AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Spamassassin tester3/16/2023 Standard description: Bayes spam probability is 1 to 5% If the user receives the same message via a new unlisted relay, the Bayesian algorithm will assign a high score to it based on previous experience.Ĭonversely, if a user receives a regular newsletter from a fitness club, and one issue makes reference to diet pills and weight loss (which would normally flage the message as spam), the Bayesian algorithm will assign a lower score to it. For instance, a user may receive a particular spam message several times via a relay identified in a DNSBL, so that SpamAssassin correctly identifies it as spam. This can assign both positive and negative scores. SpamAssassin includes a Bayesian filter that assigns scores based on the user's previous email history. Standard description: Bayes spam probability is 0 to 1% Standard description: base 64 with length 79 and on. Thus a mail from a previous sender that's otherwise scored higher than average may receive a negative score a mail scored lower than average may receive a positive score.Īccording to, base 64 should only be 76 chars long, so these are out of format. The auto white-list (AWL) keeps track of the scores associated with known senders and pushes the total score for the mail toward the average for the sender. Standard description: From: address is in the auto white-list As such addresses containing them use may be considered unusual. Note that, while the email address specification allows for apostrophes to be included in the local-part of an address, use of apostrophes has been historically discouraged for security and interoperability reasons. The apostrophe character "'" appears in the address part of the From: header. Standard description: From address contains an apostrophe If that message is obviously spam, and you think it should have been caught by DNS tests, then your trust path is configured incorrectly. If your message hits on the ALL_TRUSTED rule, it means that all of the Received: headers in the message were inserted by SMTP relays you have indicated are "TrustedRelays" and the "from" part of the Received: header is also from one of your "TrustedRelays" consequently, no tests of the source of the message (for example, tests against DNSBlocklists) will be performed. "Trusted" does not mean "trusted to not send spam." It means "trusted to not forge Received: headers." Standard description: Passed through trusted hosts only via SMTP See Wikipedia for details regarding Advance fee fraud. I even linked this answer in the rule description so your users can learn more.Listing non-exhaustif des Roles SpamAssasinĪ phrase in the email body has been found that is commonly found in advance fee fraud spam. It's good to take credit for your rules so that they can be easily identified as yours (rather than upstream SpamAssassin's) when something goes wrong and "credit" becomes "blame" □. There is almost no spam using a link with over 1024 characters (S/O = 0.057). By my tests, the best range is 192-256 characters, but even that is too weak (S/O = 0.862) to be terribly useful. No size range is going to have a terribly good spam:ham ratio an S/O, aka precision, of 0.900 is possibly acceptable, but you really want to be closer to 1.000. You'll hit more non-spam ("ham") than spam under 128 characters. I took out the comma & semi-colon as those could be parts of URLs and a legitimate message would only have its URLs lengths as one character too long, so you're probably fine with just I fight spam for a living and have lots of data at my fingertips. That will technically work, though I'm sure you'll find it fires on a LOT of non-spam, marketing mail in particular, especially if you keep that bound at 100 characters (that's small!). Try this instead: body YELLO_LONG_BODY_URL YELLO_LONG_BODY_URL 100+ char URL, As you've written it above, there are some syntax issues and some unnecessary computational costs. To work around the new TLD issue, you do indeed need a body rule.
0 Comments
Read More
Leave a Reply. |