You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Pierre Thomson <Pi...@bruderhof.com> on 2004/09/08 14:38:40 UTC
Unreasonable penalty for AOL addresses ending in numbers?
I have had a couple of FP's recently from valid AOL users. AOL recommends appending digits to your screen name to make it unique, and many users do that. The result (sender using AOL 9.0 client, SA 2.63) is a penalty of 6.39 points right off the bat. Isn't that a bit extreme?
Pierre Thomson
BIC
Received: from imo-m15.mx.aol.com (imo-m15.mx.aol.com [64.12.138.205])
by mail1.domain.com (8.11.6/8.11.6) with ESMTP id i882gcu10544
for <Je...@domain.com>; Tue, 7 Sep 2004 22:42:38 -0400
Received: from Char137048@aol.com
by imo-m15.mx.aol.com (mail_out_v37_r3.4.) id 4.13c.83038c (3972)
for <Je...@domain.com>; Tue, 7 Sep 2004 22:42:29 -0400 (EDT)
From: Char137048@aol.com
Message-ID: <13...@aol.com>
Date: Tue, 7 Sep 2004 22:42:29 EDT
Subject: Re: Equipment
To: JeanPotts@domain.com
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-----------------------------1094611349"
X-Mailer: 9.0 for Windows sub 5112
X-Local-MailScanner-Information: See www.mailscanner.info for information
X-Local-MailScanner: Found to be clean
X-Local-MailScanner-SpamCheck: spam, SpamAssassin (score=6.651, required 6,
ADDR_NUMS_AT_BIGSITE 2.70, BAYES_40 -0.00, FROM_ENDS_IN_NUMS 0.99,
FROM_WEBMAIL_END_NUMS6 2.70, HTML_MESSAGE 0.10, NO_REAL_NAME 0.16)
X-MailScanner-From: char137048@aol.com
Return-Path: Char137048@aol.com
X-OriginalArrivalTime: 08 Sep 2004 02:42:45.0517 (UTC) FILETIME=[8554E3D0:01C4954D]
Re: Unreasonable penalty for AOL addresses ending in numbers?
Posted by Steve Bertrand <ia...@ibctech.ca>.
>> I have had a couple of FP's recently from valid AOL users. AOL
>> recommends appending digits to your screen name to make it unique,
>> and
>> many users do that. The result (sender using AOL 9.0 client, SA
>> 2.63)
>> is a penalty of 6.39 points right off the bat. Isn't that a bit
>> extreme?
>
> I know at my site, the ratio of valid users and phony users ending in
> nums is about 1000:1. If this is the same as at your site, the easiest
> thing to do probably would be to whitelist the users. You could also
> lower the score of these rules and let the other rules do their job
> instead. Most of the spam coming from these types of users scores in
> the teens to 20's anyway, so if it's legit, then SA should score
> accordingly, aside from the rules listed in your headers.
Whoops! READ:
Phony: 1000
Valid: 1
;o)
>
> Just my .02
>
> Steve
>
>>
>> Pierre Thomson
>> BIC
>>
>>
>> Received: from imo-m15.mx.aol.com (imo-m15.mx.aol.com
>> [64.12.138.205])
>> by mail1.domain.com (8.11.6/8.11.6) with ESMTP id i882gcu10544
>> for <Je...@domain.com>; Tue, 7 Sep 2004 22:42:38 -0400
>> Received: from Char137048@aol.com
>> by imo-m15.mx.aol.com (mail_out_v37_r3.4.) id 4.13c.83038c (3972)
>> for <Je...@domain.com>; Tue, 7 Sep 2004 22:42:29 -0400 (EDT)
>> From: Char137048@aol.com
>> Message-ID: <13...@aol.com>
>> Date: Tue, 7 Sep 2004 22:42:29 EDT
>> Subject: Re: Equipment
>> To: JeanPotts@domain.com
>> MIME-Version: 1.0
>> Content-Type: multipart/alternative;
>> boundary="-----------------------------1094611349"
>> X-Mailer: 9.0 for Windows sub 5112
>> X-Local-MailScanner-Information: See www.mailscanner.info for
>> information
>> X-Local-MailScanner: Found to be clean
>> X-Local-MailScanner-SpamCheck: spam, SpamAssassin (score=6.651,
>> required 6,
>> ADDR_NUMS_AT_BIGSITE 2.70, BAYES_40 -0.00, FROM_ENDS_IN_NUMS 0.99,
>> FROM_WEBMAIL_END_NUMS6 2.70, HTML_MESSAGE 0.10, NO_REAL_NAME 0.16)
>> X-MailScanner-From: char137048@aol.com
>> Return-Path: Char137048@aol.com
>> X-OriginalArrivalTime: 08 Sep 2004 02:42:45.0517 (UTC)
>> FILETIME=[8554E3D0:01C4954D]
>>
>
>
>
Re: Unreasonable penalty for AOL addresses ending in numbers?
