You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Michael Monnerie <m....@zmi.at> on 2006/03/31 13:32:15 UTC

Broken FORGED_MUA_OUTLOOK checks

Hi, I get some legitimate newletter that's incorrectly marked as 
FORGED_OUTLOOK. Could someone fix that tests? Others may have that 
problem, too.

(almost) full message at http://zmi.at/x/ham01.txt

mfg zmi
-- 
// Michael Monnerie, Ing.BSc  ---   it-management Michael Monnerie
// http://zmi.at           Tel: 0660/4156531          Linux 2.6.11
// PGP Key:   "lynx -source http://zmi.at/zmi2.asc | gpg --import"
// Fingerprint: EB93 ED8A 1DCD BB6C F952  F7F4 3911 B933 7054 5879
// Keyserver: www.keyserver.net                 Key-ID: 0x70545879

Re: Broken FORGED_MUA_OUTLOOK checks

Posted by Michael Monnerie <m....@zmi.at>.

On Dienstag, 4. April 2006 09:23 Michael Monnerie wrote:
> Hi, I got feedback today that they use "Mass Mailer" to send their
> e-mails. So it's really a forged OE Mail. I told them to use
> something else, otherwise they won't be able to contact a lot of
> customers...

I received another e-mail from them, marked as SPAM. I believe it's too 
strong to give a total of 5.8 points for FORGED_.*OUTLOOK.* rules, as 
they are similar.

X-Spam-Status: Yes, hits=6.132 tagged_above=-999 required=5
 tests=FORGED_MUA_OUTLOOK=3.36, FORGED_OUTLOOK_HTML=2.514,
 HTML_FONT_BIG=0.256, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.001

Mass_checks on my corpus says:
MSECS    SPAM%     HAM%     S/O    RANK   SCORE  NAME
0.679   0.9814   0.2599    0.791   0.57    3.36  FORGED_MUA_OUTLOOK
0.557   0.8144   0.2021    0.801   0.56    3.25  FORGED_OUTLOOK_HTML

It looks like most e-mails hit both rules, or am I wrong?

mfg zmi
-- 
// Michael Monnerie, Ing.BSc  ---   it-management Michael Monnerie
// http://zmi.at           Tel: 0660/4156531          Linux 2.6.11
// PGP Key:   "lynx -source http://zmi.at/zmi2.asc | gpg --import"
// Fingerprint: EB93 ED8A 1DCD BB6C F952  F7F4 3911 B933 7054 5879
// Keyserver: www.keyserver.net                 Key-ID: 0x70545879

Re: Broken FORGED_MUA_OUTLOOK checks

Posted by Michael Monnerie <mi...@it-management.at>.

On Dienstag, 4. April 2006 09:23 Michael Monnerie wrote:
> Hi, I got feedback today that they use "Mass Mailer" to send their
> e-mails. So it's really a forged OE Mail. I told them to use
> something else, otherwise they won't be able to contact a lot of
> customers...

I received another e-mail from them, marked as SPAM. I believe it's too 
strong to give a total of 5.8 points for FORGED_.*OUTLOOK.* rules, as 
they are similar.

X-Spam-Status: Yes, hits=6.132 tagged_above=-999 required=5
 tests=FORGED_MUA_OUTLOOK=3.36, FORGED_OUTLOOK_HTML=2.514,
 HTML_FONT_BIG=0.256, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.001

Mass_checks on my corpus says:
MSECS    SPAM%     HAM%     S/O    RANK   SCORE  NAME
0.679   0.9814   0.2599    0.791   0.57    3.36  FORGED_MUA_OUTLOOK
0.557   0.8144   0.2021    0.801   0.56    3.25  FORGED_OUTLOOK_HTML

It looks like most e-mails hit both rules, or am I wrong?

mfg zmi
-- 
// Michael Monnerie, Ing.BSc    -----      http://it-management.at
// Tel: 0660/4156531                          .network.your.ideas.
// PGP Key:   "lynx -source http://zmi.at/zmi3.asc | gpg --import"
// Fingerprint: 44A3 C1EC B71E C71A B4C2  9AA6 C818 847C 55CB A4EE
// Keyserver: www.keyserver.net                 Key-ID: 0x55CBA4EE

Re: Broken FORGED_MUA_OUTLOOK checks

Posted by Michael Monnerie <mi...@it-management.at>.

