EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 3 Dec 2019, 06:58 PM   #1
JamesHenderson
Cornerstone of the Community
 
Join Date: Jan 2003
Location: Oxfordshire, UK
Posts: 603
spam in inbox - how

Hi,

For a while now, I have been getting emails in my spam with scores of 6 or higher in the general format of:

Quote:
my first name
<a dodgy link>

<empty lines>

<some random text>
However, today, this same kind of email got into my inbox with no spam score at all.

I have put the header below. Can anyone see why it might have got past the spam filters?

Code:
Return-Path: <AnisimovAI@mpei.ru>
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
	 by sloti5d1t04 (Cyrus 3.1.7-612-g13027cc-fmstable-20191203v1) with LMTPA;
	 Tue, 03 Dec 2019 04:45:49 -0500
X-Cyrus-Session-Id: sloti5d1t04-1575366349-3735980-2-11184768417430371984
X-Sieve: CMU Sieve 3.0
X-Spam-known-sender: no
X-Spam-sender-reputation: 500 (none)
X-Spam-score: 0.0
X-Spam-hits: BAYES_40 -0.001, HTML_MESSAGE 0.001, ME_SENDERREP_NEUTRAL 0.001,
  RCVD_IN_DNSWL_NONE -0.0001, SPF_HELO_PASS -0.001, SPF_PASS -0.001,
  LANGUAGES en, BAYES_USED user, SA_VERSION 3.4.2
X-Spam-source: IP='193.233.67.19', Host='flogger.mpei.ac.ru', Country='RU',
  FromHeader='ru', MailFrom='ru'
X-Spam-charsets: plain='utf-8', html='utf-8'
X-Resolved-to: userID@fastmail.com
X-Delivered-to: name@domain.tld
X-Mail-from: AnisimovAI@mpei.ru
Received: from mx4 ([10.202.2.203])
  by compute4.internal (LMTPProxy); Tue, 03 Dec 2019 04:45:49 -0500
Received: from mx4.messagingengine.com (localhost [127.0.0.1])
	by mailmx.nyi.internal (Postfix) with ESMTP id C61F11CE00ED
	for <name@domain.tld>; Tue,  3 Dec 2019 04:45:44 -0500 (EST)
Received: from mx4.messagingengine.com (localhost [127.0.0.1])
    by mx4.messagingengine.com (Authentication Milter) with ESMTP
    id B0414A4AE2E;
    Tue, 3 Dec 2019 04:45:44 -0500
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=messagingengine.com; s=fm1; t=
    1575366344; b=YI3+D0Q+s4IJNjd0vyFImIEnq6Xk1k2Rw3vmnKbMSeIftk9X9t
    NUQjV2r/C++h0fZBctpQFIbRIZ3nfXQ+M8AM7PY42/kzkSSd7tAGhAHuvCquEwac
    o6Gs9pwhQ2ikpZZBDBtmGWHtt7hnnH7+/UTtVMm1cwWxmUyIXjbLeDgaHlWPJk6O
    vI5qWoKLMlyqEGhk/wE47x2e93hlxuoKiHn7zpJP4wAPhjxI4+kVJLl0O9hgK3SQ
    51vuHcs0eaxjGv8idMoERxBdojA6UtHvYgAdBQKv5xT3e2TFzNUvpPbUm13Edvki
    NQlEBtfycQggU8/wdMfnrCZH3Tp4DWgSgvZg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
    messagingengine.com; h=subject:from:content-type:message-id:date
    :to:content-transfer-encoding:mime-version; s=fm1; t=1575366344;
    bh=a4AEniQk7xcb5x0OMxkXu0+QjWVUYQLqa1SnmvIyO50=; b=OQs/ikWgwtoL
    tCc3lPEikLz4MVfY2jMjI9bBhjMRnGiAGO/1xrOfA/bSibWpfBV0RdSdwv+y91PT
    Tha1Zox0w9x0gxEkXWUC0F7TNZz3BC38v3T8aGF091tEUO1OBqvII94NH19YJC0i
    L9YNw9fTI9GwllDd1Ppn8R1jNn9V06aOTWw1nAtmSM4Z1ADUBAs1fmGB/dXqtwG/
    wPpjMiqus6hjEYIhvPcvoLXicn47/D3xSZVbBkwx7hjSR077MvDHFGUjXPcLMjJt
    tupcYp+da/oMaw2MeiSM7JFwO86mTxxl4Ksx58wUMUlc7fGyDZ+VJQBgqx8HoRha
    +ye3usOIbQ==
ARC-Authentication-Results: i=1; mx4.messagingengine.com; arc=none (no signatures found);
    dkim=none (no signatures found);
    dmarc=none policy.published-domain-policy=none
    policy.applied-disposition=none policy.evaluated-disposition=none
    (p=none,d=none,d.eval=none) policy.policy-from=p header.from=mpei.ru;
    iprev=pass smtp.remote-ip=193.233.67.19 (flogger.mpei.ac.ru);
    spf=pass smtp.mailfrom=AnisimovAI@mpei.ru smtp.helo=flogger.mpei.ac.ru;
    x-aligned-from=pass (Address match);
    x-ptr=pass smtp.helo=flogger.mpei.ac.ru policy.ptr=flogger.mpei.ac.ru;
    x-return-mx=pass header.domain=mpei.ru policy.is_org=yes
    (MX Records found: mcl.mpei.ac.ru);
