https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7888
John Hardin <jhar...@impsec.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jhar...@impsec.org
--- Comment #7 from John Hardin <jhar...@impsec.org> ---
(In reply to Byron Kleingeld from comment #4)
> (In reply to Giovanni Bechis from comment #3)
> > For the records:
> > I told him to ask on users@ or post here because it could be a bug in our
> > rules.
>
> I have asked on both so far
I have seen no posts regarding this on the SpamAssassin Users mailing list, so
I'll respond here.
(In reply to RW from comment #5)
> 3 points does seem a bit extreme for a tracker.
That's based on such headers appearing in very little ham in our corpus. If the
bulk mailer doing this was a widely-used legitimate service I'd expect to see
more hammy instances of it. The scored rule does have exclusions for signs in
the ham we do have, and is not hitting any ham, and hits on
otherwise-very-low-scoring spam, so the rule's score is fairly high. It's not,
however, a poison pill.
> the software doesn't randomize any of the marketing headers for the campaigns
> sent with it
Such headers were fairly prevalent in a recent forged-sender-backscatter spam
campaign that impacted one of my domains. Across spams from different sources,
the headers *were* (apparently) random. That is historically the kind of tactic
used by spammers to avoid static pattern and checksum detection tools and to
pollute spam signature databases, and does not come across as something a
legitimate mass mailer would do.
X-Cjqp-Delivery-Sid: 1
X-Dsyh-Delivery-Sid: 1
X-Etxr-Delivery-Sid: 1
X-Fxyn-Delivery-Sid: 1
X-Hqve-Delivery-Sid: 85
X-Kqoy-Delivery-Sid: 1
X-Lkcl-Delivery-Sid: 1
X-Lonj-Delivery-Sid: 6
X-Mw-Delivery-Sid: 18
X-Mw-Delivery-Sid: 2
X-Mw-Delivery-Sid: 37
X-Mw-Delivery-Sid: 4
X-Mw-Delivery-Sid: 698
X-toys-en-Delivery-Sid: 41
X-Vtaf-Delivery-Sid: 2
X-Zvjg-Delivery-Sid: 23
They may instead be something like a key for the bulk service client's account.
If so, they chose a poor way to do it.
So part of the answer is: Byron, you're apparently using a bulk mailer service
that is being actively abused by spammers, and that's having a negative impact
on the reputation of your legitimate email. Work with your provider on that
part of the problem.
> Just getting hit hard by that one rule.
I have reduced the score limit to 2 points, and added some further exclusions
to the scored rule (which may not help in your case, it doesn't look like you
are doing any of the "hammy" things our ham samples do). These changes will
probably take overnight to take effect.
--
You are receiving this mail because:
You are the assignee for the bug.
