|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
14 Nov 2018, 08:05 PM | #1 |
The "e" in e-mail
Join Date: Feb 2002
Posts: 2,937
|
False Positives from ME_VADESPAM
Lately, I've been receiving quite a few legitimate emails in my SPAM folder. When checking the headers, they all have the same SA rule causing the email to be marked SPAM: ME_VADESPAM 5.
Is VadeSpam new? The only reference I'm able to find regarding VadeSpam is a different email forum where the poster is having the same problem (with VadeSpam being overly aggressive). |
14 Nov 2018, 10:20 PM | #2 |
Junior Member
Join Date: Nov 2018
Posts: 3
|
Vadespam
I have not heard of it before. Very few English language results when searching. I did find this from 2 years ago specific to DreamHost:
"Spam Filtering is terrible, I’m seeing literally a 50% false positive rate." https://discussion.dreamhost.com/t/f...iltering/63813 |
15 Nov 2018, 12:59 AM | #3 |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,090
|
Many of the meanings of "vade" in other languages seem to revolve around expiration, date, time etc. If might be interesting to look at the domains associated with the senders of the emails. Maybe, there is an expired certificate or something causing the messages not to be trusted.
|
18 Nov 2018, 08:20 AM | #4 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,926
|
I’m pretty sure the term “vade” is from the company Vade Secure:
https://www.vadesecure.com I have seen a few messages with ME_VADESPAM and ME_VADEPHISHING. In most cases the ME_VADESPAM messages had other spam tags (such as front the Bayes filter) which were negative enough to not trigger my spam settings (which I have modified from the defaults). I just received a ME_VADEPHISHING message which should have been classified as spam except the weight applied was only 1 so the spam score was too low. My guess is that Fastmail has recently starting using the vadesecure results and they are experimenting with the weight of these failures. Were your ME_VADESPAM false positives from messages which were forwarded or sent through a message board or some other mailing list server? Bill |
18 Nov 2018, 07:31 PM | #5 |
The "e" in e-mail
Join Date: Sep 2004
Location: The Netherlands
Posts: 2,905
|
|
18 Nov 2018, 10:29 PM | #6 |
The "e" in e-mail
Join Date: Feb 2002
Posts: 2,937
|
No, just regular messages. And the value for both ME_VADESPAM and ME_VADEPHISHING has been 5. Previously, my "move to SPAM" setting was 6.0, so I had to adjust it to 6.5 to account for the new aggressive service.
|
18 Nov 2018, 11:15 PM | #7 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,926
|
Be sure they are not fake. Then I suggest reporting them as non-spam and filing a Fastmail support request attaching those messages.
|
6 Dec 2018, 12:54 AM | #8 |
Essential Contributor
Join Date: Jan 2017
Posts: 278
|
In addition to ME_VADESPAM and ME_VADEPHISHING, I'm seeing ME_VADESCAM and ME_VADEDCE.
Based on this article, which explains some of Vade's terminology, DCE is "bad reputation marketing/Commercial Email" (I'm guessing the D is for disreputable). There are several Vade headers, but the x-vs= section of the Authentication-Results header seems to be the most complete. I'm seeing entries like: Code:
x-vs=clean score=69 state=0 x-vs=clean score=91 state=0 x-vs=commercial:dce score=107 state=12 x-vs=commercial:mce score=17 state=11 x-vs=commercial:pce score=7 state=10 x-vs=malware score=9999 state=2 x-vs=phishing score=190 state=101 x-vs=phishing score=300 state=101 x-vs=spam score=100 state=1 x-vs=spam score=700 state=1 x-vs=transactional:account score=20 state=14 x-vs=transactional:alerts score=50 state=14 x-vs=transactional:purchases score=10 state=14 The article I quoted above states: "The score is a arbitrary number given by Vade. It is NOT an indicator that an email is SPAM or SN or any of the other statuses mentioned". Despite that there's a clear threshold of 100. The state seems to be an alternative version of the classification, but oddly with less information for transactional email. The phishing classification seems particularly weak. So far I've had 1 FP, on an ordinary email from a family member, and 6 hits on spam. Of those 6 spams, only 1 could be called a phish, and 1 was an obvious ED spam. |
14 Dec 2018, 03:17 PM | #9 |
Junior Member
Join Date: Aug 2007
Posts: 9
|
"ME_VADESPAM 5" - Issue solved
hi,
in my case my internet router had sent a status email to my fastmail-account (using an app-password) and it got marked as spam because of "ME_VADESPAM 5". I opened a ticket on this problem with fastmail. Yassar from fastmail checked it with the engineers and answered today that the issue is now solved. Cheers, lesslame |
2 Jan 2019, 03:00 AM | #10 |
Cornerstone of the Community
Join Date: Mar 2002
Location: Florida
Posts: 545
|
It's not solved for me. In the past two days, three emails from the ACLU (definitely valid) dropped into my "probably junk to be reviewed" folder. ME_VADESPAM is still assigning a +5. This is with "x-vs=spam score=349 state=1" in Authentication-Results. I will open a ticket ... as if I didn't already have enough to do today.