On Dienstag, 4. April 2006 09:23 Michael Monnerie wrote:
> Hi, I got feedback today that they use "Mass Mailer" to send their
> e-mails. So it's really a forged OE Mail. I told them to use
> something else, otherwise they won't be able to contact a lot of
> customers...

I received another e-mail from them, marked as SPAM. I believe it's too 
strong to give a total of 5.8 points for FORGED_.*OUTLOOK.* rules, as 
they are similar.

X-Spam-Status: Yes, hits=6.132 tagged_above=-999 required=5
 tests=FORGED_MUA_OUTLOOK=3.36, FORGED_OUTLOOK_HTML=2.514,
 HTML_FONT_BIG=0.256, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.001

Mass_checks on my corpus says:
MSECS    SPAM%     HAM%     S/O    RANK   SCORE  NAME
0.679   0.9814   0.2599    0.791   0.57    3.36  FORGED_MUA_OUTLOOK
0.557   0.8144   0.2021    0.801   0.56    3.25  FORGED_OUTLOOK_HTML

It looks like most e-mails hit both rules, or am I wrong?

mfg zmi
-- 
// Michael Monnerie, Ing.BSc    -----      http://it-management.at
// Tel: 0660/4156531                          .network.your.ideas.
// PGP Key:   "lynx -source http://zmi.at/zmi3.asc | gpg --import"
// Fingerprint: 44A3 C1EC B71E C71A B4C2  9AA6 C818 847C 55CB A4EE
// Keyserver: www.keyserver.net                 Key-ID: 0x55CBA4EE

Re: Broken FORGED_MUA_OUTLOOK checks

Posted by Michael Monnerie <m....@zmi.at>.

On Freitag, 31. März 2006 14:40 Sander Holthaus wrote:
> > (almost) full message at http://zmi.at/x/ham01.txt
> >
> > mfg zmi
>
> Are you sure that is a valid OE-email? Doesn't appear to me as such,
> hence I'd say the tests fired correctly.

Hi, I got feedback today that they use "Mass Mailer" to send their 
e-mails. So it's really a forged OE Mail. I told them to use something 
else, otherwise they won't be able to contact a lot of customers...

mfg zmi
-- 
// Michael Monnerie, Ing.BSc  ---   it-management Michael Monnerie
// http://zmi.at           Tel: 0660/4156531          Linux 2.6.11
// PGP Key:   "lynx -source http://zmi.at/zmi2.asc | gpg --import"
// Fingerprint: EB93 ED8A 1DCD BB6C F952  F7F4 3911 B933 7054 5879
// Keyserver: www.keyserver.net                 Key-ID: 0x70545879

Re: Broken FORGED_MUA_OUTLOOK checks

Posted by Michael Monnerie <m....@zmi.at>.

On Freitag, 31. März 2006 14:40 Sander Holthaus wrote:
> Are you sure that is a valid OE-email? Doesn't appear to me as such,
> hence I'd say the tests fired correctly.

At least they are a company which sends e-mail only opt-in. They sell PC 
parts. I don't believe they use spammers software - or what should it 
be, if not OE?

mfg zmi
-- 
// Michael Monnerie, Ing.BSc  ---   it-management Michael Monnerie
// http://zmi.at           Tel: 0660/4156531          Linux 2.6.11
// PGP Key:   "lynx -source http://zmi.at/zmi2.asc | gpg --import"
// Fingerprint: EB93 ED8A 1DCD BB6C F952  F7F4 3911 B933 7054 5879
// Keyserver: www.keyserver.net                 Key-ID: 0x70545879

Re: Broken FORGED_MUA_OUTLOOK checks

Posted by Sander Holthaus <in...@orangexl.com>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Michael Monnerie wrote:
> Hi, I get some legitimate newletter that's incorrectly marked as
> FORGED_OUTLOOK. Could someone fix that tests? Others may have that
> problem, too.
>
> (almost) full message at http://zmi.at/x/ham01.txt
>
> mfg zmi
Are you sure that is a valid OE-email? Doesn't appear to me as such,
hence I'd say the tests fired correctly.

Kind Regards,
Sander Holthaus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
 
iD8DBQFELSMqVf373DysOTURAt4wAJ4mS4RgB8yVAcSmA97f69bh/ov1JgCg5Py3
gHq03oN53M+3mm3s7LH8zRA=
=60n9
-----END PGP SIGNATURE-----