EmailDiscussions.com
Page 1 of 3 1 23 >
Show 40 post(s) from this thread on one page

EmailDiscussions.com (http://www.emaildiscussions.com/index.php)
-   FastMail Forum (http://www.emaildiscussions.com/forumdisplay.php?f=27)
-   -   False Positives from ME_VADESPAM (http://www.emaildiscussions.com/showthread.php?t=74033)

sflorack 14 Nov 2018 08:05 PM
False Positives from ME_VADESPAM
 
Lately, I've been receiving quite a few legitimate emails in my SPAM folder. When checking the headers, they all have the same SA rule causing the email to be marked SPAM: ME_VADESPAM 5.

Is VadeSpam new? The only reference I'm able to find regarding VadeSpam is a different email forum where the poster is having the same problem (with VadeSpam being overly aggressive).

powerserve 14 Nov 2018 10:20 PM
Vadespam
 
I have not heard of it before. Very few English language results when searching. I did find this from 2 years ago specific to DreamHost:

"Spam Filtering is terrible, I’m seeing literally a 50% false positive rate."
https://discussion.dreamhost.com/t/f...iltering/63813

BritTim 15 Nov 2018 12:59 AM
Many of the meanings of "vade" in other languages seem to revolve around expiration, date, time etc. If might be interesting to look at the domains associated with the senders of the emails. Maybe, there is an expired certificate or something causing the messages not to be trusted.

n5bb 18 Nov 2018 08:20 AM
I’m pretty sure the term “vade” is from the company Vade Secure:
https://www.vadesecure.com
I have seen a few messages with ME_VADESPAM and ME_VADEPHISHING. In most cases the ME_VADESPAM messages had other spam tags (such as front the Bayes filter) which were negative enough to not trigger my spam settings (which I have modified from the defaults). I just received a ME_VADEPHISHING message which should have been classified as spam except the weight applied was only 1 so the spam score was too low.

My guess is that Fastmail has recently starting using the vadesecure results and they are experimenting with the weight of these failures.

Were your ME_VADESPAM false positives from messages which were forwarded or sent through a message board or some other mailing list server?

Bill

Berenburger 18 Nov 2018 07:31 PM
Quote:
Originally Posted by n5bb (Post 608287)
My guess is that Fastmail has recently starting using the vadesecure results and they are experimenting with the weight of these failures.
I think your right, Bill. In the Spam View section in the Pobox admin tool I now see lines with ‘caught by vadesecure’.

sflorack 18 Nov 2018 10:29 PM
Quote:
Originally Posted by n5bb (Post 608287)
Were your ME_VADESPAM false positives from messages which were forwarded or sent through a message board or some other mailing list server?
No, just regular messages. And the value for both ME_VADESPAM and ME_VADEPHISHING has been 5. Previously, my "move to SPAM" setting was 6.0, so I had to adjust it to 6.5 to account for the new aggressive service.

n5bb 18 Nov 2018 11:15 PM
Quote:
Originally Posted by sflorack (Post 608296)
No, just regular messages. And the value for both ME_VADESPAM and ME_VADEPHISHING has been 5. Previously, my "move to SPAM" setting was 6.0, so I had to adjust it to 6.5 to account for the new aggressive service.
Be sure they are not fake. Then I suggest reporting them as non-spam and filing a Fastmail support request attaching those messages.

SideshowBob 6 Dec 2018 12:54 AM
In addition to ME_VADESPAM and ME_VADEPHISHING, I'm seeing ME_VADESCAM and ME_VADEDCE.

Based on this article, which explains some of Vade's terminology, DCE is "bad reputation marketing/Commercial Email" (I'm guessing the D is for disreputable).

There are several Vade headers, but the x-vs= section of the Authentication-Results header seems to be the most complete. I'm seeing entries like:
Code:
x-vs=clean score=69 state=0
 x-vs=clean score=91 state=0
 x-vs=commercial:dce score=107 state=12
 x-vs=commercial:mce score=17 state=11
 x-vs=commercial:pce score=7 state=10
 x-vs=malware score=9999 state=2
 x-vs=phishing score=190 state=101
 x-vs=phishing score=300 state=101
 x-vs=spam score=100 state=1
 x-vs=spam score=700 state=1
 x-vs=transactional:account score=20 state=14
 x-vs=transactional:alerts score=50 state=14
 x-vs=transactional:purchases score=10 state=14
This may be useful for sieve filtering, if it's accurate.

The article I quoted above states: "The score is a arbitrary number given by Vade. It is NOT an indicator that an email is SPAM or SN or any of the other statuses mentioned". Despite that there's a clear threshold of 100.

The state seems to be an alternative version of the classification, but oddly with less information for transactional email.

The phishing classification seems particularly weak. So far I've had 1 FP, on an ordinary email from a family member, and 6 hits on spam. Of those 6 spams, only 1 could be called a phish, and 1 was an obvious ED spam.

Lesslame 14 Dec 2018 03:17 PM
"ME_VADESPAM 5" - Issue solved
 
hi,
in my case my internet router had sent a status email to my fastmail-account (using an app-password) and it got marked as spam because of "ME_VADESPAM 5". I opened a ticket on this problem with fastmail.
Yassar from fastmail checked it with the engineers and answered today that the issue is now solved.
Cheers,
lesslame

paleolith 2 Jan 2019 03:00 AM
It's not solved for me. In the past two days, three emails from the ACLU (definitely valid) dropped into my "probably junk to be reviewed" folder. ME_VADESPAM is still assigning a +5. This is with "x-vs=spam score=349 state=1" in Authentication-Results. I will open a ticket ... as if I didn't already have enough to do today.

Edward

paleolith 2 Jan 2019 03:43 AM
Update: it's actually SEVEN false positives in the past month. The three previously mentioned, and one more from the ACLU, are only the tip of the iceberg. Far more concerning were two important emails from a close friend, and my city utility bill.

If FM doesn't get rid of this rule fast, or at least reduce the score to 2, I'll be forced to add Sieve rules to circumvent it. Adding rule to avoid spam filters is certainly the wrong way to solve this problem!

OK, I've sent my report.

Edward

n5bb 2 Jan 2019 05:50 AM
Quote:
Originally Posted by paleolith (Post 608753)
Update: it's actually SEVEN false positives in the past month...
That’s unfortunate, Edward. Have you whitelisted the From addresses in your address book? If so, check the X-Spam-known-sender header to see if authentication detection is somehow failing.

Bill

communicant 2 Jan 2019 08:16 AM
Latin meaning of "vade mecum"
 
It literally means "come with me" and is used to mean a guidebook that one carries in a pocket.

From the Merriam Webster dictionary (not quite right about the Latin, but close enough):

vade mecum noun
va·​de me·​cum | \ˌvā-dē-ˈmē-kəm, ˌvä-dē-ˈmā- \
*
1
: a book for ready reference : MANUAL
2
: something regularly carried about by a person

Vade mecum is Latin for go with me (it derives from the Latin verb vadere, meaning "to go.") In English, "vade mecum" has been used (since at least 1629) of manuals or guidebooks sufficiently compact to be carried in a deep pocket. But from the beginning, it has also been used for such constant companions as gold, medications, and memorized gems of wisdom.

Example of vade mecum in a Sentence

"By the time the last of its five massive volumes appeared, in 1959, the Sowerby catalog had become the vade mecum of Jefferson scholarship."
— Jorge Dionis, Town & Country, "Turn Up the Volumes," 6 Dec. 2013

First Known Use of vade mecum
1629, in the meaning defined at sense 1
History and Etymology for vade mecum
borrowed from Latin, "go with me"

paleolith 12 Jan 2019 11:28 PM
Quote:
Originally Posted by n5bb (Post 608754)
That’s unfortunate, Edward. Have you whitelisted the From addresses in your address book? If so, check the X-Spam-known-sender header to see if authentication detection is somehow failing.
Hi Bill,

I automatically whitelist my address book. IOW, my Sieve code that tests spam scores is guarded by

Code:
if not header :contains ["X-Spam-known-sender"] "yes" {
}
But there are limits to this approach.
  • I use a desktop email client (The Bat!), and I've not been able to persuade FM and Ritlabs to work together to get them to sync address books. (I'll admit, it's been a year or so since I last nudged them.) As a result, FM's knowledge of my address book lags.
  • I don't want to have to enter every contact into my address book just to circumvent a wildly inaccurate spam test.
  • I certainly don't want to have to enter new contacts before even receiving the first email from them.

I did get a response from Yassar Ali on Jan 4 -- forgot to come back here and update, so thanks for the reminder -- saying "it appears the reason for these false positives has now been mitigated". Of course that's the same thing he told Lesslame in mid December. Since them, I've been keeping an eagle eye on what drops into junk mail, and I've had no more false positives, and I have received email from the personal correspondent who was being blocked.

I'm really more upset that FM is introducing new tests that essentially override all other tests, instead of starting the new tests with small scores and gradually ramping them up. A few months ago it was ME_PHISHING_URL at 10, now ME_VADE_SPAM at 5. Basically they are repeatedly saying oh, we have this new test that we immediately trust more than all the tests (including the Bayesian ones) that have been in place for years.

Edward

Lesslame 21 Jan 2019 05:33 PM
Problem still there
 
hi again,
last night the problem occurred once more in my account.
I will re-open my old ticket.
Cheers,
lesslame


All times are GMT +9. The time now is 03:05 AM.
Page 1 of 3 1 23 >
Show 40 post(s) from this thread on one page


Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy