New and improved spam filters?

General discussions and other topics.

3 posts Page 1 of 1

New and improved spam filters?

by goetsch » Wed Sep 30, 2015 10:26 am

Okay, who's been messing with SpamAssassin configuration? Messages from two senders that I've been receiving stuff from since forever have all of a sudden landed in graymail today. One of them, admittedly a mailing list piece, just barely snuck up over the 5.0 default threshold, although it contains basically the same stuff as all the other ones, but the other one, from a actual human being, had an apparently new rule applied to it

10 SONIC_TOO_MANY_PROV Fake Yahoo/GMail Phishing

Granted, the sender made a bad choice in selecting their gmail user name--it ends in the digits "69"--but this has never been a problem until today. Yeah, I've gone in and whitelisted the address, but the last email I got from this sender only rated a -0.4. That's quite a jump in two weeks.

goetsch

Posts: 102

Joined: Tue Dec 18, 2012 8:05 pm

Location: Behind the Redwood Curtain

by goetsch » Wed Sep 30, 2015 10:32 am

Okay, now it's personal. I just sent myself an email from my gmail account--which does NOT include "69" in the user name--and it too gets the

10 SONIC_TOO_MANY_PROV Fake Yahoo/GMail Phishing

treatment. What say we dial this back a bit, kids....

goetsch

Posts: 102

Joined: Tue Dec 18, 2012 8:05 pm

Location: Behind the Redwood Curtain

by cdkeen » Wed Sep 30, 2015 2:26 pm

My sincerest apologies! I wrote a rule to try to help with a pattern in some of the phishing spam that we frequently deal with but I boggled the implementation pretty badly. That code has been refactored to correct this error, sorry for the inconvenience, and thanks for posting here!