    x-return-mx=pass smtp.domain=mpei.ru policy.is_org=yes
    (MX Records found: mcl.mpei.ac.ru);
    x-tls=pass smtp.version=TLSv1 smtp.cipher=AES128-SHA smtp.bits=128/128;
    x-vs=clean score=23 state=0
Authentication-Results: mx4.messagingengine.com;
    arc=none (no signatures found);
    dkim=none (no signatures found);
    dmarc=none policy.published-domain-policy=none
      policy.applied-disposition=none policy.evaluated-disposition=none
      (p=none,d=none,d.eval=none) policy.policy-from=p header.from=mpei.ru;
    iprev=pass smtp.remote-ip=193.233.67.19 (flogger.mpei.ac.ru);
    spf=pass smtp.mailfrom=AnisimovAI@mpei.ru smtp.helo=flogger.mpei.ac.ru;
    x-aligned-from=pass (Address match);
    x-ptr=pass smtp.helo=flogger.mpei.ac.ru policy.ptr=flogger.mpei.ac.ru;
    x-return-mx=pass header.domain=mpei.ru policy.is_org=yes
      (MX Records found: mcl.mpei.ac.ru);
    x-return-mx=pass smtp.domain=mpei.ru policy.is_org=yes
      (MX Records found: mcl.mpei.ac.ru);
    x-tls=pass smtp.version=TLSv1 smtp.cipher=AES128-SHA smtp.bits=128/128;
    x-vs=clean score=23 state=0
X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedufedrudejjedgtdelucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu
    rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucgfrhhlucfvnfffucdlvd
    efmdenucfjughrpefuhfgtoffkfffvgfggsegrjehmrehhtdejnecuhfhrohhmpehmihgt
    hhgvlhgvucifrghkvghfihgvlhguuceorghnihhsihhmohhvrghisehmphgvihdrrhhuqe
    enucffohhmrghinhepsggvnhgusghulhhlvghtrdighiiinecukfhppeduleefrddvfeef
    rdeijedrudelpdduleefrddvfeefrdeikedrudefudenucfrrghrrghmpehinhgvthepud
    elfedrvdeffedrieejrdduledphhgvlhhopehflhhoghhgvghrrdhmphgvihdrrggtrdhr
    uhdpmhgrihhlfhhrohhmpeeotehnihhsihhmohhvtefksehmphgvihdrrhhuqecuuffkkg
    fgpeefuddvfecuuefqffgjpeejuefkvfenucevlhhushhtvghrufhiiigvpedt
X-ME-VSScore: 23
X-ME-VSCategory: clean
Received-SPF: pass
    (mpei.ru: 193.233.67.19 is authorized to use 'AnisimovAI@mpei.ru' in 'mfrom' identity (mechanism 'ip4:193.233.67.19' matched))
    receiver=mx4.messagingengine.com;
    identity=mailfrom;
    envelope-from="AnisimovAI@mpei.ru";
    helo=flogger.mpei.ac.ru;
    client-ip=193.233.67.19
Received: from flogger.mpei.ac.ru (flogger.mpei.ac.ru [193.233.67.19])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by mx4.messagingengine.com (Postfix) with ESMTPS
	for <name@domain.tld>; Tue,  3 Dec 2019 04:45:42 -0500 (EST)
MailScanner-NULL-Check: 1575971059.69816@bgV+7Hj7CEejLMewLLqwRg
Received: from SMTP2.public.mpei.local (mpei-lan-68-131.mpei.ac.ru [193.233.68.131])
	by flogger.mpei.ac.ru (8.13.6/8.13.6/SuSE Linux 0.8) with ESMTP id xB39iCEn032608
	for <name@domain.tld>; Tue, 3 Dec 2019 12:44:17 +0300
Received: from HUB3.public.mpei.local (10.1.1.49) by SMTP2.public.mpei.local
 (10.1.1.26) with Microsoft SMTP Server (TLS) id 8.3.515.0; Tue, 3 Dec 2019
 12:44:10 +0300
Received: from smtp.mpei.ru (10.1.114.11) by HUB3.public.mpei.local
 (10.1.1.49) with Microsoft SMTP Server (TLS) id 8.3.485.1; Tue, 3 Dec 2019
 12:44:07 +0300
Subject: michele wakefield
From: michele wakefield <anisimovai@mpei.ru>
Content-Type: multipart/alternative;
	boundary="Apple-Mail-B233C799-E58C-4B78-B1A1-B506BE9EE1DA"
X-Mailer: iPhone Mail (16G77)
Message-ID: <100CF5A6-C712-4F80-BD35-99D9F199A327@mpei.ru>
Date: Tue, 3 Dec 2019 02:44:04 -0700
To: james <name@domain.tld>
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0 (1.0)
X-MPEI-MailScanner-Information: MPEInet administration http://net.mpei.ru
X-MPEI-MailScanner: Found to be clean
X-MPEI-MailScanner-From: anisimovai@mpei.ru
X-Remote-Spam-Status: No
JamesHenderson is offline   Reply With Quote

