[Openchrome-users] False positives on spam?

Philip Prindeville philipp_subx
Sat Apr 22 12:10:21 PDT 2006 

Hi.

I'm seeing the following:

Apr 22 12:27:24 mail mimedefang.pl[3399]: helo: 1-1-8-31a.gmt.gbg.bostream.se (82.182.75.118) said "helo mail.shipmail.org"
Apr 22 12:27:25 mail sendmail[4236]: k3MIRO51004236: from=<openchrome-users-bounces at openchrome.org>, size=3873, class=-30, nrcpts=1, msgid=<078.7e9728bfac18142c8d40d271129fed6f at openchrome.org>, proto=ESMTP, daemon=MTA-v4, relay=1-1-8-31a.gmt.gbg.bostream.se [82.182.75.118]
Apr 22 12:27:26 mail mimedefang.pl[3399]: k3MIRO51004236: hits=7.543, req=5, names=L_FORGN_SUBJ,SUBJECT_ENCODED_TWICE,SUBJECT_EXCESS_QP
Apr 22 12:27:26 mail mimedefang.pl[3399]: MDLOG,k3MIRO51004236,spam,7.543,82.182.75.118,<openchrome-users-bounces at openchrome.org>,<philipp_subx at redfish-solutions.com>,Re: [Openchrome-users] =?utf-8?q?=5BopenChrome=5D_=2333=3A_Video_corr?= =?utf-8?q?uption_on_via_sp13000_=28CN400=29?=
Apr 22 12:27:26 mail mimedefang.pl[3399]: filter: k3MIRO51004236:  bounce=1 discard=1
Apr 22 12:27:26 mail mimedefang[11357]: k3MIRO51004236: Bouncing because filter instructed us to
Apr 22 12:27:26 mail sendmail[4236]: k3MIRO51004236: Milter: data, reject=554 5.7.1 Message rejected; scored too high on the Spam test.



Sigh.

There are two things wrong with this email.

First, the relevant RFC's (and I would have to dig out the numbers)
mandate that a message that CAN be encoded in the smallest (most
restricted encoding) MUST be done as such.

I.e. if a UTF-8 message uses on ISO 8859-1 characters, it must be
downgraded to that encoding.  If an ISO 8859-1 message uses only
the lower page (i.e. 0x00-0x7e) characters, then it in turn must be
downgraded to US-ASCII.  And so on.

There was nothing in that subject line that wasn't US-ASCII, so
no explicit encoding was required...

Secondly, putting an explicit encoding in the subject line two or more
times (when it's the same encoding) is a sure-fire spam-sign...

Why am I bringing this up?

Well, people send out malformed email because of their broken mailers,
which our site properly rejects (as it should) for being non-compliant
with the applicable RFC's...  then the list mailer detects that we're
dropping
messages and threatens to revoke our list membership.

That's not right.

People:  please fix your mailers or switch to another vendor that's less
broken.

Thanks,

-Philip

More information about the Openchrome-users mailing list