|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
22 Jan 2019, 12:09 AM | #16 |
Cornerstone of the Community
Join Date: Mar 2002
Location: Florida
Posts: 545
|
I had not checked in a few days. Just now found a false positive from Jan 16.
I have reopened my ticket, and also created a filter to save all emails with the ME_VADESPAM tag for review. If I get too many, I'll have to add a score cutoff. Edward |
23 Jan 2019, 07:25 PM | #17 |
Cornerstone of the Community
Join Date: Mar 2002
Location: Florida
Posts: 545
|
Reply from Yassar Ali a few minutes ago:
This issue has been mitigated now. So the emails should no longer be filtered as spam. |
24 Jan 2019, 05:53 AM | #18 |
Junior Member
Join Date: Aug 2007
Posts: 9
|
I received the same answer to my ticket today.
Still surprising to see that one single "spam-factor" has such an enormous weight (5 points!) on the total spam score - especially as this factor is obviously far from working perfectly! Cheers, lesslame |
29 Jan 2019, 10:39 AM | #19 |
Cornerstone of the Community
Join Date: Mar 2002
Location: Florida
Posts: 545
|
Two more, sent Jan 24, only a day after Yassar told me it's fixed. Both emails were from AffordableRxMeds.com, a reputable Canadian dealer.
Edward |
30 Jan 2019, 05:54 AM | #20 |
Essential Contributor
Join Date: May 2018
Posts: 474
|
I'm getting a little concerned about this ME_VADESPAM 5 thing too. I raised my spam threshold to 6.2 because of it and still got a false positive with a score of 7.2 because of it. I'm cutting of at 9.1 but I am beginning to wonder if I should raise that too.
|
30 Jan 2019, 07:40 AM | #21 |
The "e" in e-mail
Join Date: Jan 2002
Location: San Francisco
Posts: 2,458
|
Speaking of headers ...
Speaking of headers - what are these for?
X-ME-VSCause: [A long, interesting string - all lower case letters; matches [cdefghijklmnopqrstuv]* and most of the letters are in [deghru]*] X-ME-VSCategory: clean X-ME-ZSResult: clean Guesses: X- means nonstandard/locally defined, as I recall. ME = MessagingEngine? VS=Virus Scan ZS=????? Scan The string is very curious!! I found 0 Google hits. |
1 Feb 2019, 10:34 PM | #22 |
Cornerstone of the Community
Join Date: Mar 2002
Location: Florida
Posts: 545
|
FM engineers have changed my profile to assign a score of 2 instead of 5 for the VADESPAM hit, using a tag ME_VADESPAM_LOW. For me, this is sufficient; had the score been 2 from the start, I'd have seen no false positives and would not even have noticed the new test. Presumably they can do the same for others who have trouble with the test. It has to be done through support and requires a few hours to take effect.
I received more information from an FM engineer, who gave me permission to repost the info. The following is a mixture of the engineer's explanations and my own words. I think that all tags containing the string "VS" refer to Vade Secure. I don't know whether it's coincidental or intentional that VS can also stand for Virus Scan. Vade Secure is a spam filtering service which FM has begun using. I don't know many details about Vade Secure. In particular, I have no idea what they are doing that the traditional tests don't, except that they are getting data from a variety of sources and thus have the potential to react to fast-developing spam situations far more quickly. Info from the engineer:
I'm also told that they are working on ways to mitigate false positives more quickly, though with no promises of dates or other specifics, just that FM is aware of the issues which have arisen. Edward |
5 Feb 2019, 03:37 AM | #24 |
The "e" in e-mail
Join Date: Jan 2002
Location: San Francisco
Posts: 2,458
|
Thanks! Super helpful info, and I'm glad to hear fastmail is on the ball, as usual, re. spam detection.
A user tell me more sex solicitation-type spam is evading detection lately. (But it's being forwarded here, which, I explained, makes spam detection tougher.) |
22 Apr 2019, 01:22 AM | #25 |
Cornerstone of the Community
Join Date: Dec 2002
Location: Boston
Posts: 611
|
My FM mailbox just received false-positive spam email because of VADESPAM.
Code:
X-Spam-hits: BAYES_50 0.8, DCC_CHECK 1.1, ME_VADESPAM 5, ME_ZS_CLEAN -0.001, RCVD_IN_DNSWL_MED -2.3, SPF_PASS -0.001, LANGUAGES en, BAYES_USED user, SA_VERSION 3.4.2 Please consider adding rules that help .GOV and .MIL senders. Those two TLDs are tightly locked down. |
22 Apr 2019, 01:38 AM | #26 | |
The "e" in e-mail
Join Date: Jan 2002
Location: San Francisco
Posts: 2,458
|
Quote:
And the (net) spam score was only three point something. But I agree if there is some room for tweaking. SPF, DKIM, and DMARC all pass should be worth a bit more than -0.001. -0.1, perhaps? (I suppose the weights can be customized with some complex sieve scripting but) I think that the defaults should have some more reasonable values. |
|
22 Apr 2019, 01:55 AM | #27 | |
The "e" in e-mail
Join Date: Jan 2002
Location: San Francisco
Posts: 2,458
|
Quote:
We really need a blog post from FastMail on what’s going on with spam fighting. |
|
22 Apr 2019, 03:06 AM | #28 | |
Cornerstone of the Community
Join Date: Dec 2002
Location: Boston
Posts: 611
|
Quote:
Agree, there may be plenty of botnet traffic coming from gov/mil associated IP address space. However, the ratio of spam:ham sending from .GOV/.MIL mailservers (i.e. an SMTP server official enough that somebody holding DOTGOV/DISA credentials set up DKIM) is tiny compared to all to other TLDs available to the general public. It's trivial for any random person to send a spam/phishing email that is .COM signed. You could do that with a free AOL account. That's not true for .GOV and especially not true for .MIL. I don't advocate for whitelisting those TLDs, but bias the total score. Say, -10 for .MIL signatures and -5 for .GOV signatures. |
|
22 Apr 2019, 09:52 AM | #29 | |
Cornerstone of the Community
Join Date: Mar 2002
Location: Florida
Posts: 545
|
Quote:
Edward |
|
22 Apr 2019, 10:19 PM | #30 |
Essential Contributor
Join Date: Jan 2017
Posts: 278
|
Lots of spam passes those tests these days. It's only worth anything if it's combined with some kind of domain reputation information.
|