Old 3 Dec 2019, 08:37 PM   #2
JeremyNicoll
Essential Contributor
 
Join Date: Dec 2017
Location: Scotland
Posts: 483
You certainly need to raise this with Support @ FM.

It has been spam-processed, judging by the spam-related headers, but you'll noticed that the 'weights' (numeric values associated with each rule) are hundreds or thousands times smaller than normal.

So they've added up values like -0.0001 rather than 0.1 or 1, and the number they ended up with was way less than 0.0 (or maybe less than 0.00) so was rounded to 0, so the mail wasn't classed as spam.

There must be a problem with their spam system.
JeremyNicoll is offline   Reply With Quote
Old 3 Dec 2019, 11:33 PM   #3
SideshowBob
Essential Contributor
 
Join Date: Jan 2017
Posts: 278
There's no problem with the scores. The rules that were hit were all informational.
BAYES_40 is the neutral result between the negative BAYES_20 and the positive BAYES_50.

I wouldn't report it if the others got caught.

Last edited by SideshowBob : 4 Dec 2019 at 12:16 AM.
SideshowBob is offline   Reply With Quote
Old 4 Dec 2019, 03:00 AM   #4
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,917
My guess is that those earlier messages were classified as spam not based on the content but instead based on other characteristics (such as the sender IP). It's very hard for a spam filter to differentiate between normal message content and random text, which is why spammers use that technique. In general, content-based spam filtering is very difficult if the content is simple text without any obvious triggers.

Bill
n5bb is offline   Reply With Quote
Old 4 Dec 2019, 05:25 AM   #5
JeremyNicoll
Essential Contributor
 
Join Date: Dec 2017
Location: Scotland
Posts: 483
Quote:
Originally Posted by SideshowBob View Post
There's no problem with the scores. The rules that were hit were all informational.
BAYES_40 is the neutral result between the negative BAYES_20 and the positive BAYES_50.

I wouldn't report it if the others got caught.
Ah, ok.

