https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8193
Stefan <m...@g0v.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |m...@g0v.org
--- Comment #1 from Stefan <m...@g0v.org> ---
I agree 100% with this. It seems that www.dnswl.org is either far too lax in
their whitelisting criteria, or they are somehow compromised. I receive emails
daily with SA headers like this:
Content analysis details: (3.0 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
blocklist
[URIs: actionsnap.life]
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[88.209.197.217 listed in sa-trusted.bondedsender.org]
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[88.209.197.217 listed in bl.score.senderscore.com]
-5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/,
high trust
[88.209.197.217 listed in list.dnswl.org]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: actionsnap.life]
1.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: actionsnap.life (life)]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.1 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.8 MPART_ALT_DIFF BODY: HTML and text parts are different
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
0.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD
0.5 FROM_SUSPICIOUS_NTLD From abused NTLD
0.8 RDNS_NONE Delivered to internal network by a host with no
rDNS
X-Spam-Flag: NO
In this example, RCVD_IN_DNSWL_HI completely -- and wrongly -- overrides
everything else, turning a spam score of +8 into +3.
As per their instructions, I forward all such emails to my address
@@mail-in.verboten.net, but I never receive an acknowledgement and I have the
impression that no action is being taken.
In my opinion, SA needs to stop taking dnswl.org's whitelisting so seriously.
--
You are receiving this mail because:
You are the assignee for the bug.