Posted by Steve Bertrand <ia...@ibctech.ca>.
> I have had a couple of FP's recently from valid AOL users. AOL
> recommends appending digits to your screen name to make it unique, and
> many users do that. The result (sender using AOL 9.0 client, SA 2.63)
> is a penalty of 6.39 points right off the bat. Isn't that a bit
> extreme?
I know at my site, the ratio of valid users and phony users ending in
nums is about 1000:1. If this is the same as at your site, the easiest
thing to do probably would be to whitelist the users. You could also
lower the score of these rules and let the other rules do their job
instead. Most of the spam coming from these types of users scores in
the teens to 20's anyway, so if it's legit, then SA should score
accordingly, aside from the rules listed in your headers.
Just my .02
Steve
>
> Pierre Thomson
> BIC
>
>
> Received: from imo-m15.mx.aol.com (imo-m15.mx.aol.com [64.12.138.205])
> by mail1.domain.com (8.11.6/8.11.6) with ESMTP id i882gcu10544
> for <Je...@domain.com>; Tue, 7 Sep 2004 22:42:38 -0400
> Received: from Char137048@aol.com
> by imo-m15.mx.aol.com (mail_out_v37_r3.4.) id 4.13c.83038c (3972)
> for <Je...@domain.com>; Tue, 7 Sep 2004 22:42:29 -0400 (EDT)
> From: Char137048@aol.com
> Message-ID: <13...@aol.com>
> Date: Tue, 7 Sep 2004 22:42:29 EDT
> Subject: Re: Equipment
> To: JeanPotts@domain.com
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="-----------------------------1094611349"
> X-Mailer: 9.0 for Windows sub 5112
> X-Local-MailScanner-Information: See www.mailscanner.info for
> information
> X-Local-MailScanner: Found to be clean
> X-Local-MailScanner-SpamCheck: spam, SpamAssassin (score=6.651,
> required 6,
> ADDR_NUMS_AT_BIGSITE 2.70, BAYES_40 -0.00, FROM_ENDS_IN_NUMS 0.99,
> FROM_WEBMAIL_END_NUMS6 2.70, HTML_MESSAGE 0.10, NO_REAL_NAME 0.16)
> X-MailScanner-From: char137048@aol.com
> Return-Path: Char137048@aol.com
> X-OriginalArrivalTime: 08 Sep 2004 02:42:45.0517 (UTC)
> FILETIME=[8554E3D0:01C4954D]
>
Re: Unreasonable penalty for AOL addresses ending in numbers?
Posted by Martin Hepworth <ma...@solid-state-logic.com>.
Pierre
depends on how you handle a score of 6.651 in MailScanner....
I deliver (with Tagged subject) scores from 5-10, and block anything
with score > 10, so this kind of thing still ends up in the recipients
email.
You could lower the score of the rules in spam.assassin.prefs.conf, or
whitelist known users in the same file..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Pierre Thomson wrote:
> I have had a couple of FP's recently from valid AOL users. AOL recommends appending digits to your screen name to make it unique, and many users do that. The result (sender using AOL 9.0 client, SA 2.63) is a penalty of 6.39 points right off the bat. Isn't that a bit extreme?
>
> Pierre Thomson
> BIC
>
>
> Received: from imo-m15.mx.aol.com (imo-m15.mx.aol.com [64.12.138.205])
> by mail1.domain.com (8.11.6/8.11.6) with ESMTP id i882gcu10544
> for <Je...@domain.com>; Tue, 7 Sep 2004 22:42:38 -0400
> Received: from Char137048@aol.com
> by imo-m15.mx.aol.com (mail_out_v37_r3.4.) id 4.13c.83038c (3972)
> for <Je...@domain.com>; Tue, 7 Sep 2004 22:42:29 -0400 (EDT)
> From: Char137048@aol.com
> Message-ID: <13...@aol.com>
> Date: Tue, 7 Sep 2004 22:42:29 EDT
> Subject: Re: Equipment
> To: JeanPotts@domain.com
> MIME-Version: 1.0
> Content-Type: multipart/alternative; boundary="-----------------------------1094611349"
> X-Mailer: 9.0 for Windows sub 5112
> X-Local-MailScanner-Information: See www.mailscanner.info for information
> X-Local-MailScanner: Found to be clean
> X-Local-MailScanner-SpamCheck: spam, SpamAssassin (score=6.651, required 6,
> ADDR_NUMS_AT_BIGSITE 2.70, BAYES_40 -0.00, FROM_ENDS_IN_NUMS 0.99,
> FROM_WEBMAIL_END_NUMS6 2.70, HTML_MESSAGE 0.10, NO_REAL_NAME 0.16)
> X-MailScanner-From: char137048@aol.com
> Return-Path: Char137048@aol.com
> X-OriginalArrivalTime: 08 Sep 2004 02:42:45.0517 (UTC) FILETIME=[8554E3D0:01C4954D]
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
Re: Unreasonable penalty for AOL addresses ending in numbers?