Edward |
2 Jan 2019, 03:43 AM | #11 |
Cornerstone of the Community
Join Date: Mar 2002
Location: Florida
Posts: 545
|
Update: it's actually SEVEN false positives in the past month. The three previously mentioned, and one more from the ACLU, are only the tip of the iceberg. Far more concerning were two important emails from a close friend, and my city utility bill.
If FM doesn't get rid of this rule fast, or at least reduce the score to 2, I'll be forced to add Sieve rules to circumvent it. Adding rule to avoid spam filters is certainly the wrong way to solve this problem! OK, I've sent my report. Edward |
2 Jan 2019, 05:50 AM | #12 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,926
|
|
2 Jan 2019, 08:16 AM | #13 |
Cornerstone of the Community
Join Date: Jul 2009
Posts: 879
|
Latin meaning of "vade mecum"
It literally means "come with me" and is used to mean a guidebook that one carries in a pocket.
From the Merriam Webster dictionary (not quite right about the Latin, but close enough): vade mecum noun va·de me·cum | \ˌvā-dē-ˈmē-kəm, ˌvä-dē-ˈmā- \ * 1 : a book for ready reference : MANUAL 2 : something regularly carried about by a person Vade mecum is Latin for go with me (it derives from the Latin verb vadere, meaning "to go.") In English, "vade mecum" has been used (since at least 1629) of manuals or guidebooks sufficiently compact to be carried in a deep pocket. But from the beginning, it has also been used for such constant companions as gold, medications, and memorized gems of wisdom. Example of vade mecum in a Sentence "By the time the last of its five massive volumes appeared, in 1959, the Sowerby catalog had become the vade mecum of Jefferson scholarship." — Jorge Dionis, Town & Country, "Turn Up the Volumes," 6 Dec. 2013 First Known Use of vade mecum 1629, in the meaning defined at sense 1 History and Etymology for vade mecum borrowed from Latin, "go with me" |
12 Jan 2019, 11:28 PM | #14 | |
Cornerstone of the Community
Join Date: Mar 2002
Location: Florida
Posts: 545
|
Quote:
I automatically whitelist my address book. IOW, my Sieve code that tests spam scores is guarded by Code:
if not header :contains ["X-Spam-known-sender"] "yes" { }
I did get a response from Yassar Ali on Jan 4 -- forgot to come back here and update, so thanks for the reminder -- saying "it appears the reason for these false positives has now been mitigated". Of course that's the same thing he told Lesslame in mid December. Since them, I've been keeping an eagle eye on what drops into junk mail, and I've had no more false positives, and I have received email from the personal correspondent who was being blocked. I'm really more upset that FM is introducing new tests that essentially override all other tests, instead of starting the new tests with small scores and gradually ramping them up. A few months ago it was ME_PHISHING_URL at 10, now ME_VADE_SPAM at 5. Basically they are repeatedly saying oh, we have this new test that we immediately trust more than all the tests (including the Bayesian ones) that have been in place for years. Edward |
|
21 Jan 2019, 05:33 PM | #15 |
Junior Member
Join Date: Aug 2007
Posts: 9
|
Problem still there
hi again,
last night the problem occurred once more in my account. I will re-open my old ticket. Cheers, lesslame |
Thread Tools | |
|
|