Karsten Bräckelmann wrote:
Please, do not paste a gigantic blob of multipart MIME messages. Put it
up somewhere, raw, and simply provide a link.
On Sat, 2008-02-16 at 18:44 -0800, Philip Prindeville wrote:
Anyway, I have no idea why I'm seeing some of these scores. URL matches
when there aren't even URL's in my message?
There are. Self-inflicted. The ones in square brackets with the leading
550 code, which you seem to keep sending back and forth. :)
And just *mentioning* the domain name, without any sort of valid URL
(ftp: or http: or anything of the sort) is going to match it as a URL?
That's highly bogus.
A domain name alone does not a URL make.
A 2.6 score on BAYES_00? URIBL_JP_SURBL and URIBL_OB_SURBL? And what
the heck is DNS_FROM_OPENWHOIS???
Well, if you don't mind having a second look, that is MINUS 2.6 for
Bayes. What's wrong with that?\
Oh, sorry, read over the scores too quickly. Never mind the BAYES_00.
Regarding your SURBL questions... Yes. Wait, you where hoping for more?
Without any actually asked question? OK, good then. The domain
chalturs.com is listed in these RBLs, as the results tell you. See
http://surbl.org/ for more.
I read the top-level page, but didn't see anything really pertinent. I
get the idea. But naming the domain in a message, again, is not the
same as embedding an entire URL containing the domain. The two aren't
equivalent.
Oh, and DNS_FROM_OPENWHOIS probably is http://open-whois.org/, which
gives you a hint about what it actually is. The hit itself pretty much
mentions this...
Yeah, I read this. And I don't get that either.
How does having your domain be anonymous (for whatever reason... maybe
you're a small company operating below the radar) make your email any
more likely to be spam????
TVD_STOCK1? There's no mention of stock anywhere in the message.
From a quick glimpse of the code, it appears to identify common words
used in stock (as in stock exchange, pump-n-dump penny stocks) spam. It
does not search for the word "stock". Just as pretty much no rule in SA
ever searches for single words only...
Again, I didn't see anything that should legitimately be causing this
rule to fire, and certainly not with such a high score for such an
unreliable rule.
Why am I seeing all of these bogus matches?
From what I can tell, and what you sent us, they don't appear to be
bogus.
Depends on whether you equate bare domains with URL's, I suppose.
I looked on the wiki for some of these, but couldn't find descriptions.
What should I do? Just block their domain? I don't want to deal with
their misconfiguration issues.
Apparently you already exchanged messages? Try not sending the offensive
mail in question. Put it up somewhere as reference, if need be. Hmm,
sounds familiar... ;)
guenther
No, I sent them back the offending email, initially. Which they marked
as spam (bloody brilliant, of course it's spam, otherwise I wouldn't be
bothering to report it.... what else do they expect to come to their
"Abuse" mailbox, anyway???).
So I sent back the SA scores back to them, and that's the part that I
pasted previously.
How do you report Spam to such a site that's going to block your Spam
reports for being... well, Spam!
(Yes, I'm shocked too to hear there's gambling going on in Casablanca...)
