing attempts that claim to be your
> company but come from other domains.
>
<devil advocate=yes>
- how many users would see the address part in
From: joe at rssgmbh <jo...@otherdomain.example>
- and regarding phishing, those users who "will be less likely to
notice" will never notice anyway, whatever you do.
- if your marketers decide to use beepornot.com instead of
Beep-or-not.com, don't come crying that it is blocked because it
contains "porn".
</devil>
I do understand the trademark/name/identity/IP/... issues, and I do
understand that OP should not be forced to play such games, but if he
has no other way to get his mail delivered to his recipients, then he
can ask his boss/mgmt/mktg/president/... whether it's acceptable to play
these games in order to get mail out.
Re: Problems with the email adress of our company
Posted by Kelson <ke...@speed.net>.
Per Jessen wrote:
> I guess it's a matter of opinion, but an email address is a significant
> part of a corporate identity - you don't go around changing it ad-hoc,
> and you certainly try to avoid having one domain in your email-address
> and another on your brochures and businesscards.
Exactly. That sort of thing would train users to expect your company's
email to come from multiple and/or unfamiliar domains, such that they
will be less likely to notice phishing attempts that claim to be your
company but come from other domains.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
Re: Problems with the email adress of our company
Posted by Per Jessen <pe...@computer.org>.
mouss wrote:
> Per Jessen wrote:
>>
>>>>From the business point of view, one also has to consider the cost
>> involved in changing all the stationery, website, businesscards,
>> brochures, etc etc etc ...
>>
>
> it is not necessary to change these. a second domain name that points
> to the "primary" one is enough (how about
> RemoteSensingSolutions.com?).
I guess it's a matter of opinion, but an email address is a significant
part of a corporate identity - you don't go around changing it ad-hoc,
and you certainly try to avoid having one domain in your email-address
and another on your brochures and businesscards.
/Per Jessen, Zürich
Re: Problems with the email adress of our company
Posted by mouss <mo...@netoyen.net>.
Per Jessen wrote:
> Greg Troxel wrote:
>
>> Asking someone to change their domain name to match an SA rule seems
>> a bit extreme to me! Why not propose that de establish a gmbh 2nd
>> level for companies, and make him rss.gmbh.de?
>>
>> FROM_DOMAIN_NOVOWEL was logged for only 3 messages here yesterday,
>> of
>> 1.3 million logged as scoring 7.0 and higher. All 3 were fps:
>>
>> privatehealthmgmt.com
>> umdnj-secure.com (twice)
>>
>> (That second one had a long consonant string to the left of the @
>> sign.)
>>
>> It is perhaps extreme, but even if the rule is fixed not to FP, I
>> suspect (but have no data) there will be lingering trouble from older
>> installations. From the business point of view one has to weigh the
>> cost of FPs and the cost of changing the name. I would probably
>> change names, since it really isn't that hard.
>
>>>From the business point of view, one also has to consider the cost
> involved in changing all the stationery, website, businesscards,
> brochures, etc etc etc ...
>
it is not necessary to change these. a second domain name that points to
the "primary" one is enough (how about RemoteSensingSolutions.com?).
not ideal, but may be needed since even if the scores are fixed in SA,
many sites won't update, and let's not speak about sites using
proprietray technos that have similar rules (such rules come "naturally"
after you received spam with unpronounceable names...).
Re: Problems with the email adress of our company
Posted by Per Jessen <pe...@computer.org>.
Greg Troxel wrote:
> Asking someone to change their domain name to match an SA rule seems
> a bit extreme to me! Why not propose that de establish a gmbh 2nd
> level for companies, and make him rss.gmbh.de?
>
> FROM_DOMAIN_NOVOWEL was logged for only 3 messages here yesterday,
> of
> 1.3 million logged as scoring 7.0 and higher. All 3 were fps:
>
> privatehealthmgmt.com
> umdnj-secure.com (twice)
>
> (That second one had a long consonant string to the left of the @
> sign.)
>
> It is perhaps extreme, but even if the rule is fixed not to FP, I
> suspect (but have no data) there will be lingering trouble from older
> installations. From the business point of view one has to weigh the
> cost of FPs and the cost of changing the name. I would probably
> change names, since it really isn't that hard.
>>From the business point of view, one also has to consider the cost
involved in changing all the stationery, website, businesscards,
brochures, etc etc etc ...
/Per Jessen, Zürich
Re: Problems with the email adress of our company
Posted by Greg Troxel <gd...@ir.bbn.com>.
Asking someone to change their domain name to match an SA rule seems
a bit extreme to me! Why not propose that de establish a gmbh 2nd level
for companies, and make him rss.gmbh.de?
FROM_DOMAIN_NOVOWEL was logged for only 3 messages here yesterday, of
1.3 million logged as scoring 7.0 and higher. All 3 were fps:
privatehealthmgmt.com
umdnj-secure.com (twice)
(That second one had a long consonant string to the left of the @ sign.)
