7908 – Domain PRO is treated as spam

Bug 7908 - Domain PRO is treated as spam

Summary: Domain PRO is treated as spam

Status:	RESOLVED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (show other bugs)
Version:	unspecified
Hardware:	PC Windows NT

Importance:	P2 normal
Target Milestone:	Undefined
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2021-05-10 22:06 UTC by WebStars
Modified:	2021-05-13 01:14 UTC (History)
CC List:	6 users (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description WebStars 2021-05-10 22:06:56 UTC

I'm using one of the most SPAM-CLEAR domain .PRO.
I don't send any spam but all the time my doesn't reach receipients.
Because they are classifies as spam. It doesn't matter what I sent. Always it is a spam.

I noticed that this is problem when recipient's server using Spam Assassin and classify my e-mail:
2.0 PDS_OTHER_BAD_TLD
1.8 FROM_SUSPICIOUS_NTLD_FP 
0.5 FROM_SUSPICIOUS_NTLD

Domain PRO is treated as a source of spam, but this is absolutely untruth.
https://www.scoutdns.com/most-abused-top-level-domains-list-october-scoutdns/
Domain PRO is responsible for 0,1% of world's spam but domain COM for 65% of spam.
Domain COM should be completely blocked for ever but PRO is the most trusted and should be unlocked on all SpamAssassin servers.

What can you do with that?
How can you help?

Comment 1 Kevin A. McGrail 2021-05-11 01:08:11 UTC

Those rules are promoted based on evidence in corpora.  Additionally, many of the newer TLDs do not have appropriate fraud protection.

If you have a FP with the domain, add a sample to pastebin for consideration.  The hits you are listing below show a system not running sa-update for rule updates.

Additionally, the rules you are listing are not up to date PDS_PRO_TLD was created specifically to check the S/O of the rule independently of other domains.

Comment 2 WebStars 2021-05-11 08:10:09 UTC

One customer send me this diagnostic info:
Szczegó³y analizy zawarto¶ci: (8.0 zaliczonych, 5.5 wymaganych)

pkt  nazwa regu³y           krótki opis
---- ---------------------- -------------------------------------------
 3.5 BAYES_99               BODY: Bayesowskie prawdopodobieñstwo spamu wynosi 99 do
                             100%
                            [score: 0.9986]
-0.0 SPF_PASS               SPF: sender matches SPF record
 2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
                            [URI: webstars.pro (pro)]
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
                            mail domains are different
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 HTML_MESSAGE           BODY: Wiadomo¶æ zawiera kod HTML
-0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                            author's domain
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                            valid
 1.8 FROM_SUSPICIOUS_NTLD_FP From abused NTLD
 0.5 FROM_SUSPICIOUS_NTLD   From abused NTLD

Comment 3 Loren Wilton 2021-05-11 09:48:47 UTC

4.3 points just for a PRO domain does seem just a bit excessive.
Of course the bayes_99 score didn't help, but I find it hard to believe that any domain name in itself is worth more than maybe 2 points.

Comment 4 WebStars 2021-05-11 09:55:23 UTC

It would be better to get rid of that:
2.0 PDS_OTHER_BAD_TLD
1.8 FROM_SUSPICIOUS_NTLD_FP 
0.5 FROM_SUSPICIOUS_NTLD

I don't send any spam, any email marketing campaings.
My server use DKIM.

But almost all my emails go to Spam and my recipient don't see them.

One server admin told me that if SpamAssassing change its rules to not treat PRO domain as Untrustworthy TLDs or SUSPICIOUS_NTLD it will be better.
That's why I'm posting here.

I can not normally run my bussiness because of that.

Help.

Comment 5 Henrik Krohns 2021-05-11 10:08:15 UTC

You have already been told that the rules are not current.

Only thing that will currently hit is:

1.0 PDS_PRO_TLD

Redirect your queries to the clueless server admins who run out-of-date SpamAssassin versions/rules.

Comment 6 WebStars 2021-05-11 16:52:16 UTC

(In reply to Henrik Krohns from comment #5)
> You have already been told that the rules are not current.
> 
> Only thing that will currently hit is:
> 
> 1.0 PDS_PRO_TLD
> 
> Redirect your queries to the clueless server admins who run out-of-date
> SpamAssassin versions/rules.

It was a bit of sarcasm?
:-)

Comment 7 WebStars 2021-05-12 11:11:27 UTC

Who can change this?
2.0 PDS_OTHER_BAD_TLD
1.8 FROM_SUSPICIOUS_NTLD_FP 
0.5 FROM_SUSPICIOUS_NTLD

in order not to treat PRO domains as SPAM

?
Is here any person who can process it,  reprogramm SpamAssassin rules?
Or something like that?

Comment 8 Kevin A. McGrail 2021-05-12 11:25:03 UTC

As mentioned before, the rules are fixed. Whatever system is hitting those rules, is poorly maintained and not running rule updates.

Contact the administrators of that server and stop reopening this ticket.

Comment 9 WebStars 2021-05-12 11:30:16 UTC

This ticket has not been solved.
I can NOT contact with all server administrators around the world if I want to send email.
It is ridiculous idea.

Each rules can be changed.

COM domain should be completely blocked.

Spam Assassing rules block PRO domain as untrusted.
It not truth.
It should be changed. I can't run my business.

Are you going to help or only close the ticket to have more free time?

Comment 10 RW 2021-05-12 13:57:21 UTC

(In reply to WebStars from comment #9)
> This ticket has not been solved.
> I can NOT contact with all server administrators around the world

And neither can the SpamAssassin project.

Comment 11 John Hardin 2021-05-12 14:45:40 UTC

(In reply to WebStars from comment #9)
> Spam Assassing rules block PRO domain as untrusted.

The currently published rules *do not* do so.

> It should be changed.

It *has been* changed.

> Are you going to help or only close the ticket to have more free time?

The SpamAssassin project has done all it can to address this problem. The currently published rules only score *one* point for mailing from or mentioning the .pro domain.

SA is not centrally controlled. The SA project *publishes* rules for sites to download and install, it does not *push* them onto all existing SA installs. We have no control over sites that are using stale rules. We cannot force them to update their rules.

SpamAssassin installations do not register, so the SA project has no way to know where SA is being used, or what portion of those installs are stale or misconfigured. We have no way to contact them unless they voluntarily subscribe to the SA Users mailing list.

We're not simply ignoring you, or the problem. We've done all we can to fix it.

If a customer of yours sees a message from you being scored like that, then they (or you) need to contact *their* ISP and tell them their SpamAssassin install is stale and is rejecting messages it should not. I'm sorry that that is the best we can do, but it is, and ranting about it won't change that situation.

Comment 12 WebStars 2021-05-12 19:03:29 UTC

Thank you for the long answer.
Now I understand what's going on.
Thanks.

Comment 13 John Hardin 2021-05-13 01:14:12 UTC

(In reply to WebStars from comment #12)
> Thank you for the long answer.
> Now I understand what's going on.
> Thanks.

You're welcome.