I don't know if something changed with senderbase results (maybe after the
Cisco Talos integration), but it doesn't seem like domain matches are
triggering a match anymore. Did I miss something along the way were we
need to configure something differently to match not just hostname and
network, but also trigger a hit if the domain matches?
On Tue, Jan 9, 2018 at 9:38 AM, K Post <nntp.p...@gmail.com> wrote:
> In my whiteSenderBase file, I have this line:
>
> \bsparkpostmail\.com->-20
>
> I would expect this to add a negative 20 score (subtract 20 from the
> running score) of a message if senderbase detects that a message matches
> SparkPostMail.com in either the hostname, the domain or the network name.
>
> I recently saw a message go to spam because it had a score of 50. Now
> granted, the content was pretty spammy in my opinion, but I would think
> that the total score would have been 30 after the 20 point deduction due to
> senderbase matching.
>
> Received: from mta289c.sparkpostmail.com ([52.10.151.25] helo=
> mta289c.sparkpostmail.com)
>
> X-ASSP-Message-Score: 50 (HMM Probability: 1.00000)
> X-ASSP-IP-Score: 50 (HMM Probability: 1.00000)
> X-ASSP-HMM-Spam-Prob: 1.00000
> X-ASSP-HMM-Confidence: 0.07696
> X-ASSP-Tag: MessageLimit
> X-ASSP-Spam-Reason: MessageScore 50, limit 50
> X-ASSP-Message-Totalscore: 50
>
> If I looking 52.10.151.25 in senderbase, I get:
> OWNER DETAILS
> IP ADDRESS 52.10.151.25
> FWD/REV DNS MATCH Yes
> HOSTNAME mta289c.sparkpostmail.com
> DOMAIN sparkpostmail.com
> NETWORK OWNER Amazon.com
>
> shouldn't this match my \bsparkpostmail\.com->-20 line based on the DOMAIN
> entry in senderbase?
>
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
