[Linux-aus] PSA: Messages sent through LA mailing lists being classified as SPAM

Mark Foster blakjak at blakjak.net
Thu Jan 14 09:27:26 AEDT 2016



On 14/01/2016 10:57 a.m., Adam Nielsen wrote:
>> Their spam engines are commercial in nature and whilst pretty
>> accurate, do false-positive occasionally. It suggests that something
>> about the email content/payload matches an email previously reported
>> as spam to one of the engines concerned.
> I run my own Spamassassin install and I've also had to whitelist
> linux-aus otherwise many messages end up classified as spam.  This
> isn't unique to linux-aus though, it affects many mailing lists.

Depends on what's doing the classification, but I agree the problem of 
false-positives for mailing lists is not isolated to just LA lists.

>> If one of the list administrators is able to capture one or more of
>> the emails that was bounced, it can be sent to
>> emailsupport at smxemail.com with the comment 'false positive' and they
>> can re-check it and if still reporting as spam, attempt to correct
>> this.  Otherwise a warning for anyone else employing anti-spam
>> software.
> I think the problem is DKIM/SPF combined with a mailing list.  Since
> mailing list software adds "[linux-aus]" to the subject, and changes
> the 'To' field, any sender using DKIM to sign messages will cause the
> message validation to fail, as the modified message no longer matches
> what the sender signed with their the DKIM key.

I'm pretty sure that won't be the case here - full disclosure, I used to 
run the Operations team at SMX and have a good understanding of their 
platform. Unlikely to be SPF (the envelope-sender for mailman traffic is 
rewritten) as SMX would reject an SPF failure outright.  DKIM also 
unlikely unless they've changed something since I left.  Most likely, 
the message body contains several parameters that were used as markers 
on a message that has been reported as spam in the past (classic is 
people who click on the 'report as spam' inside a Webmail UI, without 
considering the ramifications of doing so).

> On top of that, anyone using SPF will see the e-mail comes from a Linux
> Australia server which is not an authorized sender for that e-mail
> domain, so that will also cause the message to be flagged as spam as
> it looks no different to some compromised home PC sending spam from
> that e-mail address also.
See above; SPF doesn't trigger on the From: header, but instead on the 
envelope-sender (the MAIL FROM: line during the SMTP transaction).  The 
envelope-sender for Mailman traffic is set up as -bounces for the list, 
so that bounces are trapped and actioned correctly. You'll see this as 
the sender detail in the CSV I attached earlier.

*snip*

Mark.



More information about the linux-aus mailing list