On 2021-03-09 6:32 p.m., bugzilla-dae...@spamassassin.apache.org wrote:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7888
--- Comment #15 from John Hardin <jhar...@impsec.org> ---
while the software is being used maliciously, it is commercial software
(https://www.mailwizz.com) and this rule would punish everyone who bought
the software, legitimate or otherwise.
I was not aware of that, I'd assumed this was a service-based situation. Thanks
for that information.
It simple suggests making the rules "non-keyed" i.e using just X- and
not X-xxx- I'm curious to know if this would work as they suggest though.
That seems to me the best suggestion. Why they thought using randomly-named
headers was a good idea is beyond me.
Rather than taking the random bit completely out, though, I suggest changing
the prefix to something usefully unique but not random, like "X-Reactivemail-"
(your company name). If the software depends on those headers being unique to
properly process bounces et. al., that should be sufficient.
The only exclusion is ...
There are more now.
Ouch, this almost puts me in rant mode... Goes to what the definition of
'spam' is I guess, but let's just talk to the technical points here.
No, NEVER use a dynamic header name (eg keyed), use that in the header
data section. It isn't the intent, headers should be constructed with
the idea that they could <sic> go into a registry.
Even the use of X- headers is now dissuaded, albeit even our own systems
still use it, X- was meant to indicate an experimental header, before it
is ready to be published into a registry.
Having said that, all headers are a mess, with many vendors putting them
in willy nilly.. but dynamic headers ARE a no-no, and SHOULD get your
messages marked as more spammy, as usually the ONLY reason a person does
that is to try to get past spam filters.
dynamic header names goes against the spirit of email headers, and no
software should be promoting or using them.
You mentioned bulk email sending, you didn't of course mention whether
this is single opt-in, non-optin, or confirmed double opt-in.
Also, your software's use of:
Return-Path <bou...@reactivemail.co.za>
That will also be penalized.. Use the actual sender's email address, eg
the client.. that will make sure people can 'whitelist' the sender.
Just an FYI.. No one should use 'bounce' as an excuse any more, it
should be accept or reject.. otherwise it is back scatter..
It should not be about worrying about getting past spam filters, it
should be about worrying about getting into the mailboxes of people who
want the senders email.
Trust me your good clients will love it that both end users and system
administrators can more easily 'whitelist' emails from companies that
they want information from.
Otherwise the first time you have a bad client, everyone will treat all
your email the same..
While a '3' score might seem heavy handed for a 'tracker', it should be
heavy handed if some one is abusing the intent of what email headers
should be. (And there are MANY spammers using that technique of random
named headers)
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
