Hi Kevin, This email is more our/your FYI than much an answer to your question:
We've also noticed this on other tests of Declude that are built in; but not much on BADHEADERS. Decludes BADHEADERS test is a good test and accurate in our opinion; but we have lowered the score on this test as well as SPAMHEADERS and HELOBOGUS. We and (myself; now living outside of USA.. Where email bounces thru servers to USA and then back to me from USA (to another Country) have notice the ROUTING test will fail on email received to me; when it is received by a Country I am in; and where I have respond/created an email to that Country. And that email is legit. I use SMTP to our servers in USA; so this bypasses our Declude (incoming authorize email). Also so does the NOPOSTMASTER and NOABUSE fail here. Many ISP's (at least in Eastern Europe) do not use these anymore. Although, yes an RFC requirement, they have chose to disregard that rule; and not setup those addresses. We have disable these tests in Declude due to a number of "false" positives. At first we lowered the weight returned by these tests... Then later removed them completely. We have learned over the past year, that most of the built-in tests of Declude are not effective like they were in the past. Now yes, DNS lookup tests are good if you use an active source. Very good. And in our experience in just the past year, external tests called by Declude like SNIFFER and Invariant Systems ... Very, very, effective. Infact, we have removed most of our BODY, HEADERS, and SUBJECT filters; infact about 95% of them. We also do use a few of Matt's filters for "scam" detection; but have lowered much these weights as Invariant's URI program and SNIFFER takes the most "blunt" in punishing the email. Matt, on this list, is very good. :-) (in my opinion). So is Andy and Darrell. I have learned a lot about them just by being silent on the list and observing their feedbacks. Now, our servers have only received a maximum of 12,356 emails a day (last peak recorded on 8/4/2005). I know other ISP's / servers that use Declude receive more or less then us.) The above is based on our usage and feedback. Each ISP/email server can be different. -Erik -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Thursday, August 18, 2005 9:48 PM To: [email protected] Subject: [Declude.JunkMail] BADHEADERS and HELOBOGUS coming up a lot These tests (especially BADHEADERS) seem to be catching a lot of legit mail lately. I've attached one of the headers It seems like many of the emails are sent from Exchange servers. What exactly makes the headers bad? Any ideas? Received: from ss_email.ssc.internal [216.201.186.154] by Rogersbenefit.com with ESMTP (SMTPD-8.21) id AA0C60F44; Wed, 17 Aug 2005 10:55:24 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C5A354.6BB3DE4D" Subject: FW: Erecycler - Request for quote Date: Wed, 17 Aug 2005 12:52:22 -0500 Message-ID: <[EMAIL PROTECTED]> <http://68.167.205.203:8383/Xa4139bcbc899cb92c89cefa5b204/newmsg.cgi?mbx=bul k&[EMAIL PROTECTED]> X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: Erecycler - Request for quote Thread-Index: AcWilPivw61uWKcZTbmhEGnyYpc9YgAvrosg X-Priority: 1 Priority: Urgent Importance: high From: "Carrie Mateer"EMAIL PROTECTED" X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8400000a]. X-RBL-Warning: HELOBOGUS: Domain ss_email.ssc.internal has no MX or A records [0301]. X-Declude-Sender: EMAIL PROTECTED [216.201.186.154] X-Note: Scanned by Declude JunkMail http://www.declude.com/x-note.htm X-Spam-Tests-Failed: BADHEADERS, HELOBOGUS, WEIGHT10 [13] X-Note: Scanned by Declude JunkMail http://www.declude.com/x-note.htm X-Note: This E-mail was sent from mail2.sleepersewell.com ([216.201.186.154]). X-RCPT-TO:EMAIL PROTECTED <http://68.167.205.203:8383/Xa4139bcbc899cb92c89cefa5b204/newmsg.cgi?mbx=bul k&[EMAIL PROTECTED]> Status: R X-UIDL: 417013027 X-IMail-ThreadID: 7a0c0e8c000019d1 --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
