MSGID_RANDY getting old

[Joseph Brennan <br...@columbia.edu>]

MSGID_RANDY is hitting messages written by "secure mail" software used
by at least two health care providers, optumhealth.com and uhc.com.

Sample:  <4d...@mail16.uhc.com>

MSGID_RANDY no longer gets much spam, and what it gets scores pretty
high even without it.

Yesterday, here,

45 total hits on MSGID_RANDY (of 2,748,004 messages)

.. 14 were Secure Mail
.. The 31 others scored 10.5 to 34.7

Your mileage may vary. In fact I'd like to know how it looks on other
systems.  But I'm going to zero the score here.



If we want to save the rule, the health care messages can be identified
by these features:

Subject contains /Secure Message from / followed by the same address
as the From header.

The message body contains a MIME part named securedoc.html coded as
application/octet stream.

I cannot post a sample secure message.



Joseph Brennan
Columbia University Information Technology



(I just noticed MSGID_RANDY also hits on score reports from ancient
software used by the Educational Testing Service, ets.org, and that
we whitelisted them a long time ago to work around it.  Their mail
has two-digit years too, so I considered them a true whitelist case
that can't be helped otherwise.)