It is perhaps extreme, but even if the rule is fixed not to FP, I
suspect (but have no data) there will be lingering trouble from older
installations. From the business point of view one has to weigh the
cost of FPs and the cost of changing the name. I would probably change
names, since it really isn't that hard.
Re: Problems with the email adress of our company
Posted by Joseph Brennan <br...@columbia.edu>.
Greg Troxel <gd...@ir.bbn.com> wrote:
> But even with gmx addressed separately, 4.2 points is a very high score,
> and there is a large installed base. So I would advise considering
> registering rss-gmbh.de and using that instead, but doing your own
> testing first.
Asking someone to change their domain name to match an SA rule seems
a bit extreme to me! Why not propose that de establish a gmbh 2nd level
for companies, and make him rss.gmbh.de?
FROM_DOMAIN_NOVOWEL was logged for only 3 messages here yesterday, of
1.3 million logged as scoring 7.0 and higher. All 3 were fps:
privatehealthmgmt.com
umdnj-secure.com (twice)
(That second one had a long consonant string to the left of the @ sign.)
Joseph Brennan
Lead Email Systems Engineer
Columbia University Information Technology
Re: Problems with the email adress of our company
Posted by Michelle Konzack <li...@tamay-dogan.net>.
Am 2008-10-30 08:53:17, schrieb Greg Troxel:
> So I wonder if domains with no
> vowels are normal in Germany (they are not normal in the US).
In germany there are many domains ending with <gmbh.de> which is a
"limited liability company". Also I know Austrian and Swiss domains
with it.
Maybe the spamassassin rules should respect this special case...
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
Re: Problems with the email adress of our company
Posted by Matt Kettler <mk...@verizon.net>.
Greg Troxel wrote:
> we have some problems with the email-address of our company. When we
> write emails to people with a ...@gmx.de address, the receiver won't
> get the email because it's in the spam folder.
>
> Gmx's support told us that they use spam assassin.
>
> Can you help us? Can you verify that we are no spam but a serious company?
> Or is it gmx's business to do so?
>
> Thank you so much!
> Marie Licht
>
> I will assume that you are finding substantially all mail filtered by
> gmx, and that the mail is similar to the one you sent to the list
> (rather than some sort of newsletter or advertising, which is an
> entirely different story).
>
> While it is gmx's responsibility to deal with what appears to be
> incorrect filtering, many people use spamassassin and whatever is
> happening at gmx is likely to happen elsewhere.
>
> You will almost certainly either need to study the documentation at
> http://spamassassin.apache.org/ or get help from someone who knows it in
> order to fully understand this message, but I hope it will make sense
> anyway.
>
> I ran your mail through spamassassin with the -t option, asking it to
> explain which tests fired and why, and the resulting scores. Your basic
> problem is that rssgmbh is a domain name with 7 non-vowel characters in
> a row. The following spamassassin rule detects domains with 7 or more
> non-vowel characters:
>
> header FROM_DOMAIN_NOVOWEL From =~ /\@\S*[bcdfghjklmnpqrstvwxz]{7}/i
> describe FROM_DOMAIN_NOVOWEL From: domain has series of non-vowel letters
>
>
Note: there's already a bugzilla open about the FPs on this rule:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5736
Re: Problems with the email adress of our company
Posted by Matt Kettler <mk...@verizon.net>.
Kai Schaetzl wrote:
> Greg Troxel wrote on Thu, 30 Oct 2008 08:53:17 -0400:
>
>
>> So I wonder if domains with no
>> vowels are normal in Germany
>>
>
> no.
>
Regardless, they're common enough that the S/O for the rule was sucking
really bad on recent ruleQA's. (FROM_DOMAIN_NOVOWEL was posting S/O's of
0.65.. can you say, absurdly lousy rule?)
The rules have been modified to be less FP prone, and they've had their
scores badly neutered. This is published on sa-update now.
See also:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5736
>> (they are not normal in the US).
>>
>
> Easy:
> Remote Sensing Solutions GmbH ->
> Remote Sensing Solutions Ltd ->
> rssltd.com
>
>
Bah, asking people to change their domain is silly. Particularly when
GmbH is a perfectly normal way to identify a corporate entity in
Germany, and it's certainly no less valid than LTD. If there was
something wildly abnormal and clearly spam-like about it, that would be
one thing, but RSS GmbH is not in any way a "wildly abnormal" company name.
Also, the combined score of these rules tended to violate some basic
principles of SA anyway. (ie: tagging a message as spam simply because
the domain name contains 7 consonants, with no other spam like
attributes, is silly)
Re: Problems with the email adress of our company
Posted by Michelle Konzack <li...@tamay-dogan.net>.
