You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Pedro David Marco <pe...@yahoo.com> on 2019/03/12 14:10:50 UTC

Scoring HTTPS to HTTP

Hi everybody...
may i ask your opinion about how strong you score links that  use HTTPS in the anchor but really go to HTTP ...
I would love to score them heavily but....

I am finding them very oftenly in newsletters and notifications from big manufacturers (among HTML errros, MIME errors, etc. in a great paradox because they "sell" email security and according to Gartner they are the "Masters of the Universe").

-------PedroD

Re: Scoring HTTPS to HTTP

Posted by Grant Taylor <gt...@tnetconsulting.net>.

On 3/12/19 8:10 AM, Pedro David Marco wrote:
> may i ask your opinion about how strong you score links that  use HTTPS 
> in the anchor but really go to HTTP ...

I don't have an opinion, but I do have a question:

Are you referring to the text between the opening and closing anchor 
tags indicating "https://" yet the actual href value being "http://"?

> I would love to score them heavily but....

I can see the value in applying some score to such a discrepancy.  But I 
wouldn't deduct from the score for (matching) "https://".

It's been my experience that undesirables are more likely to adopt good 
technologies (like HTTPS) than desirableness.  I think they do so 
partially in hopes that people will deduct from the spam score and thus 
gain more of a spam score budget to work with.

> I am finding them very oftenly in newsletters and notifications from big 
> manufacturers (among HTML errros, MIME errors, etc. in a great paradox 
> because they "sell" email security and according to Gartner they are the 
> "Masters of the Universe").

Ya.  I've been known to send comments to the Postmaster and / or list 
administrator for things like that.  Sometimes the generic "Contact Us" 
form on the website if it's a company I care about at all.  It's usually 
a "Hi, you have <bla> problem.  Please contact me at <details> if you'd 
like to know more."  Sometimes I get a follow up email, sometimes I 
don't.  I will say, that any time I do get a follow up email, the person 
on the other end is usually quite grateful for the notification.

It comes down to people don't know what's broken and as such can't fix 
it.  Once they learn what's broken, they can prioritize fixing it as the 
business necessitates.

-- 
Grant. . . .
unix || die