Posted by jdow <jd...@earthlink.net>.
Hm, ADDR_NUMS_AT_BIGSITE and FROM_WEBMAIL_END_NUMS6 seem to be redundant.
But then, nothing intelligent comes from AOL is a good rule here. I had
to whitelist only one address at AOL over the last several years. So I
never bothered about it before. (I told the holder of that address that
his AOL address may be the biggest reason his proposals to customers have
not been making it sometimes. Heavy AOL filters seem to be a generic spam
filter phenomenon.) However, I suspect redundant rules in the basic score
set are not really required.
{^_^}
----- Original Message -----
From: "Pierre Thomson" <Pi...@bruderhof.com>
To: <us...@spamassassin.apache.org>
Sent: Wednesday, 2004 September, 08 05:38
Subject: Unreasonable penalty for AOL addresses ending in numbers?
> I have had a couple of FP's recently from valid AOL users. AOL recommends
appending digits to your screen name to make it unique, and many users do
that. The result (sender using AOL 9.0 client, SA 2.63) is a penalty of
6.39 points right off the bat. Isn't that a bit extreme?
>
> Pierre Thomson
> BIC
>
>
> Received: from imo-m15.mx.aol.com (imo-m15.mx.aol.com [64.12.138.205])
> by mail1.domain.com (8.11.6/8.11.6) with ESMTP id i882gcu10544
> for <Je...@domain.com>; Tue, 7 Sep 2004 22:42:38 -0400
> Received: from Char137048@aol.com
> by imo-m15.mx.aol.com (mail_out_v37_r3.4.) id 4.13c.83038c (3972)
> for <Je...@domain.com>; Tue, 7 Sep 2004 22:42:29 -0400 (EDT)
> From: Char137048@aol.com
> Message-ID: <13...@aol.com>
> Date: Tue, 7 Sep 2004 22:42:29 EDT
> Subject: Re: Equipment
> To: JeanPotts@domain.com
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
boundary="-----------------------------1094611349"
> X-Mailer: 9.0 for Windows sub 5112
> X-Local-MailScanner-Information: See www.mailscanner.info for information
> X-Local-MailScanner: Found to be clean
> X-Local-MailScanner-SpamCheck: spam, SpamAssassin (score=6.651, required
6,
> ADDR_NUMS_AT_BIGSITE 2.70, BAYES_40 -0.00, FROM_ENDS_IN_NUMS 0.99,
> FROM_WEBMAIL_END_NUMS6 2.70, HTML_MESSAGE 0.10, NO_REAL_NAME 0.16)
> X-MailScanner-From: char137048@aol.com
> Return-Path: Char137048@aol.com
> X-OriginalArrivalTime: 08 Sep 2004 02:42:45.0517 (UTC)
FILETIME=[8554E3D0:01C4954D]
Re: Unreasonable penalty for AOL addresses ending in numbers?
Posted by Robert Menschel <Ro...@Menschel.net>.
Hello Pierre,
Wednesday, September 8, 2004, 5:38:40 AM, you wrote:
PT> I have had a couple of FP's recently from valid AOL users. AOL
PT> recommends appending digits to your screen name to make it unique,
PT> and many users do that. The result (sender using AOL 9.0 client, SA
PT> 2.63) is a penalty of 6.39 points right off the bat. Isn't that a
PT> bit extreme?
"Extreme" depends on the receiving system. Apparently yes, on your
system, and would be on mine, except here we use:
required_hits 9
score ADDR_NUMS_AT_BIGSITE 0.194 # 305s/156h of 112471 corpus (92494s/19977h) 03/16/04
score FROM_ENDS_IN_NUMS 0.10 # Reduced 6/23,03, 11/21/03, 2/1/04. 4793s/1122h of 81370 corpus
score FROM_WEBMAIL_END_NUMS6 0.167 # 2.61 defaults halved 1/6/04 due to FP, reduced again 2/21/04 - 294s/175h of 100793 corpus (82099s/18694h) 02/21/04
Looking ahead to SA version 3, I see that the new distribution scores will be
score ADDR_NUMS_AT_BIGSITE 0.072 0.748 0.112 0.081
score FROM_ENDS_IN_NUMS 0.177 0.516 0.517 0.000
score FROM_WEBMAIL_END_NUMS6 0.178 0.046 0.389 0.000
so yes, the problem goes away with the next release, where the maximum
score for these three rules will be 1.3
Bob Menschel