I've attached a copy of a sample mail from this list, as well as the razor-check debug output. One of the signature algorithms is firing, but I don't know the underbelly of razor to understand why. As far as I know, razor doesn't use RBLs or sender blacklisting, but if it did, this list _should_ be clean. http://rbls.org/ reports the server's IP as A-OK.
Can anyone give me a hand? I'd really like to make this false-positive stop.
It looks like razor has any URLs pointing to bad.dynu.ca listed as spamvertized URLs. And the mailman list is adding that URL in the footer.
You can tell it's one of the two URLs in the message because the signature matching is e8. e8 is whiplash, which is a hash of a URL, and mostly focuses on the domain of the link.
Since it's the first e8, I assume it's the first URL in the body. Which would be the one to bad.dynu.ca.
Issue some razor-revokes and it should clear up. However, footer URLs are becoming an increasing problem for causing FP's with e8. Last week there was an AV vendor whose domain got listed. Now it's a mailman list..
This is not a good trend for razor. Not good at all. The addition of e8 has boosted razor's hit rate substantially, but it's causing some really odd FPs too.
------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Razor-users mailing list Razor-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/razor-users
