On 9/21/2024 14:06:28, Reindl Harald (privat) wrote:
Am 21.09.24 um 18:51 schrieb joe a:
Noticed some obvious spam slipping in due in great part to this:
* -1.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
* [209.85.166.199 listed in wl.mailspike.net]
Not a big deal for my low volume SOHO, but it's annoying.
Has that check become unreliable? Sure, I can skip that check (I
think) or alter the score, but any other thoughts?
what makes you think a single rule is that important?
sometimes IPs on whitelists starting to send spam, somehtimes
spamhosts are not on a blacklist until they are - so what's the fuss
about?
100% clear spam won't survive just because of a single -1 rule
Here is a more complete list from a very similar message, received
today. I failed to report the last -1.0 when I posted earlier.
X-Spam-Report:
* 1.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
* [score: 1.0000]
* 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
* [score: 1.0000]
* -0.9 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
* [209.85.219.198 listed in wl.mailspike.net]
* 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
* mail domains are different
* 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
* 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
* 1.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
* provider
* [lurramachile[at]att.net]
* 0.0 HTML_MESSAGE BODY: HTML included in message
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
* 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and
* EnvelopeFrom freemail headers are different
* -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
* manager
