False Positives from ME_VADESPAM
Lately, I've been receiving quite a few legitimate emails in my SPAM folder. When checking the headers, they all have the same SA rule causing the email to be marked SPAM: ME_VADESPAM 5.
Is VadeSpam new? The only reference I'm able to find regarding VadeSpam is a different email forum where the poster is having the same problem (with VadeSpam being overly aggressive). |
Vadespam
I have not heard of it before. Very few English language results when searching. I did find this from 2 years ago specific to DreamHost:
"Spam Filtering is terrible, I’m seeing literally a 50% false positive rate." https://discussion.dreamhost.com/t/f...iltering/63813 |
Many of the meanings of "vade" in other languages seem to revolve around expiration, date, time etc. If might be interesting to look at the domains associated with the senders of the emails. Maybe, there is an expired certificate or something causing the messages not to be trusted.
|
I’m pretty sure the term “vade” is from the company Vade Secure:
https://www.vadesecure.com I have seen a few messages with ME_VADESPAM and ME_VADEPHISHING. In most cases the ME_VADESPAM messages had other spam tags (such as front the Bayes filter) which were negative enough to not trigger my spam settings (which I have modified from the defaults). I just received a ME_VADEPHISHING message which should have been classified as spam except the weight applied was only 1 so the spam score was too low. My guess is that Fastmail has recently starting using the vadesecure results and they are experimenting with the weight of these failures. Were your ME_VADESPAM false positives from messages which were forwarded or sent through a message board or some other mailing list server? Bill |
Quote:
|
Quote:
|
Quote:
|
In addition to ME_VADESPAM and ME_VADEPHISHING, I'm seeing ME_VADESCAM and ME_VADEDCE.
Based on this article, which explains some of Vade's terminology, DCE is "bad reputation marketing/Commercial Email" (I'm guessing the D is for disreputable). There are several Vade headers, but the x-vs= section of the Authentication-Results header seems to be the most complete. I'm seeing entries like: Code:
x-vs=clean score=69 state=0 The article I quoted above states: "The score is a arbitrary number given by Vade. It is NOT an indicator that an email is SPAM or SN or any of the other statuses mentioned". Despite that there's a clear threshold of 100. The state seems to be an alternative version of the classification, but oddly with less information for transactional email. The phishing classification seems particularly weak. So far I've had 1 FP, on an ordinary email from a family member, and 6 hits on spam. Of those 6 spams, only 1 could be called a phish, and 1 was an obvious ED spam. |
"ME_VADESPAM 5" - Issue solved
hi,
in my case my internet router had sent a status email to my fastmail-account (using an app-password) and it got marked as spam because of "ME_VADESPAM 5". I opened a ticket on this problem with fastmail. Yassar from fastmail checked it with the engineers and answered today that the issue is now solved. Cheers, lesslame |
It's not solved for me. In the past two days, three emails from the ACLU (definitely valid) dropped into my "probably junk to be reviewed" folder. ME_VADESPAM is still assigning a +5. This is with "x-vs=spam score=349 state=1" in Authentication-Results. I will open a ticket ... as if I didn't already have enough to do today.
Edward |
Update: it's actually SEVEN false positives in the past month. The three previously mentioned, and one more from the ACLU, are only the tip of the iceberg. Far more concerning were two important emails from a close friend, and my city utility bill.
If FM doesn't get rid of this rule fast, or at least reduce the score to 2, I'll be forced to add Sieve rules to circumvent it. Adding rule to avoid spam filters is certainly the wrong way to solve this problem! OK, I've sent my report. Edward |
Quote:
Bill |
Latin meaning of "vade mecum"
It literally means "come with me" and is used to mean a guidebook that one carries in a pocket.
From the Merriam Webster dictionary (not quite right about the Latin, but close enough): vade mecum noun va·de me·cum | \ˌvā-dē-ˈmē-kəm, ˌvä-dē-ˈmā- \ * 1 : a book for ready reference : MANUAL 2 : something regularly carried about by a person Vade mecum is Latin for go with me (it derives from the Latin verb vadere, meaning "to go.") In English, "vade mecum" has been used (since at least 1629) of manuals or guidebooks sufficiently compact to be carried in a deep pocket. But from the beginning, it has also been used for such constant companions as gold, medications, and memorized gems of wisdom. Example of vade mecum in a Sentence "By the time the last of its five massive volumes appeared, in 1959, the Sowerby catalog had become the vade mecum of Jefferson scholarship." — Jorge Dionis, Town & Country, "Turn Up the Volumes," 6 Dec. 2013 First Known Use of vade mecum 1629, in the meaning defined at sense 1 History and Etymology for vade mecum borrowed from Latin, "go with me" |
Quote:
I automatically whitelist my address book. IOW, my Sieve code that tests spam scores is guarded by Code:
if not header :contains ["X-Spam-known-sender"] "yes" {
I did get a response from Yassar Ali on Jan 4 -- forgot to come back here and update, so thanks for the reminder -- saying "it appears the reason for these false positives has now been mitigated". Of course that's the same thing he told Lesslame in mid December. Since them, I've been keeping an eagle eye on what drops into junk mail, and I've had no more false positives, and I have received email from the personal correspondent who was being blocked. I'm really more upset that FM is introducing new tests that essentially override all other tests, instead of starting the new tests with small scores and gradually ramping them up. A few months ago it was ME_PHISHING_URL at 10, now ME_VADE_SPAM at 5. Basically they are repeatedly saying oh, we have this new test that we immediately trust more than all the tests (including the Bayesian ones) that have been in place for years. Edward |
Problem still there
hi again,
last night the problem occurred once more in my account. I will re-open my old ticket. Cheers, lesslame |
All times are GMT +9. The time now is 06:34 AM. |
Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy