You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Jared Hall <ja...@jaredsec.com> on 2021/09/01 02:02:11 UTC

Address Oddities

Here's a spample snippet from a Google user-forwarded Email to their 
account here:

subject: ***SPAM*** welcome ixzS
CC:<Jeff@Apple Macbook Pro>
List-ID: <6417211.xt.local>
In-Reply-To: <CA...@DioyQXbxOiCEmtZBmoCV.org>
Date: Tue, 31 Aug 2021 20:23:19 +0200
Sender: Jeff-W4wSfQJNlCh@bentenpreg.co.uk
To:  <Jeff@Apple Macbook Pro>
From: "ProvideInsurance" <is...@icloud.com>

The body content makes the old Chickenpox rules look legible :)

It hit spam as it had a malformed Sendgrid message ID header in it, MIXED_CENTER_CASE, MIXED_HREF_CASE, MIXED_AREA_CASE,
and MIXED_IMG_CASE.  Despite obviously bad To: and CC: addresses, the only rule that triggered was paltry:

TO_MALFORMED=0.1

0.1. Seriously?  Could we at least get a 0.1 for the CC address also?

Aargh,

-- Jared Hall

Re: Address Oddities

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

On 31.08.21 22:02, Jared Hall wrote:
>Here's a spample snippet from a Google user-forwarded Email to their 
>account here:
>
>subject: ***SPAM*** welcome ixzS
>CC:<Jeff@Apple Macbook Pro>
>List-ID: <6417211.xt.local>
>In-Reply-To: <CA...@DioyQXbxOiCEmtZBmoCV.org>
>Date: Tue, 31 Aug 2021 20:23:19 +0200
>Sender: Jeff-W4wSfQJNlCh@bentenpreg.co.uk
>To:  <Jeff@Apple Macbook Pro>
>From: "ProvideInsurance" <is...@icloud.com>

got pastebin sample?

>The body content makes the old Chickenpox rules look legible :)

afaik chickenpox used to misfire on ascii supersets

>It hit spam as it had a malformed Sendgrid message ID header in it, MIXED_CENTER_CASE, MIXED_HREF_CASE, MIXED_AREA_CASE,
>and MIXED_IMG_CASE.  Despite obviously bad To: and CC: addresses, the only rule that triggered was paltry:
>
>TO_MALFORMED=0.1
>
>0.1. Seriously?  Could we at least get a 0.1 for the CC address also?

apparently they are more eligible for meta rules.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler