View Single Post
Old 22 Apr 2019, 01:38 AM   #26
The "e" in e-mail
Join Date: Jan 2002
Location: San Francisco
Posts: 2,429
Originally Posted by snsh View Post
My FM mailbox just received false-positive spam email because of VADESPAM.

X-Spam-hits: BAYES_50 0.8, DCC_CHECK 1.1, ME_VADESPAM 5, ME_ZS_CLEAN -0.001, RCVD_IN_DNSWL_MED -2.3, SPF_PASS -0.001, LANGUAGES en, BAYES_USED user, SA_VERSION 3.4.2
This is surprising since it's a plaintext message from a .GOV sender containing no URLs at all, just a one-time code for 2FA. SPF, DKIM, and DMARC all pass. Only failure I see in the headers is x-ptr due to HELO misalignment.

Please consider adding rules that help .GOV and .MIL senders. Those two TLDs are tightly locked down.
If they’re not tightly locked down, actually. The amount of spam and botnet traffic coming from .gov controlled IP addresses is astounding. Astoundingly large that is. And as you mention they can’t even get HELO aligned?

And the (net) spam score was only three point something.

But I agree if there is some room for tweaking. SPF, DKIM, and DMARC all pass should be worth a bit more than -0.001. -0.1, perhaps?
(I suppose the weights can be customized with some complex sieve scripting but) I think that the defaults should have some more reasonable values.
elvey is offline   Reply With Quote