I suppose the OP has not kept any examples that did achieve reasonable spam scores?
JeremyNicoll is offline   Reply With Quote
Old 4 Dec 2019, 06:36 PM   #6
JamesHenderson
Cornerstone of the Community
 
Join Date: Jan 2003
Location: Oxfordshire, UK
Posts: 603
Quote:
Originally Posted by JeremyNicoll View Post
Ah, ok.

I suppose the OP has not kept any examples that did achieve reasonable spam scores?
Yes, they are in my spam box...

Here's one:
Code:
Return-Path: <raj_paramasivum@itego.com.ar>
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
	 by sloti5d1t04 (Cyrus 3.1.7-578-g826f590-fmstable-20191119v1) with LMTPA;
	 Sun, 01 Dec 2019 18:24:07 -0500
X-Cyrus-Session-Id: sloti5d1t04-1575242647-1889689-5-17294243987228074421
X-Sieve: CMU Sieve 3.0
X-Spam-known-sender: no
X-Spam-sender-reputation: 500 (none)
X-Spam-score: 8.1
X-Spam-hits: BAYES_80 2, DCC_CHECK 1.1, FREEMAIL_FORGED_REPLYTO 2.095,
  FSL_BULK_SIG 0.264, HTML_MESSAGE 0.001, ME_SENDERREP_NEUTRAL 0.001,
  ME_VADESPAM_MED 2.5, PP_MIME_FAKE_ASCII_TEXT 0.195, SPF_HELO_NONE 0.001,
  SPF_PASS -0.001, LANGUAGES unknown, BAYES_USED user, SA_VERSION 3.4.2
X-Spam-source: IP='170.78.75.231', Host='mail.itego.com.ar', Country='AR',
  FromHeader='ar', MailFrom='ar'
X-Spam-charsets: plain='us-ascii', html='us-ascii'
X-Resolved-to: userID@fastmail.com
X-Delivered-to: name@domain.tld
X-Mail-from: raj_paramasivum@itego.com.ar
Received: from mx2 ([10.202.2.201])
  by compute4.internal (LMTPProxy); Sun, 01 Dec 2019 18:24:07 -0500
Received: from mx2.messagingengine.com (localhost [127.0.0.1])
	by mailmx.nyi.internal (Postfix) with ESMTP id BF1458A0065
	for <name@domain.tld>; Sun,  1 Dec 2019 18:24:06 -0500 (EST)
Received: from mx2.messagingengine.com (localhost [127.0.0.1])
    by mx2.messagingengine.com (Authentication Milter) with ESMTP
    id 2FB22F06FF6;
    Sun, 1 Dec 2019 18:24:06 -0500
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=messagingengine.com; s=fm1; t=
    1575242646; b=fN8RDTI7ffyseVcQESP0TAQOSROTAcdX5TZzZbNkMigsSpiIKa
    CMR97sO+z3i+0KC+s0jGpTgK98AiKUuZRYIKY5oEsPCnA5vnfPqm77G3bVVW3mO2
    FA3ZU+Oq3lOWGxLV62RwqytjCF9OBYANEr3axmMbGcMH/Z5HICAtK5m+n1yLakJF
    m5fOVGSvDTO7jD/e7I02AfEmBqUFrLnqMtUFAieff3NzA/ihznMZshrSWjlfyJ74
    aNmW31pBGgcM98KEBfccHWICObGvAAMxg1r050/ay2k1x6SXMeK0a+ZfJCrC7prZ
    i1TjmXwAMYsXUBDhgKW1LHER7vL/ozn+dGDg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
    messagingengine.com; h=from:to:reply-to:subject:date:message-id
    :mime-version:content-type; s=fm1; t=1575242646; bh=2qZy90OuYpGg
    1UyQ7LGo5CNK+ftTHzvOaNMRbbs6umI=; b=EhodP+oJ+R1hR7YU3S3yMo3UN7a0
    LfleMmjcV/n+Z4LgNyMs1edmAFY79FickUw43WO0ZpjjxapyP/QARasdEQ32iS2U
    kqJBChL6yp5wWuRlkTWpvjBa8IPndBeQLItE31Z/Qkqp+mN8dp5A4/6UjZRTry9c
    hr8kE0v4n4TAU5Zv1u5q/yK7amu9NWN6u5JCebSXyn9Kop5KBT9p892+8w9QJqUv
    SyeY6fJ5PTZ7FAJ1l+qOIqW7F7HXJhpqoOZzshvOsASRSYTEeXgEWUlnNAly3mAe
    ihPqCDhxRSXy6KjSRz6O5KUVdpa6jwecFnKqkTOVNL4wpm8gIO1hpDK/6A==
ARC-Authentication-Results: i=1; mx2.messagingengine.com; arc=none (no signatures found);
    dkim=pass (1024-bit rsa key sha256) header.d=itego.com.ar
    header.i=@itego.com.ar header.b=GiSx7NWk header.a=rsa-sha256
    header.s=dkim x-bits=1024;
    dmarc=pass policy.published-domain-policy=none
    policy.applied-disposition=none policy.evaluated-disposition=none
    (p=none,d=none,d.eval=none) policy.policy-from=p
    header.from=itego.com.ar;
    iprev=pass smtp.remote-ip=170.78.75.231 (mail.itego.com.ar);
    spf=pass smtp.mailfrom=raj_paramasivum@itego.com.ar
    smtp.helo=mail.itego.com.ar;
    x-aligned-from=pass (Address match);
    x-ptr=pass smtp.helo=mail.itego.com.ar policy.ptr=mail.itego.com.ar;
