Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.sys.acorn.misc > #6565
| From | Jeremy Nicoll - news posts <jn.nntp.scrap007@wingsandbeaks.org.uk> |
|---|---|
| Newsgroups | comp.sys.acorn.misc |
| Subject | Re: Spam? label |
| Date | 2012-09-15 21:42 +0100 |
| Message-ID | <mpro.maes7f004dma700vs@wingsandbeaks.org.uk.invalid> (permalink) |
| References | (16 earlier) <52cf2b7454graham@gjenkins.me.uk> <mpro.macxdq006gm6a031c@wingsandbeaks.org.uk.invalid> <52cf4120fagraham@gjenkins.me.uk> <mpro.mad0uq00952d7031c@wingsandbeaks.org.uk.invalid> <52cf8e3c40graham@gjenkins.me.uk> |
Graham Jenkins <graham@gjenkins.me.uk> wrote:
> OK. I've sent you 3 test mails.
They all arrived. None had "Spam" inserted in their subjects. All have
had some headers inserted by Purley as they left you. It seems to me that
they are all somewhat ambiguously marked, as
- not scanned and: not spam
with:
X-PurleyHosting-MailScanner: Not scanned: ...
X-Spam-Status: No
How can they tell something's not spam if they haven't scanned it? (Unless
" X-Spam-Status: No" doesn't mean "not spam".) But that's a side issue...
The "Test3" mail, from Pluto/Iyonix/POPstar to my newsreply---@wab address
has two "Received:" headers showing two hops. (I presume you know that
these show the machines a message passed through with the headers nearest
the top of the message being those inserted by the most recent machine
involved, which is the machine I fetched them from):
Received: from server1.spellings.net ([178.239.169.72])
by h.hopeless.aa.net.uk with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.72)
(envelope-from <graham@gjenkins.me.uk>)
id 1TCqUo-0005MO-Oq
for newsreply---@wingsandbeaks.org.uk; Sat, 15 Sep 2012 12:25:14 +0100
Received: from host81-155-130-95.range81-155.btcentralplus.com
([81.155.130.95]:49554 helo=Graham)
by server1.spellings.net with esmtp (Exim 4.77)
(envelope-from <graham@gjenkins.me.uk>)
id 1TCppD-0000Ge-2X
for newsreply---@wingsandbeaks.org.uk; Sat, 15 Sep 2012 11:42:11 +0100
So for example this shows first server1.spellings.net getting the message
from host81-155-130-95.range81-155.btcentralplus.com (which is presumably
your router or at least whatever it is connected to in the BT network), then
h.hopeless.aa.net.uk receiving the message from spellings.
It had these headers inserted by Purley:
X-PurleyHosting-MailScanner-Information: Please contact the ISP for more
information
X-PurleyHosting-MailScanner-ID: 1TCppD-0000Ge-2X
X-PurleyHosting-MailScanner: Not scanned: please contact your Internet
E-Mail Service Provider for details
X-PurleyHosting-MailScanner-SpamCheck:
X-PurleyHosting-MailScanner-From: graham@gjenkins.me.uk
X-Spam-Status: No
X-AntiAbuse: This header was added to track abuse, please include it with
any abuse report
X-AntiAbuse: Primary Hostname - server1.spellings.net
X-AntiAbuse: Original Domain - wingsandbeaks.org.uk
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - gjenkins.me.uk
but those do not seem to have spam-scanned the mail. On arrival at my mail
provider (Andrews & Arnold, aka A&A aka aa.net.uk) they inserted:
X-Spam-Report: Spam detection software, running on the system
"b.spamless.aa.net.uk", has
processed this message and it scored (-2.0 points).
pts rule name description
---- ----------------------
--------------------------------------------------
1.0 RCVD_IN_BRBL_RELAY RBL: received via a relay rated as poor by
Barracuda
[81.155.130.95 listed in
b.barracudacentral.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-3.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0017]
0.0 NO_VIRUS_FOUND There were no viruses found in this message by
ClamAV
which (a score of -2) comes nowhere close to regarding that mail as spam.
