nmh-workers
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Nmh-workers] Emails being tagged as spam -- NMH solution???

2015-03-02 20:15:21
from [Bob Carragher] [Permanent Link][Original] 
On Mon, 02 Mar 2015 20:57:10 -0500 Ken Hornstein <kenh(_at_)pobox(_dot_)com> 
sez:


    Re: [SPAM:#####] <original-subject>

with the number of "#"s indicating how strongly the tagging is.
(This had happened previously, but the number of "#"s never
exceeded 3.) Also, their list servers are now silently rejecting
my posts, whereas that had never occurred previously.  (If I
switch back to using sendmail, then the posts go through to the
mailing lists.)


It looks like Stanford uses Proofpoint:

https://itservices.stanford.edu/service/emailcalendar/email/spam/antispam

And there should be a X-Proofpoint-Spam-Details header that
should give you some information.  But a quick Googling
suggests to me that Proofpoint is notoriously stingy on what
those things mean.


Yep!  Here's 1 set from the header of the above message:

     X-Proofpoint-Virus-Version: vendor=fsecure 
engine=2.50.10432:5.13.68,1.0.33,0.0.0000
      definitions=2015-03-01_03:2015-02-27,2015-03-01,1970-01-01 signatures=0
     X-Proofpoint-Spam-Details: rule=spam policy=default score=99 spamscore=99 
suspectscore=7 phishscore=0
      adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1
      engine=7.0.1-1402240000 definitions=main-1503010244

It's pretty clear why they tagged my message with 5 "#"s.

There are three occurrences of the following, associated with
Received: entries, in the header:

     (No client certificate requested)

I'm guessing that those are harmless.

There's also an "spf=softfail" in there.

     Authentication-Results: mx.google.com <http://mx.google.com>;
            spf=softfail (google.com <http://google.com>: domain of 
transitioning dnc2dnc(_at_)gmail(_dot_)com <dnc2dnc(_at_)gmail(_dot_)com> does 
not designate 171.67.219.78 as permitted sender) 
smtp.mail=dnc2dnc(_at_)gmail(_dot_)com <dnc2dnc(_at_)gmail(_dot_)com>;
            dkim=fail header.i=@gmail.com <http://gmail.com>;
            dmarc=fail (p=NONE dis=NONE) header.from=gmail.com 
<http://gmail.com>

Note that 171.67.219.78 is smtp-grey.stanford.edu.

Might this be the smoking gun?

                                Bob

_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Nmh-workers] Default setup broken on Debian?, David Levine
Next by Date:  Re: [Nmh-workers] Emails being tagged as spam -- NMH solution???, Ken Hornstein
Previous by Thread:  Re: [Nmh-workers] Emails being tagged as spam -- NMH solution???, Ken Hornstein
Next by Thread:  Re: [Nmh-workers] Emails being tagged as spam -- NMH solution???, Ken Hornstein
Indexes:  [Date] [Thread] [Top] [All Lists]