spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jones <djo...@ena.com>
Subject Re: Malformed spam email gets through.
Date Mon, 01 Jan 2018 20:01:42 GMT
On 01/01/2018 01:30 PM, Alan Hodgson wrote:
> On Mon, 2018-01-01 at 10:29 -0500, Bill Cole wrote:
>> On 1 Jan 2018, at 9:59 (-0500), David Jones wrote:
>>
>>> I think some mail systems will keep the same message-ID per email 
>>> thread so your system must reject some replies. 
>>
>>
>> I have not seen such behavior in the past 20 years...
>>
>> Intentionally re-using another site's MIDs is so wrong that I'd happily
>> make it break hard.
>>
>> HOWEVER, the idea of enforcing any standard on MIDs beyond gross format
>> (e.g.: <[[:ascii:]]{3,996}>) on a system where the admin isn't the sole
>> user is ludicrous.
> 
> I've had good success junking anything with one of my domains in the 
> message-id, where I know the mail isn't actually from someone in that 
> domain. That's a pretty solid spam signature.
>

I too have seen spam with my own domain in the Message-ID but I combined 
it with a meta rule of !ALL_TRUSTED to be safe.  You are correct.  This 
is a good indicator of spam but each person is going to have to create 
this local rule unless someone wants to write a plugin that can detect 
this dynamically.

> Lack of any message-id is also significant, but sadly there are still 
> some real senders sending mail with no message-id.

-- 
David Jones

Mime
View raw message