(I'm cautious and would require a score here of 10 to get something marked
as possible spam, and 50 to have it rejected.) Although the presence of
81.155.130.95 in BRBL is taken into account it didn't count for much.
The same mail sent to the other address I suggested went through three
machines:
Received: from mx4.nyi.mail.srv.osa ([10.202.2.203])
by compute6.internal (LMTPProxy); Sat, 15 Sep 2012 06:42:15 -0400
Received: from server1.spellings.net (server1.spellings.net
[178.239.169.72])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx4.messagingengine.com (Postfix) with ESMTPS id 4F862180D4D
for <jn.wb.gpn.----@letterboxes.org>; Sat, 15 Sep 2012 06:42:15 -0400 (EDT)
Received: from host81-155-130-95.range81-155.btcentralplus.com
([81.155.130.95]:49554 helo=Graham)
by server1.spellings.net with esmtp (Exim 4.77)
(envelope-from <graham@gjenkins.me.uk>)
id 1TCppD-0000Ge-B8
for jn.wb.gpn.----@letterboxes.org; Sat, 15 Sep 2012 11:42:11 +0100
and again Purley inserted some headers:
X-PurleyHosting-MailScanner-ID: 1TCppD-0000Ge-B8
X-PurleyHosting-MailScanner: Not scanned: please contact your Internet
E-Mail Service Provider for details
X-PurleyHosting-MailScanner-SpamCheck:
X-PurleyHosting-MailScanner-From: graham@gjenkins.me.uk
X-Remote-Spam-Status: No
X-AntiAbuse: This header was added to track abuse, please include it with
any abuse report
X-AntiAbuse: Primary Hostname - server1.spellings.net
X-AntiAbuse: Original Domain - letterboxes.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - gjenkins.me.uk
The extra headers for potential spam-scoring, if that's what they are, are
simple:
X-Truedomain-Domain: gjenkins.me.uk
X-Truedomain-SPF: Pass
X-Truedomain-DKIM: No Signature
X-Truedomain-ID: 8A8949F08CAEBD89CB55D42225487D78
X-Truedomain: Neutral
With this mail provider I'm not totally certain that a spammy mail would
necessarily have been delivered to me, so I logged into their server and
checked no spam or junk mails were being held for my inspection. If for
example they reject incoming mails they send me an email saying they've done
so.)
The "Test 4" mail which you sent from OE on your laptop to my
newsreply----@wab address had:
The same two machines involved:
Received: from server1.spellings.net ([178.239.169.72])
by g.hopeless.aa.net.uk with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.72)
(envelope-from <graham@gjenkins.me.uk>)
id 1TCqVM-0000H6-Bz
for newsreply---@wingsandbeaks.org.uk; Sat, 15 Sep 2012 12:25:45 +0100
Received: from host81-155-130-95.range81-155.btcentralplus.com
([81.155.130.95]:2287 helo=Glap)
by server1.spellings.net with smtp (Exim 4.77)
(envelope-from <graham@gjenkins.me.uk>)
id 1TCppL-0000HG-6G
for newsreply---@wingsandbeaks.org.uk; Sat, 15 Sep 2012 11:42:19 +0100
The same set of headers inserted by Purley:
X-PurleyHosting-MailScanner-Information: Please contact the ISP for more
information
X-PurleyHosting-MailScanner-ID: 1TCppL-0000HG-6G
X-PurleyHosting-MailScanner: Not scanned: please contact your Internet
E-Mail Service Provider for details
X-PurleyHosting-MailScanner-SpamCheck:
X-PurleyHosting-MailScanner-From: graham@gjenkins.me.uk
X-Spam-Status: No
X-AntiAbuse: This header was added to track abuse, please include it with
any abuse report
X-AntiAbuse: Primary Hostname - server1.spellings.net
X-AntiAbuse: Original Domain - wingsandbeaks.org.uk
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - gjenkins.me.uk
Interestingly my wingsandbeaks provider scored this one differently as it
arrived for me, still not enough to mark as spam, but a higher score than
the plain text from Pluto:
X-Spam-Report: Spam detection software, running on the system
"f.spamless.aaisp.net.uk", has
processed this message and it scored (4.0 points).
