On Tue, 14 Aug 2018, micah anderson wrote:
John Hardin <jhar...@impsec.org> writes:
On Tue, 14 Aug 2018, RW wrote:
On Tue, 14 Aug 2018 13:24:47 -0700 (PDT)
John Hardin wrote:
On Tue, 14 Aug 2018, micah anderson wrote:
I searched my pile of mail that I have from two ice ages ago, and I
did find 6 messages that were hits of this rule, one of them was
spam, five of them were this person trying to contact me.
...without a subject?
Do you happen to be seeing FPs with this rule?
Yes, its why I am investigating it. I think it is common for people
who are sending mail from their mobiles, where they use it more
like a quick chat instead of a 'regular mail'....
In fact, this person used:
X-Mailer: iPad Mail (15F79)
OK, I can see about adding some mobile MUA exclusions. Any FP headers
you can provide (directly) will be helpful. Go ahead and sanitize the
recipient info, I don't think that would be relevant to tuning this
one.
I'll provide some pastebin links in a separate email.
I don't know that this is particularly specific to mobile, lots of
people send emails with an empty subject.
It sounds like the main cause would be a signature that contains the
senders name as the only thing in a line. That'll be why all the
FPs mentioned above came from the same person.
Yes, this person has as their signature their name on one line, and
their From: has that same name listed.
Question: were those messages scored as spam?
yes, they were, will include the reports in the off-list email.
Has the DKIM exclusion reduced or eliminated your false positives?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Sheep have only two speeds: graze and stampede. -- LTC Grossman
-----------------------------------------------------------------------
7 days until the 1939th anniversary of the destruction of Pompeii
