![]() |
SA Bugzilla – Full Text Bug Listing |
Summary: | Genuine Hotmail emails being marked highly due to FORGED_HOTMAIL_RCVD test. | ||
---|---|---|---|
Product: | Spamassassin | Reporter: | Nikki Doyle <n.doyle> |
Component: | Rules | Assignee: | SpamAssassin Developer Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | P5 | ||
Version: | 3.1.7 | ||
Target Milestone: | Undefined | ||
Hardware: | PC | ||
OS: | Linux | ||
Whiteboard: | |||
Attachments: |
Headers or an email & spam test result for FORGED_HOTMAIL_RCVD problem.
Another real Hotmail message tagged as forged |
Description
Nikki Doyle
2007-01-29 02:45:43 UTC
Created attachment 3845 [details]
Headers or an email & spam test result for FORGED_HOTMAIL_RCVD problem.
Thanks.
Your attachment is a Microsoft Word document :-( But I confirm what you find: most or all hotmail mail is marked with FORGED_HOTMAIL_RCVD these days. Maybe as a result of a restructuring in their network. X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on firewall. X-Spam-Level: ****** X-Spam-Status: Yes, score=6.2 required=4.0 tests=AWL,BAYES_99, DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,FORGED_HOTMAIL_RCVD, HTML_IMAGE_ONLY_08,HTML_MESSAGE,SPF_PASS autolearn=no version=3.1.7 X-Spam-Report: * -0.0 SPF_PASS SPF: sender matches SPF record * 2.3 FORGED_HOTMAIL_RCVD Forged hotmail.com 'Received:' header found * 0.0 HTML_MESSAGE BODY: HTML included in message * 3.1 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 0.9983] * 0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org * 0.2 DNS_FROM_RFC_POST RBL: Envelope sender in * postmaster.rfc-ignorant.org * -3.2 AWL AWL: From: address is in the auto white-list X-Envelope-From: <aaaaaaaaaaaa@hotmail.com> Received: from bay0-omc3-s41.bay0.hotmail.com ([65.54.246.241]) by xl with ESMTP id 1171032199-17249-1 for <mmmmmmmmmmmmmmm>; Fri, 09 Feb 2007 15:43:19 CET Received: from BAY106-W10 ([65.54.161.110]) by bay0-omc3-s41.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Fri, 9 Feb 2007 06:43:14 -0800 Created attachment 3877 [details]
Another real Hotmail message tagged as forged
Same problem, slightly different headers. I have a local rule that gives extra
weight to anything claiming to be from Hotmail, but that's not related to this
bug.
thanks for the working sample, John. with 3.2.0: Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 HTML_MESSAGE BODY: HTML included in message |