pts rule name description
---- ----------------------
--------------------------------------------------
0.4 STOX_REPLY_TYPE STOX_REPLY_TYPE
1.0 RCVD_IN_BRBL_RELAY RBL: received via a relay rated as poor by
Barracuda
[81.155.130.95 listed in
b.barracudacentral.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.4998]
1.8 STOX_REPLY_TYPE_WITHOUT_QUOTES STOX_REPLY_TYPE_WITHOUT_QUOTES
The Pluto one had the 1.0 RCVD_IN_BRBL_RELAY score, but also -3 from its
Bayes probability, but this message has scored +3.8 more from Bayes, and I
don't know why.
I note that the spam checking was done by different machines at my mail
provider - the Pluto mail was examined by a server named
"b.spamless.aa.net.uk" while this one was looked at by
"f.spamless.aaisp.net.uk" but don't know how much difference that can/should
make. It might just mean that basing any spam score on Bayesian
interpretation of such short messages is unreliable.
The STOX_REPLY_TYPE bit means that in the OE-inserted header
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
the last bit "reply-type=original" is meaningless (in terms of the MIME
standards for content-type).
The STOX_REPLY_TYPE_WITHOUT_QUOTES I'm having difficulty finding out about,
but I found one hit which implies that it's a conflict between the
"reply-type" part of the content-type and the fact that neither the subject
line in the mail starts with "Re:" or "Fw:" nor is there any quoted text in
the body of the mail. In other words it really doesn't look like a reply
even though the headers say it is one.
If the message really was a reply I'd have expected to see "In-reply-to:" &
"References:" headers in the mail too, but maybe they're absent if you at
some stage created Test4 by replying to something with no message-id in it.
--
Jeremy C B Nicoll - my opinions are my own.
Email sent to my from-address will be deleted. Instead, please reply
to newsreplyaaa@wingsandbeaks.org.uk replacing "aaa" by "284".
Back to comp.sys.acorn.misc | Previous | Next — Previous in thread | Next in thread | Find similar
Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-12 10:31 +0100
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-12 11:16 +0100
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-12 15:11 +0100
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-12 16:17 +0100
Re: Spam? label Steve Fryatt <news@stevefryatt.org.uk> - 2012-09-12 19:04 +0100
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-12 20:10 +0100
Re: Spam? label Neil Spellings <neil@spellings.net> - 2012-09-13 06:47 +0100
Re: Spam? label Chris Evans <chris@cjemicros.co.uk> - 2012-09-13 09:29 +0100
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-13 10:39 +0100
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-13 11:30 +0100
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-13 18:48 +0100
Re: Spam? label Steve Fryatt <news@stevefryatt.org.uk> - 2012-09-13 20:40 +0100
Re: Spam? label spampling <spam.pling@btinternet.com> - 2012-09-14 08:01 +0100
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-14 11:26 +0100
Re: Spam? label Alan Wrigley <spamhater@keepyourfilthyspamtoyourself.co.uk> - 2012-09-14 11:45 +0100
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-14 13:51 +0100
Re: Spam? label "John Williams (News)" <UCEbin@tiscali.co.uk> - 2012-09-14 15:04 +0200
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-14 15:00 +0100
