You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2021/03/05 16:15:26 UTC
[Bug 7887] New: SpamAssasin reporting company email as SPAM
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7887
Bug ID: 7887
Summary: SpamAssasin reporting company email as SPAM
Product: Spamassassin
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: spamassassin
Assignee: dev@spamassassin.apache.org
Reporter: bertalan.imre@bitandpixel.hu
Target Milestone: Undefined
Dear DreamTeam!
I'm writing this Bug Report because I don't know where to go for solution with
my problem. If this is not the right place, please point me to the right
direction.
Let me explain myself and the issue. We have a product which is using the
domain name hams.online (https://hams.online). We are using this domain
attached to a G-Suite account to keep in touch with customers.
Now, the application sends out reports, warnings, information frequently and so
we encountered the limit at Google. So I've installed an iRedMail on a
different server and we decided to attach another domain to it: hams.group So
when the system sends an automatic email, the sender is info@hams.group.
Now because of the systems goal and work mechanic, even if the sender is
info@hams.group, the reply-to is always the users actual Hunting Companies
contact email. Not our hams.group mail. The info@hams.group can receive emails,
we just do not wish to use it at all since the main communication goes at
info@hams.online.
We also use hams.world and hams.photos domains for other parts of the system,
but they are mostly for receiving email. So it works fine.
However our system email goes to SPAM folder since yesterday and it is a very
big issue. Users do not get notified about occupied areas and estates about
users stuck on their territory.
According to mail tester, we encounter the following issues (among others)
The famous spam filter SpamAssassin. Score: -4.5.
https://www.mail-tester.com/test-i71xuvx2s
* FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
* PDS_OTHER_BAD_TLD PDS_OTHER_BAD_TLD URI: www.hams.online (online)
Now I don't know who to ask to remove our domain name from the "Bad TLD list"
or how to set up our mail service or DNS records to accept a completely
different reply to than the sender, but we are in need of resolving this issue
quick. :(
Can you help me with my issue please? I'm aware, these information are not
enough usually to resolve this kind of issue, so please ask and I'll provide
you with what I can. But for starters, I don't even know who and how to contact
SpamAssasin team. This looked like the best idea.
Thanks in advance!
Best Regards:
Bertalan Imre
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7887] SpamAssasin reporting company email as SPAM
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7887
Bertalan Imre <be...@bitandpixel.hu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bertalan.imre@bitandpixel.h
| |u
--- Comment #2 from Bertalan Imre <be...@bitandpixel.hu> ---
Dear Cole,
Thank you very much for your very detailed and explaining help. You confirmed
my fear as what is wrong with our emails and we will try to make changes to it
accordingly. With the '*.online' domain we are unable to go back and we have to
fine tune this domain. However, the biggest issue is not with the outgoing
email from the info@hams.online domain, but from the info@hams.group and the
emails sent from there. That is what we need to figure out why "suddenly" they
go to the SPAM folder for many email service providers.
Anyway, thank you again for your help and if you have any idea, don't keep it
to yourself. :)
Best Regards:
Imre Bertalan
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7887] SpamAssasin reporting company email as SPAM
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7887
--- Comment #4 from Bill Cole <bi...@apache.org> ---
(In reply to PeterHarding from comment #3)
> emails from the domain pfp.uk.net are being blocked even though they are a
> genuine company that does NOT spam, which a valid SPF/DKIM and DMARC
1. In any case that would not be an actionable bug report, as it lacks any
concrete example that is *NOT* associated with a specific receiving site and
which clearly demonstrates a misclassification of a message by SpamAssassin
using the current (or at least very recent) default ruleset and scores.
2. In most cases, "false positive" issues are better handled via the
SpamAssassin Users discussion list
(https://cwiki.apache.org/confluence/display/SPAMASSASSIN/MailingLists) where a
broad audience of SA users can analyze the root cause and advise on whether the
problem is due to something that SA is doing incorrectly (i.e. an ACTUAL bug.)
3. DO NOT HIJACK UNRELATED BUG REPORTS!
4. DO NOT ADD IRRELEVANT COMMENTS TO CLOSED INVALID BUG REPORTS!
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7887] SpamAssasin reporting company email as SPAM
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7887
Bill Cole <bi...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |billcole@apache.org
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #1 from Bill Cole <bi...@apache.org> ---
SHORT FORM: There's no "bug" here, just SpamAssassin operating as designed.
