You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Christian Brel <br...@copperproductions.co.uk> on 2010/01/05 20:20:53 UTC
Re: [SPAM:9.6] semi-legit senders in DNSWL and habeas - a hard
problem
On Tue, 05 Jan 2010 12:10:28 -0500
Greg Troxel <gd...@ir.bbn.com> wrote:
>
> I've recently gotten multiple spams from linkedin. (I don't consider
> invitations from people I dimly have heard of spam.) These are
> typically invitations that are sent to mailinglists, and occasionally
> invitationos from people that I have never ever heard of.
>
> I believe what is going on is that there is some way for people to
> upload an entire addressbook and then bulk-spam all those addresses
> with invitations.
>
> The problem is that linkedin is getting adjusted scores due to
>
> RCVD_IN_DNSWL_MED
> HABEAS_ACCREDITED_SOI
> RCVD_IN_BSP_TRUSTED
>
> Here is an example (I have the postgis mailinglist in
> trusted_networks):
>
> http://www.lexort.com/spam/spam-linkedin.out.txt
>
> At least for my scores, the +2 points for HABEAS and BSP
> counterbalance the dnswl.
>
> I have sent mail to abuse@linkedin.com, but have never gotten any
> response.
>
> I complained to dnswl, and that got linkedin.com moved to MED from HI
> (thanks!), but I think MED is still excessive.
>
> Once again I went to returnpath and senderscorecertified's web pages,
> and found no link to an email address to report being spammed by one
> of their customers. Can anyone from returnpath explain why this
> glaring problem hasn't been fixed, or better yet fix it? And also
> remove linkedin as a certified address, because they are spamming?
>
> This is a general problem, more than linkedin - this has happened with
> twitter and faceboook as well.
>
> The problem seems to have multiple related components:
>
> linkedin is a spam source because they off bulk inviting
>
> whitelists list them because some of their mail is legitimate
>
> SA gives negative points to whitelists where most of the hosts on
> the whitelist don't send spam, and those that do send some ham
>
> Clearly some things that should happen are:
>
> dnswl should drop linkedin, because it doesn't meet "Extremely rare
> spam occurrences, corrected promptly." because 1) this keeps
> happening because the structural problem has not been addressed and
> 2) there is no functioning abuse@. I don't think linkedin belongs
> even in LOW, but it's fair to be in NONE (legit server, also sends
> spam).
>
> returnpath should drop linkedin, because they send spam and the
> mails I referenced above clearly do not meet any definition of opt in
>
> But it's hard for SA to cause these changes. dnswl clearly has value,
> and perhaps part of the difficulty is that it gets used for two
> reasons: not blocking connections or greylisting at the MTA level,
> and spam filtering. It's certainly reasonable for linkedin to be in
> a "don't outright block" list, but not for it to get a pass from
> filtering given the spam that comes out of it.
>
> Does anyone have any ideas of what else might help?
#ADD TO THE END OF local.cf at your own risk
score RCVD_IN_BSP_TRUSTED 0 4.3 0 4.3
score RCVD_IN_SSC_TRUSTED_COI 0 3.7 0 3.7
score HABEAS_ACCREDITED_COI 0 8.0 0 8.0
score HABEAS_ACCREDITED_SOI 0 4.3 0 4.3
score HABEAS_CHECKED 0 0.2 0 0.2
score RCVD_IN_DNSWL_LOW 0 1 0 1
score RCVD_IN_DNSWL_MED 0 4 0 4
score RCVD_IN_DNSWL_HI 0 8 0 8
score RCVD_IN_IADB_VOUCHED 0 2.2 0 2.2
score RCVD_IN_IADB_DOPTIN 0 4 0 4
score RCVD_IN_IADB_ML_DOPTIN 0 6 0 6
score HASHCASH_20 0.500
score HASHCASH_21 0.700
score HASHCASH_22 1.000
score HASHCASH_23 2.000
score HASHCASH_24 3.000
score HASHCASH_25 4.000
score HASHCASH_HIGH 5.000
Re: [SPAM:9.6] semi-legit senders in DNSWL and habeas - a hard
problem
Posted by ram <ra...@netcore.co.in>.
On Tue, 2010-01-05 at 14:39 -0500, Bowie Bailey wrote:
> Christian Brel wrote:
> > On Tue, 05 Jan 2010 12:10:28 -0500
> > Greg Troxel <gd...@ir.bbn.com> wrote:
> >
> >
> >>
> >> Does anyone have any ideas of what else might help?
> >>
> >
> >
> > #ADD TO THE END OF local.cf at your own risk
> > score RCVD_IN_BSP_TRUSTED 0 4.3 0 4.3
> > score RCVD_IN_SSC_TRUSTED_COI 0 3.7 0 3.7
> > score HABEAS_ACCREDITED_COI 0 8.0 0 8.0
> > score HABEAS_ACCREDITED_SOI 0 4.3 0 4.3
> > score HABEAS_CHECKED 0 0.2 0 0.2
> > score RCVD_IN_DNSWL_LOW 0 1 0 1
> > score RCVD_IN_DNSWL_MED 0 4 0 4
> > score RCVD_IN_DNSWL_HI 0 8 0 8
^^^^^^^^
Dont your SA-list mails go into spam .. or do you whitelist them
Re: [SPAM:9.6] semi-legit senders in DNSWL and habeas - a hard problem
Posted by Bowie Bailey <Bo...@BUC.com>.
Christian Brel wrote:
> On Tue, 05 Jan 2010 12:10:28 -0500
> Greg Troxel <gd...@ir.bbn.com> wrote:
>
>
>>
>> Does anyone have any ideas of what else might help?
>>
>
>
> #ADD TO THE END OF local.cf at your own risk
> score RCVD_IN_BSP_TRUSTED 0 4.3 0 4.3
> score RCVD_IN_SSC_TRUSTED_COI 0 3.7 0 3.7
> score HABEAS_ACCREDITED_COI 0 8.0 0 8.0
> score HABEAS_ACCREDITED_SOI 0 4.3 0 4.3
> score HABEAS_CHECKED 0 0.2 0 0.2
> score RCVD_IN_DNSWL_LOW 0 1 0 1
> score RCVD_IN_DNSWL_MED 0 4 0 4
> score RCVD_IN_DNSWL_HI 0 8 0 8
> score RCVD_IN_IADB_VOUCHED 0 2.2 0 2.2
> score RCVD_IN_IADB_DOPTIN 0 4 0 4
> score RCVD_IN_IADB_ML_DOPTIN 0 6 0 6
> score HASHCASH_20 0.500
> score HASHCASH_21 0.700
> score HASHCASH_22 1.000
> score HASHCASH_23 2.000
> score HASHCASH_24 3.000
> score HASHCASH_25 4.000
> score HASHCASH_HIGH 5.000
>
It should be pointed out that the result of this change is to give a
positive score to a bunch of whitelists (the opposite of their intended
use). I'm not going to enter the argument over whether this is a good
idea or not, but just make sure you know what you are doing before you
blindly apply these score changes.
--
Bowie