You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Scheidell <sc...@secnap.net> on 2010/04/21 22:58:29 UTC
expedia emails broken, anyone got a contact?
getting lots of (I would assume) important non spam
Subject: Itinerary -
emails from expedia. probably not forged, not spam, but their emails are
atrociously formatted. (non RFC compliant, broken, etc)
even if the date header wasn't non standard, it would still be almost a
FP. another .2 points for bayes and it would be.
(and the to == from is because they let the web users send out itinerary
notices from themselves, to themselves)
X-Spam-Status:Yes, score=5.861 tag=-999 tag2=6 kill=6 tests=[BAYES_50=0.8, TML_MESSAGE=0.001, INVALID_DATE=1.096, MIME_HTML_ONLY=0.223, NO_REAL_NAME=1, RELAY_COUNTRY_US=0.001, SARE_OEM_S_PRICE=1, TO_EQ_FM_DIRECT_MX=0.001, TO_EQ_FM_HTML_DIRECT=1.728, TO_EQ_FM_HTML_ONLY=0.001, T_LOTS_OF_MONEY=0.01] autolearn=no
Received: from spammertrap1.domain.com ([127.0.0.1]) by spammertrap1.domain.com (spammertrap1.domain.com [127.0.0.1]) (SpammerTrap(r) SME-500, port 10024) with LMTP id smDCmm3kf1oC for<ir...@domain.com>; Wed, 21 Apr 2010 15:11:12 -0400 (EDT)
Received: from mx.expedia.com (mx.expedia.com [216.251.112.210]) by spammertrap1.domain.com (Postfix) with ESMTP id 292C16164F3 for<IR...@domain.com>; Wed, 21 Apr 2010 15:11:10 -0400 (EDT)
Message-Id: <8i...@mx.expedia.com>
Date: 21 Apr 10 12:11 -0800
From: jim.rodgers@domain.net
To: jim.rodgers@domain.net
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
Re: expedia emails broken, anyone got a contact?
Posted by John Wilcock <jo...@tradoc.fr>.
Le 22/04/2010 15:13, John Hardin a écrit :
>> Bayes 50 is neutral and you're scoring it at 0.8?
>
> Agreed that's not a good idea.
Except that 0.8 is the default score for BAYES_50 under 3.3.0 and 3.3.1...
John.
--
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr
Re: expedia emails broken, anyone got a contact?
Posted by John Hardin <jh...@impsec.org>.
On Thu, 22 Apr 2010, LuKreme wrote:
> On 21-Apr-2010, at 14:58, Michael Scheidell wrote:
>>
>> BAYES_50=0.8, TML_MESSAGE=0.001, INVALID_DATE=1.096,
>> MIME_HTML_ONLY=0.223, NO_REAL_NAME=1, RELAY_COUNTRY_US=0.001,
>> SARE_OEM_S_PRICE=1, TO_EQ_FM_DIRECT_MX=0.001,
>> TO_EQ_FM_HTML_DIRECT=1.728, TO_EQ_FM_HTML_ONLY=0.001,
>> T_LOTS_OF_MONEY=0.01
>
> Bayes 50 is neutral and you're scoring it at 0.8?
Agreed that's not a good idea.
> is TO_EG_FM_HTML_DIRECT a standard rule? I've never seen it.
It's autopromoted from my sandbox. I suspect it's hitting because of the
poor Received: headers that expedia is generating.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
You can't reason a person out of a position if he didn't use
reason to get there in the first place. -- Kristopher, at Marko's
-----------------------------------------------------------------------
Tomorrow: Max Planck's 152nd birthday
Re: expedia emails broken, anyone got a contact?
Posted by LuKreme <kr...@kreme.com>.
On 21-Apr-2010, at 14:58, Michael Scheidell wrote:
>
> AYES_50=0.8, TML_MESSAGE=0.001, INVALID_DATE=1.096, MIME_HTML_ONLY=0.223, NO_REAL_NAME=1, RELAY_COUNTRY_US=0.001, SARE_OEM_S_PRICE=1, TO_EQ_FM_DIRECT_MX=0.001, TO_EQ_FM_HTML_DIRECT=1.728, TO_EQ_FM_HTML_ONLY=0.001, T_LOTS_OF_MONEY=0.01
Bayes 50 is neutral and you're scoring it at 0.8?
is TO_EG_FM_HTML_DIRECT a standard rule? I've never seen it.
There's 2.5 of your problem right there.
--
'Charity ain't giving people what you wants to give, it's giving people what
they need to get.' --Hogfather