https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6678
--- Comment #7 from D. Stussy <[email protected]> 2011-10-20 08:22:34 UTC --- Note/aside: Sometimes, I use MSOE to post to Usenet and set a reply-to to a special mailbox which I have programmed my MTA to accept only reply messages. It determines whether a message is a reply by actually scanning the References and In-Reply-To headers for a message ID issued by my host or NNTP server. When it fails to find one, it SMTP rejects the message. Therefore, I am quite certain that MSOE generates these headers properly (since that's what I used to generate test messages for my MTA rulesets). I do not require that the subject start with "RE:" because a reply could change the topic and thus follow a format of "<new_subject> - was RE: <old_subject>." I have seen spammers try to send to my reserved mailbox after harvesting the address from Usenet - and in every case, their message was rejected for not having either of the ref/IRT headers. I do look carefully at my logs when this happens and I have yet to see a false positive spam. So far, I have not had to examine the local-part of the ref/IRT message IDs to verify that it was a message I actually sent when spam was detected. (That doesn't mean that I don't examine the local-parts; all it means is that when spam was detected, the domain-part didn't match, was absent, or the headers were missing. I have yet to see a spam that has a matching domain-part -- which could happen.) Therefore, I suggest that starting a subject with "Re:" is some spammer's attempt to bypass simple filters which may skip certain spam checks on the grounds that it's a reply (especially for a C/R based system which expects a reply in band). "Re:" is merely a convention not present in any RFC, but the Ref/IRT headers have been in the RFCs (5322 -> 2822 -> 822 ->733 ->724 [12 May 1977], Sections II.C.2.b and II.C.2.c) for 34 years. "By definition," a reply will have at least one if not both of these headers, even if it lacks "Re:" in the subject. Furthermore, any "true" reply which lacks both of these headers probably is a fake or from a noncompliant mail user agent; either way, I don't see the triggering of this rule as false. -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
