[Linux-aus] PSA: Messages sent through LA mailing lists being classified as SPAM
blakjak at blakjak.net
Thu Jan 14 09:27:26 AEDT 2016
On 14/01/2016 10:57 a.m., Adam Nielsen wrote:
>> Their spam engines are commercial in nature and whilst pretty
>> accurate, do false-positive occasionally. It suggests that something
>> about the email content/payload matches an email previously reported
>> as spam to one of the engines concerned.
> I run my own Spamassassin install and I've also had to whitelist
> linux-aus otherwise many messages end up classified as spam. This
> isn't unique to linux-aus though, it affects many mailing lists.
Depends on what's doing the classification, but I agree the problem of
false-positives for mailing lists is not isolated to just LA lists.
>> If one of the list administrators is able to capture one or more of
>> the emails that was bounced, it can be sent to
>> emailsupport at smxemail.com with the comment 'false positive' and they
>> can re-check it and if still reporting as spam, attempt to correct
>> this. Otherwise a warning for anyone else employing anti-spam
> I think the problem is DKIM/SPF combined with a mailing list. Since
> mailing list software adds "[linux-aus]" to the subject, and changes
> the 'To' field, any sender using DKIM to sign messages will cause the
> message validation to fail, as the modified message no longer matches
> what the sender signed with their the DKIM key.
I'm pretty sure that won't be the case here - full disclosure, I used to
run the Operations team at SMX and have a good understanding of their
platform. Unlikely to be SPF (the envelope-sender for mailman traffic is
rewritten) as SMX would reject an SPF failure outright. DKIM also
unlikely unless they've changed something since I left. Most likely,
the message body contains several parameters that were used as markers
on a message that has been reported as spam in the past (classic is
people who click on the 'report as spam' inside a Webmail UI, without
considering the ramifications of doing so).
> On top of that, anyone using SPF will see the e-mail comes from a Linux
> Australia server which is not an authorized sender for that e-mail
> domain, so that will also cause the message to be flagged as spam as
> it looks no different to some compromised home PC sending spam from
> that e-mail address also.
See above; SPF doesn't trigger on the From: header, but instead on the
envelope-sender (the MAIL FROM: line during the SMTP transaction). The
envelope-sender for Mailman traffic is set up as -bounces for the list,
so that bounces are trapped and actioned correctly. You'll see this as
the sender detail in the CSV I attached earlier.
More information about the linux-aus