You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by greenone <lu...@gramberg-webdesign.de> on 2007/09/24 22:26:16 UTC
is this a bug? trying to avoid beeing marked as spam
Hi there,
i'm programming a website backend and it is sending emails to confirm
registrations, password-recovs and other functions (no spam of course).
My mail still gets hit with Spam-scores and i don't know what to do at this
point, maybe you do.
Old-X-HE-Spam-Report: Content analysis details: (2.4 points)
pts rule name description
---- ----------------------
--------------------------------------------------
0.1 RDNS_NONE Delivered to trusted network by a host with no
rDNS
0.8 ZMIvirSobY_SUB33 SPAM from Sober-Y-Virus
1.5 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words
first of all: it is absolutly impossible that the email contains a virus. it
is send via php from a 1&1 shared webhosting server.
because of the image scores most with its 1.5 points i reduced the image
size to 1358 bytes but it still says it is to big (if its that what the rule
means).
so what can i do? i'ld really prefer the companies mail not be marked as
spam. most users wont check their spam-folders and then chaos will be
perfect.
i allready changed from base64 to quoted printable encoding, also the
html-text matches exactly the plain text part. the image contained in the
email shows the companies logo, nothing else. it is embeded remotely via
https.
The Complete Email: (sensitive data = *****)
>From - Mon Sep 24 21:52:30 2007
X-Account-Key: account2
X-UIDL: 1168351184.21790
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path: <*****>
Delivery-date: Mon, 24 Sep 2007 21:51:02 +0200
Received: from mi021.mc1.hosteurope.de ([80.237.138.234])
by wp100.webpack.hosteurope.de running ExIM using esmtp
id 1IZtxO-0006BU-3x; Mon, 24 Sep 2007 21:51:02 +0200
Received: from murphysplan.de ([87.106.22.114])
by mx0.webpack.hosteurope.de (mi021.mc1.hosteurope.de) using esmtp
id 1IZtx2-0008KT-UN
for *****; Mon, 24 Sep 2007 21:50:47 +0200
Received: from [127.0.0.1] (helo=infongd9879.rtr.kundenserver.de)
by murphysplan.de with esmtp (Exim 3.35 #1)
id 1IZtx1-0004d4-00
for *****; Mon, 24 Sep 2007 21:50:39 +0200
Received: from 85.179.232.76 (IP may be forged by CGI script)
by infongd9879.rtr.kundenserver.de with HTTP
id 0XgogL-1IZtx13oio-0004d0; Mon, 24 Sep 2007 21:50:39 +0200
X-Sender-Info: <12...@infongd9879.rtr.kundenserver.de>
Date: Mon, 24 Sep 2007 21:50:39 +0200
Message-Id: <0X...@infongd9879.rtr.kundenserver.de>
Precedence: bulk
To: *****
Subject: Ihr Passwort, *****.com
From:no-reply@*****.com
Reply-To:no-reply@*****.com
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary =
SJSDHD9348934--KJSFKJ398453897348---7834SJFS--DJNS
X-HE-Virus-Scanned: yes
Old-X-HE-Spam-Level: ++
Old-X-HE-Spam-Score: 2.4
Old-X-HE-Spam-Report: Content analysis details: (2.4 points)
pts rule name description
---- ----------------------
--------------------------------------------------
0.1 RDNS_NONE Delivered to trusted network by a host with no
rDNS
0.8 ZMIvirSobY_SUB33 SPAM from Sober-Y-Virus
1.5 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
Envelope-to: *****
X-HE-Spam-Score: 0.0
X-HE-Spam-Report: Customer whitelisted
X-HE-Spam-Level: /
This is a MIME encoded message.
--SJSDHD9348934--KJSFKJ398453897348---7834SJFS--DJNS
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
... the plain text part ....
--SJSDHD9348934--KJSFKJ398453897348---7834SJFS--DJNS
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
... the html part ...