That is not to say that your problem isn't real. You may find more assistance
on the SpamAssassin Users mailing list.
See https://lists.apache.org/list.html?users@spamassassin.apache.org
LONGER FORM:
There are multiple issues here...
1. Mail-tester.com runs a test against THEIR variant version and configuration
of SpamAssassin. A recent report indicates that they are using a ruleset which
is long out of date, with manually-adjusted scores. There is no way that we can
treat their analysis as evidence of anything wrong with the current version of
SpamAssassin in a normal configuration. Also: they show your message scoring
4.5, which is safely below the standard SA threshold of 5.0 So: garbage results
from mail-tester.com are never an indicator of any sort of bug in SA.
2. Legitimate streams of mail matching one or more SA rules DOES NOT constitute
a bug per se, particularly if the rules show high accuracy in our QA system
(ruleqa.spamassassin.org) and that mail is not routinely scored over the
standard threshold of 5.0. Both of the cited rules together only add 3.8 points
with the current scoring. So: legitimate mail hitting both of those rules is
not an indicator of any sort of bug in SA.
3. Historically, the 'online' TLD was abused for large batches of apparent
'trial' domains set up solely to send spam from domains with no prior
reputation. By allowing that, the people running the TLD permanently damaged
the email reputation of the TLD for EVERYONE they sell domains to. Using a
*.online domain for the sender of email continues to correlate to mail being
spam, so that rule remains useful, even if it matches a tiny fraction of
legitimate mail. So: hitting PDS_OTHER_BAD_TLD due to use of the "online" TLD
specifically is not an indicator of any sort of bug in SA.
4. If you set a "Reply-To" header to any freemail address (in this case,
according to that mail-tester.com page, a gmail.com address) which is not in
the same domain as the address in the "From" header, your mail will hit the
highly accurate and highly effective FREEMAIL_FORGED_REPLYTO rule. Do not do
that: it is a widely-used trick of account hijackers and phishing
practitioners. Many spam filters other than SA will see that as a spam
indication. So: hitting FREEMAIL_FORGED_REPLYTO specifically is not an
indicator of any sort of bug in SA.
5. The .online TLD has been part of the PDS_OTHER_BAD_TLD rule for over a year
and FREEMAIL_FORGED_REPLYTO is much older, so any recent change in how your
mail is handled cannot be a result of that SpamAssassin rule. So: a recent
change in how anyone is handling your mail is not an indicator of any sort of
bug in SA.
6. When you say your mail "goes to SPAM folder" that seems like an indictment
of some specific site's email filtering policy. If it is happening at GMail, I
am 100% certain that no changes to SpamAssassin can be related to that, as they
do not use SA. In fact, none of the major retail mailbox providers will admit
to using SA, even though we would be happy if they did so and it would be as
free to them as it is to all users. How mail is delivered at any particular
site is entirely out of our control, all we do is provide a framework for
scoring email as "spam" or "ham" (i.e. non-spam) and mail systems which use SA
scores make their own decisions entirely on how to handle mail based on SA
scores. So: delivery to a "spam folder" by any particular mail provider is a
choice of that provider, not an indicator of any sort of bug in SA.
I am sympathetic to your very real problem, however it is not likely to be
caused in any way by SpamAssassin and even if it is due to some non-standard
way that one or more mail systems is using SpamAssassin, there is no way for it
to be fixed within SpamAssassin without reducing its efficacy for most users.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7887] SpamAssasin reporting company email as SPAM
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7887
Bill Cole <bi...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |trivial
Priority|P2 |P5
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7887] SpamAssasin reporting company email as SPAM
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7887
--- Comment #3 from PeterHarding <pe...@distinctit.co.uk> ---
emails from the domain pfp.uk.net are being blocked even though they are a
genuine company that does NOT spam, which a valid SPF/DKIM and DMARC
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7887] SpamAssasin reporting company email as SPAM
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7887
PeterHarding <pe...@distinctit.co.uk> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |peter@distinctit.co.uk
--
You are receiving this mail because:
You are the assignee for the bug.