*****SPAM***** AMT with ST 37 tour

Paul Mather paul at GROMIT.DLIB.VT.EDU
Sat Feb 7 11:36:56 EST 2015


Keith,

> Content preview:  Hi Folx... I hope this doesn't come through as SPAM again
>  (how do I get that fixed?)... Anyway, on the subject of AMT, I just discovered
>   this upcoming tour... [...] 
> 
> Content analysis details:   (5.5 points, 5.0 required)
> 
> pts rule name              description
> ---- ---------------------- --------------------------------------------------
> 2.4 DNS_FROM_AHBL_RHSBL    RBL: Envelope sender listed in dnsbl.ahbl.org
> -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, low
>                            trust
>                            [98.139.212.180 listed in list.dnswl.org]
> 0.6 FROM_STARTS_WITH_NUMS  From: starts with many numbers
> 0.3 FROM_LOCAL_HEX         From: localpart has long hexadecimal sequence
> 0.0 FREEMAIL_FROM          Sender email is freemail (khenders64[at]yahoo.com)
> -0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
>                            domain
> -0.0 SPF_PASS               SPF: sender matches SPF record
> 2.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
>                            digit (khenders64[at]yahoo.com)
> 0.0 T_TO_NO_BRKTS_FREEMAIL T_TO_NO_BRKTS_FREEMAIL

Your e-mail was marked as spam because of the various factors above.  Interestingly enough, quite a few of the "spam score" points came from the fact that your e-mail address username (khenders64) ends in digits and you use a free e-mail service.  I can see the logic in the rule, but I can also see why it would be almost impossible not to fall foul of it these days because all the intelligible usernames have all been taken by now. :-)

I believe the uptick in posts being marked as spam recently might be due to the first rule that got you: "RBL: Envelope sender listed in dnsbl.ahbl.org."  It appears from this posting---http://www.ahbl.org/content/last-notice-wildcarding-services-jan-1st---that, as of the 1st January 2015, that block list is flagging everyone as sending from a spam source.  Their note says this:

=====
As promised in April, on Jan 1st, 2015, i'll be wildcarding all zones no longer in operation - this includes rhsbl.ahbl.org, dnsbl.ahbl.org, and ircbl.ahbl.org.  This means that these services will return positive responses for any queries.
If you are still using these services, this may cause you to incorrectly tag e-mail as spam, or create other unintended consequences.  Fix and maintain your servers, now.  Do not contact us about 'removing' your domain or IP address from our lists, as there is nothing we can do for you.
=====

The reason for this is that it seems they are shutting down their public service, and so returning a positive response for every query is a way to prod mail server admins to stop using their blacklist.  For us on BOC-L, it means we're almost half way to being labelled as spam with every post. :-)

Ben (the moderator) should contact the mail server admins and get them to stop subscribing to the dnsbl.ahbl.org blacklist.  That should help with the false positives we are seeing lately with regard to spam flagging.

Cheers,

Paul.


More information about the boc-l mailing list