Am 2008-10-31 13:31:16, schrieb Kai Schaetzl:
> Easy:
> Remote Sensing Solutions GmbH ->
> Remote Sensing Solutions Ltd ->
> rssltd.com
But you know, that a GmBH is very different from a Ltd?
They have different status.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
Re: Problems with the email adress of our company
Posted by Kai Schaetzl <ma...@conactive.com>.
Greg Troxel wrote on Thu, 30 Oct 2008 08:53:17 -0400:
> So I wonder if domains with no
> vowels are normal in Germany
no.
> (they are not normal in the US).
Easy:
Remote Sensing Solutions GmbH ->
Remote Sensing Solutions Ltd ->
rssltd.com
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: Problems with the email adress of our company
Posted by Greg Troxel <gd...@ir.bbn.com>.
we have some problems with the email-address of our company. When we
write emails to people with a ...@gmx.de address, the receiver won't
get the email because it's in the spam folder.
Gmx's support told us that they use spam assassin.
Can you help us? Can you verify that we are no spam but a serious company?
Or is it gmx's business to do so?
Thank you so much!
Marie Licht
I will assume that you are finding substantially all mail filtered by
gmx, and that the mail is similar to the one you sent to the list
(rather than some sort of newsletter or advertising, which is an
entirely different story).
While it is gmx's responsibility to deal with what appears to be
incorrect filtering, many people use spamassassin and whatever is
happening at gmx is likely to happen elsewhere.
You will almost certainly either need to study the documentation at
http://spamassassin.apache.org/ or get help from someone who knows it in
order to fully understand this message, but I hope it will make sense
anyway.
I ran your mail through spamassassin with the -t option, asking it to
explain which tests fired and why, and the resulting scores. Your basic
problem is that rssgmbh is a domain name with 7 non-vowel characters in
a row. The following spamassassin rule detects domains with 7 or more
non-vowel characters:
header FROM_DOMAIN_NOVOWEL From =~ /\@\S*[bcdfghjklmnpqrstvwxz]{7}/i
describe FROM_DOMAIN_NOVOWEL From: domain has series of non-vowel letters
and that is worth 2.6 points in the normal configuration (using the
bayesian classifer, and running network tests). The test checks for 7
characters in a row that are each in the set enclosed in brackets.
A similar rule scoring 1.6 points hits on your domain name being in the
mail:
uri URI_NOVOWEL m%^https?://[^/?]*[bcdfghjklmnpqrstvwxz]{7}%i
describe URI_NOVOWEL URI hostname has long non-vowel sequence
You are listed in dnswl.org as medium, and that helps a lot (-4 points),
but some sites may not trust dnswl.
The BAYES_60 rule is a weak indication of spammy content, based on
probabilities from words in the mail, compared to all the mail I have
received. I would focus on the NOVOWEL issue, but you might consider
getting rid of the legal disclaimer text, and sending plain text mail
instead of html in order to avoid even rules that give low positive
score.
Still, I see only 4.2 points, assuming most of your mail doesn't hit
BAYES_60 or higher, and the normal threshold is to declare a message
spam at >= 5 points. If you are having a problem only with gmx, then
they should add a local rule that at least doesn't apply the NOVOWEL
rules to your domain, or perhaps to domains in dnswl. Perhaps that rule
is basically inappropriate for German.
But even with gmx addressed separately, 4.2 points is a very high score,
and there is a large installed base. So I would advise considering
registering rss-gmbh.de and using that instead, but doing your own
testing first.
Here are the details of FROM_DOMAIN_NOVOWEL:
http://ruleqa.spamassassin.org/20081029-r708834-n/FROM_DOMAIN_NOVOWEL/detail
One thing I noticed is that when results are broken down by mail corpus
submitter, 3 of the 4 have only spam hitting this rule, while for the
fourth there is more ham than spam. So I wonder if domains with no
vowels are normal in Germany (they are not normal in the US).
(The USER_IN_WHITELIST below is applied to mails that are via the
spamassassin list and received at my machine directly from the
spamassassin mailing list server, and is in place because mail on this
list often quotes things that trigger many rules to discuss the rules,
etc. This rule will not generally apply to your mail.)
Content analysis details: (-98.8 points, 1.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
trust
[140.211.11.2 listed in list.dnswl.org]
-100 USER_IN_WHITELIST From: address is in the user's white-list
2.6 FROM_DOMAIN_NOVOWEL From: domain has series of non-vowel letters
1.6 URI_NOVOWEL URI: URI hostname has long non-vowel sequence
1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80%
[score: 0.6114]
0.0 HTML_MESSAGE BODY: HTML included in message
After replacing rssgmbh with rss-gmbh, your mail scores -3.0 (discarding
the whitelist).
Content analysis details: (-103.0 points, 1.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
trust
[140.211.11.2 listed in list.dnswl.org]
-100 USER_IN_WHITELIST From: address is in the user's white-list
1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80%
[score: 0.6114]
0.0 HTML_MESSAGE BODY: HTML included in message