    x-return-mx=pass header.domain=itego.com.ar policy.is_org=yes
    (MX Records found: mail.itego.com.ar);
    x-return-mx=pass smtp.domain=itego.com.ar policy.is_org=yes
    (MX Records found: mail.itego.com.ar);
    x-vs=spam:medium score=359 state=1
Authentication-Results: mx2.messagingengine.com;
    arc=none (no signatures found);
    dkim=pass (1024-bit rsa key sha256) header.d=itego.com.ar
      header.i=@itego.com.ar header.b=GiSx7NWk header.a=rsa-sha256
      header.s=dkim x-bits=1024;
    dmarc=pass policy.published-domain-policy=none
      policy.applied-disposition=none policy.evaluated-disposition=none
      (p=none,d=none,d.eval=none) policy.policy-from=p
      header.from=itego.com.ar;
    iprev=pass smtp.remote-ip=170.78.75.231 (mail.itego.com.ar);
    spf=pass smtp.mailfrom=raj_paramasivum@itego.com.ar
      smtp.helo=mail.itego.com.ar;
    x-aligned-from=pass (Address match);
    x-ptr=pass smtp.helo=mail.itego.com.ar policy.ptr=mail.itego.com.ar;
    x-return-mx=pass header.domain=itego.com.ar policy.is_org=yes
      (MX Records found: mail.itego.com.ar);
    x-return-mx=pass smtp.domain=itego.com.ar policy.is_org=yes
      (MX Records found: mail.itego.com.ar);
    x-vs=spam:medium score=359 state=1
X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedufedrudejgedgtdelucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu
    rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucgoufhushhpvggtthffoh
    hmrghinhculdegledmnefgmhhpthihuchsuhgsjhgvtghtucdluddtmdenogfuphgrmhgs
    ohhtqdeugeduuddqtdduucdlfedttddmnecujfgurhephffvrhfufffkgggtofhtsegrtd
    ervcdvtddvnecuhfhrohhmpedftfgrjhgrnhcurfgrrhgrmhgrshhivhhumhdfuceorhgr
    jhgpphgrrhgrmhgrshhivhhumhesihhtvghgohdrtghomhdrrghrqeenucffohhmrghinh
    eptghltghkrdhruhenucfkphepudejtddrjeekrdejhedrvdefuddpudehiedrvddttddr
    udehjedrgedtnecurfgrrhgrmhepihhnvghtpedujedtrdejkedrjeehrddvfedupdhhvg
    hlohepmhgrihhlrdhithgvghhordgtohhmrdgrrhdpmhgrihhlfhhrohhmpeeorhgrjhgp
    phgrrhgrmhgrshhivhhumhesihhtvghgohdrtghomhdrrghrqeenucevlhhushhtvghruf
    hiiigvpedt
X-ME-VSScore: 359
X-ME-VSCategory: spam:medium
Received-SPF: pass
    (itego.com.ar: 170.78.75.231 is authorized to use 'raj_paramasivum@itego.com.ar' in 'mfrom' identity (mechanism 'ip4:170.78.75.231' matched))
    receiver=mx2.messagingengine.com;
    identity=mailfrom;
    envelope-from="raj_paramasivum@itego.com.ar";
    helo=mail.itego.com.ar;
    client-ip=170.78.75.231
Received: from mail.itego.com.ar (mail.itego.com.ar [170.78.75.231])
	by mx2.messagingengine.com (Postfix) with SMTP
	for <name@domain.tld>; Sun,  1 Dec 2019 18:24:04 -0500 (EST)
dkim-signature: v=1; a=rsa-sha256; d=itego.com.ar; s=dkim;
	c=relaxed/relaxed; q=dns/txt; h=From:Reply-To:Date:Message-ID:To:MIME-Version:Content-Type;
	bh=2qZy90OuYpGg1UyQ7LGo5CNK+ftTHzvOaNMRbbs6umI=;
	b=GiSx7NWkDklCZ8g8FPB9GYnbhjjzN5IhtB7UQKrxy1qcWQ9LAZGjAUXuKULyMEm5LVkCn9Jm1/CAI4bcjukxsLSBWqUrmrb4Dn1DYnaoRlIZFHrO9oL7j1xOQynsOCNqIslz8PNKUEzwFXqacBtbv6t8hcGmQed6io1vR1sSjQ4=
Received: from mail.itego.com.ar (host-156.200.157.40.tedata.net [156.200.157.40])
	by mail.itego.com.ar
	; Sun, 1 Dec 2019 20:24:00 -0300
From: "Rajan Paramasivum" <raj_paramasivum@itego.com.ar>
To: "James" <name@domain.tld>
Reply-To: "Rajan Paramasivum" <raj_paramasivumv@yahoo.co.uk>
Subject: 
Date: Mon, 2 Dec 2019 02:23:55 +0300
Message-Id: <826941fz2au5$pm07mrw8$kypev6p1$@itego.com.ar>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0028_A25EHE0Q.59B1GEYQ"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: IXNhMC02OHlAdWg0bSttKyljMXVfQA==
Content-Language: en-us
JamesHenderson is offline   Reply With Quote
Old 4 Dec 2019, 08:18 PM   #7
JeremyNicoll
Essential Contributor
 