Re: Spam? label Steve Fryatt <news@stevefryatt.org.uk> - 2012-09-15 21:01 +0100
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-14 14:14 +0100
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-14 15:01 +0100
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-14 15:36 +0100
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-14 13:55 +0100
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-14 14:44 +0100
Re: Spam? label Alan Wrigley <spamhater@keepyourfilthyspamtoyourself.co.uk> - 2012-09-14 15:11 +0100
Re: Spam? label Alan Wrigley <spamhater@keepyourfilthyspamtoyourself.co.uk> - 2012-09-14 15:45 +0100
Re: Spam? label Alan Wrigley <spamhater@keepyourfilthyspamtoyourself.co.uk> - 2012-09-14 15:53 +0100
Re: Spam? label Alan Wrigley <spamhater@keepyourfilthyspamtoyourself.co.uk> - 2012-09-14 16:23 +0100
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-14 16:59 +0100
Re: Spam? label Alan Wrigley <spamhater@keepyourfilthyspamtoyourself.co.uk> - 2012-09-14 17:15 +0100
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-14 17:55 +0100
Re: Spam? label Alan Wrigley <spamhater@keepyourfilthyspamtoyourself.co.uk> - 2012-09-14 18:11 +0100
Re: Spam? label Jeremy Nicoll - news posts <jn.nntp.scrap007@wingsandbeaks.org.uk> - 2012-09-14 21:39 +0100
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-14 21:51 +0100
Re: Spam? label Jeremy Nicoll - news posts <jn.nntp.scrap007@wingsandbeaks.org.uk> - 2012-09-14 22:54 +0100
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-15 11:53 +0100
Re: Spam? label Jeremy Nicoll - news posts <jn.nntp.scrap007@wingsandbeaks.org.uk> - 2012-09-15 21:42 +0100
Re: Spam? label Alan Wrigley <spamhater@keepyourfilthyspamtoyourself.co.uk> - 2012-09-15 22:05 +0100
Re: Spam? label Jeremy Nicoll - news posts <jn.nntp.scrap007@wingsandbeaks.org.uk> - 2012-09-15 22:08 +0100
Re: Spam? label Alan Wrigley <spamhater@keepyourfilthyspamtoyourself.co.uk> - 2012-09-15 22:15 +0100
Re: Spam? label Jeremy Nicoll - news posts <jn.nntp.scrap007@wingsandbeaks.org.uk> - 2012-09-15 22:24 +0100
Re: Spam? label Alan Wrigley <spamhater@keepyourfilthyspamtoyourself.co.uk> - 2012-09-16 08:44 +0100
Re: Spam? label - my response to GJ's 3 test mails Jeremy Nicoll - news posts <jn.nntp.scrap007@wingsandbeaks.org.uk> - 2012-09-15 22:58 +0100
Re: Spam? label - my response to GJ's 3 test mails Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-16 11:05 +0100
Re: Spam? label - my response to GJ's 3 test mails Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-18 07:59 +0100
Re: Spam? label - my response to GJ's 3 test mails Jeremy Nicoll - news posts <jn.nntp.scrap007@wingsandbeaks.org.uk> - 2012-09-18 12:09 +0100
Re: Spam? label druck <news@druck.org.uk> - 2012-09-16 17:41 +0100
Re: Spam? label Alan Wrigley <spamhater@keepyourfilthyspamtoyourself.co.uk> - 2012-09-15 09:19 +0100
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-15 12:04 +0100
Re: Spam? label Alan Wrigley <spamhater@keepyourfilthyspamtoyourself.co.uk> - 2012-09-15 13:41 +0100
Re: Spam? label Alan Wrigley <spamhater@keepyourfilthyspamtoyourself.co.uk> - 2012-09-15 13:56 +0100
Re: Spam? label Stuart <Spambin@argonet.co.uk> - 2012-09-15 17:56 +0100
Re: Spam? label Steve Fryatt <news@stevefryatt.org.uk> - 2012-09-15 20:53 +0100
Re: Spam? label Stuart <Spambin@argonet.co.uk> - 2012-09-15 21:23 +0100
Re: Spam? label Stuart <Spambin@argonet.co.uk> - 2012-09-14 23:06 +0100
Re: Spam? label spampling <spam.pling@btinternet.com> - 2012-09-16 08:44 +0100
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-14 18:39 +0100
Re: Spam? label Alan Wrigley <spamhater@keepyourfilthyspamtoyourself.co.uk> - 2012-09-15 13:49 +0100
Re: Spam? label Stuart <Spambin@argonet.co.uk> - 2012-09-14 19:02 +0100
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-14 20:05 +0100
Re: Spam? label Stuart <Spambin@argonet.co.uk> - 2012-09-14 20:26 +0100
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-14 20:49 +0100
Re: Spam? label Neil Spellings <neil@spellings.net> - 2012-09-14 19:12 +0100
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-14 16:23 +0100
Re: Spam? label Alan Wrigley <spamhater@keepyourfilthyspamtoyourself.co.uk> - 2012-09-14 16:46 +0100
Re: Spam? label Neil Spellings <neil@spellings.net> - 2012-09-14 19:18 +0100
Re: Spam? label druck <news@druck.org.uk> - 2012-09-14 19:38 +0100
Re: Spam? label Jeremy Nicoll - news posts <jn.nntp.scrap007@wingsandbeaks.org.uk> - 2012-09-16 16:43 +0100
Re: Spam? label Paul Sprangers <Paul@sprie.nl> - 2012-09-12 12:20 +0200
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-12 15:20 +0100
Re: Spam? label Jeremy Nicoll - news posts <jn.nntp.scrap007@wingsandbeaks.org.uk> - 2012-09-12 17:26 +0100
Re: Spam? label Kevin Wells <kev@kevsoft.co.uk> - 2012-09-12 18:03 +0100
Re: Spam? label Tim Hill <tim@invalid.org.uk> - 2012-09-22 17:05 +0100
Re: Spam? label Stuart <Spambin@argonet.co.uk> - 2012-09-12 11:32 +0100
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-12 12:31 +0100
Re: Spam? label Neil Spellings <neil@spellings.net> - 2012-09-13 06:23 +0100
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-13 08:40 +0100
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-13 22:53 +0100
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-12 15:15 +0100
Re: Spam? label Jeremy Nicoll - news posts <jn.nntp.scrap007@wingsandbeaks.org.uk> - 2012-09-12 17:07 +0100
Re: Spam? label charles <charles@charleshope.demon.co.uk> - 2012-09-12 14:43 +0100
Re: Spam? label Jim Nagel <jimnewsm10d@abbeypress.co.uk> - 2012-09-12 15:33 +0100
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-12 17:42 +0100
Re: Spam? label spampling <spam.pling@btinternet.com> - 2012-09-12 17:42 +0100
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-12 18:36 +0100
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-12 19:14 +0100
Re: Spam? label Chris Johnson <chrisjohnson+news@spamcop.net> - 2012-09-12 20:13 +0100
Re: Spam? label Graham Jenkins <graham@gjenkins.me.uk> - 2012-09-12 20:54 +0100
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-12 21:07 +0100
Re: Spam? label Neil Spellings <neil@spellings.net> - 2012-09-13 06:49 +0100
Re: Spam? label Steve Fryatt <news@stevefryatt.org.uk> - 2012-09-12 21:52 +0100
Re: Spam? label Neil Spellings <neil@spellings.net> - 2012-09-13 06:27 +0100
Re: Spam? label "Rob Hemmings (news2)" <robnews@rgvk.co.uk> - 2012-09-13 19:08 +0100
Re: Spam? label Steve Fryatt <news@stevefryatt.org.uk> - 2012-09-13 20:54 +0100
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-13 22:43 +0100
Re: Spam? label "Rob Hemmings (news2)" <robnews@rgvk.co.uk> - 2012-09-14 12:41 +0100
Re: Spam? label spampling <spam.pling@btinternet.com> - 2012-09-14 08:05 +0100
Re: Spam? label Russell Hafter News <see.sig@walkingingermany.invalid> - 2012-09-14 10:07 +0100
Re: Spam? label Steve Fryatt <news@stevefryatt.org.uk> - 2012-09-13 20:25 +0100
csiph-web