--
View this message in context: http://www.nabble.com/is-this-a-bug--trying-to-avoid-beeing-marked-as-spam-tf4511579.html#a12867609
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: is this a bug? trying to avoid beeing marked as spam
Posted by Loren Wilton <lw...@earthlink.net>.
> one thing though... the html part of the email contains only one image,
> and
> that image is -as i mentioned- only around 1300 bytes and its also just
> 250px of width so this can't be right or is it?
>
>>> 1.5 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of
>>> words
All this rule says is that there is an HTML image and the message body is
between 2400 and 2800 bytes long. It doesn't say how big the image is or
even if there is only one image. This is a relatively short message, and
from the score on that rule (and personal experience) this falls into a
range that is rather commonly ham.
You could avoid that rule by having a larger message body of text. However,
I don't know that there is any need for that, unless the 1.5 points really
bothers you.
Loren
Re: is this a bug? trying to avoid beeing marked as spam
Posted by greenone <lu...@gramberg-webdesign.de>.
thank you for the info
one thing though... the html part of the email contains only one image, and
that image is -as i mentioned- only around 1300 bytes and its also just
250px of width so this can't be right or is it?
Regards
Ludwig
Loren Wilton wrote:
>
>> My mail still gets hit with Spam-scores and i don't know what to do at
>> this
>> point, maybe you do.
>
> Getting a few points from SA on most any message is typical, not an
> exception. SA doesn't declare somethign to be spam until the total score
> exceeds the spam threshold. While this is configurable, the default value
> is 5 points.
>
>
>> Old-X-HE-Spam-Report: Content analysis details: (2.4 points)
>
> You only have 2.4 points. Unless someone grossly mis-configured an SA
> setup, that isn't a spam.
>
>
>> 0.1 RDNS_NONE Delivered to trusted network by a host with no
>> rDNS
>
> This means what it says. Unless this is a result of the path the mail
> took
> in testing that is not a normal delivery path, you should see if you can
> fix
> the rDNS.
>
>
>> 1.5 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of
>> words
>
> This is basically saying that the body is largely image. That is a very
> typical spam sign, so is worth a point or two, or in this case 1.5 points.
> However, as I mentioned above, 1.5 is a lot less than 5, so this should
> generally not be noticed.
>
> Loren
>
>
>
>
--
View this message in context: http://www.nabble.com/is-this-a-bug--trying-to-avoid-beeing-marked-as-spam-tf4511579.html#a12871259
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: is this a bug? trying to avoid beeing marked as spam
Posted by Loren Wilton <lw...@earthlink.net>.
> My mail still gets hit with Spam-scores and i don't know what to do at
> this
> point, maybe you do.
Getting a few points from SA on most any message is typical, not an
exception. SA doesn't declare somethign to be spam until the total score
exceeds the spam threshold. While this is configurable, the default value
is 5 points.
> Old-X-HE-Spam-Report: Content analysis details: (2.4 points)
You only have 2.4 points. Unless someone grossly mis-configured an SA
setup, that isn't a spam.
> 0.1 RDNS_NONE Delivered to trusted network by a host with no
> rDNS
This means what it says. Unless this is a result of the path the mail took
in testing that is not a normal delivery path, you should see if you can fix
the rDNS.
> 1.5 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of
> words
This is basically saying that the body is largely image. That is a very
typical spam sign, so is worth a point or two, or in this case 1.5 points.
However, as I mentioned above, 1.5 is a lot less than 5, so this should
generally not be noticed.
Loren
RE: is this a bug? trying to avoid beeing marked as spam
Posted by Skip <sb...@dmp.com>.
> 0.8 ZMIvirSobY_SUB33 SPAM from Sober-Y-Virus
This score has nothing to do with detecting or not detecting a virus in the
message. It is detecting specific text: "Ihr Passwort" and it is likely
specific to the test message you are using. I can't speak to why the other
rule is getting hit.
- Skip