Join Date: Dec 2017
Location: Scotland
Posts: 483
According to the chart at https://www.futurequest.net/docs/SA/

your positive SA scores, ordered from biggest to smallest are for

ME_VADESPAM_MED 2.5,

FREEMAIL_FORGED_REPLYTO 2.095, Freemail in Reply-To, but not From

BAYES_80 2,

DCC_CHECK 1.1, bulk mail

FSL_BULK_SIG 0.264, Bulk signature with no Unsubscribe

PP_MIME_FAKE_ASCII_TEXT 0.195, MIME text/plain claims to be ASCII but isn't

There was a discussion here a while ago about VADESPAM scores but I don't understand enough about the x-vs- headers in your mails to see why this mail is thought medium-likely to be spam whereas your earlier example was thought to be clean. See: http://www.emaildiscussions.com/showthread.php?t=74033

That aside that BAYES_80 presumably means you've seen fairly similar mail bodies before and classed them as spam, but for some reason the earlier example wasn't? Maybe those lists of random words are not randomly picked from many thousands but from much smaller pools and the spammer is using a different pool?
JeremyNicoll is offline   Reply With Quote
Old 4 Dec 2019, 08:28 PM   #8
JamesHenderson
Cornerstone of the Community
 
Join Date: Jan 2003
Location: Oxfordshire, UK
Posts: 603
Quote:
Originally Posted by JeremyNicoll View Post
Maybe those lists of random words are not randomly picked from many thousands but from much smaller pools and the spammer is using a different pool?
Yes, the wording in the one that got through is different from the others before.
JamesHenderson is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 05:18 PM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy