Bug 5316 - Genuine Hotmail emails being marked highly due to FORGED_HOTMAIL_RCVD test.
Summary: Genuine Hotmail emails being marked highly due to FORGED_HOTMAIL_RCVD test.
Status: RESOLVED FIXED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (show other bugs)
Version: 3.1.7
Hardware: PC Linux
: P5 major
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-01-29 02:45 UTC by Nikki Doyle
Modified: 2007-03-07 07:09 UTC (History)
0 users


Attachment Type Modified Status Actions Submitter/CLA Status
Headers or an email & spam test result for FORGED_HOTMAIL_RCVD problem. application/msword None Nikki Doyle [NoCLA]
Another real Hotmail message tagged as forged message/rfc822 None John Levine [NoCLA]
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nikki Doyle 2007-01-29 02:45:43 UTC 
Hi,

We are getting several reports here of people being sent genuine emails from
Hotmail addresses and their emails marked as Spam & filtered accordingly due to
the additional score from the FORGED_HOTMAIL_RCVD test.

I understand that this has been reported previously but can't see a solution
which would relate to our specific case. I have attached a message for your
information along with the results of our spam score test.

I hope you can help!

Kind regards


Nikki Doyle
IT Support Officer
ISSS - Computing Services
Loughborough University
Comment 1 Nikki Doyle 2007-01-29 03:04:34 UTC 
Created attachment 3845 [details]
Headers or an email & spam test result for FORGED_HOTMAIL_RCVD problem.

Thanks.
Comment 2 Rob Janssen 2007-02-09 12:19:34 UTC 
Your attachment is a Microsoft Word document :-(

But I confirm what you find: most or all hotmail mail is marked with
FORGED_HOTMAIL_RCVD these days.  Maybe as a result of a restructuring in their
network.

X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on firewall.
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.2 required=4.0 tests=AWL,BAYES_99,
        DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,FORGED_HOTMAIL_RCVD,
        HTML_IMAGE_ONLY_08,HTML_MESSAGE,SPF_PASS autolearn=no version=3.1.7
X-Spam-Report:
        * -0.0 SPF_PASS SPF: sender matches SPF record
        *  2.3 FORGED_HOTMAIL_RCVD Forged hotmail.com 'Received:' header found
        *  0.0 HTML_MESSAGE BODY: HTML included in message
        *  3.1 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
        *  3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
        *      [score: 0.9983]
        *  0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org
        *  0.2 DNS_FROM_RFC_POST RBL: Envelope sender in
        *      postmaster.rfc-ignorant.org
        * -3.2 AWL AWL: From: address is in the auto white-list
X-Envelope-From: <aaaaaaaaaaaa@hotmail.com>
Received: from bay0-omc3-s41.bay0.hotmail.com ([65.54.246.241]) by xl with ESMTP
id 1171032199-17249-1 for <mmmmmmmmmmmmmmm>; Fri, 09 Feb 2007 15:43:19 CET
Received: from BAY106-W10 ([65.54.161.110]) by bay0-omc3-s41.bay0.hotmail.com
with Microsoft SMTPSVC(6.0.3790.2668); Fri, 9 Feb 2007 06:43:14 -0800
Comment 3 John Levine 2007-03-07 06:47:03 UTC 
Created attachment 3877 [details]
Another real Hotmail message tagged as forged

Same problem, slightly different headers. I have a local rule that gives extra
weight to anything claiming to be from Hotmail, but that's not related to this
bug.
Comment 4 Justin Mason 2007-03-07 07:09:08 UTC 
thanks for the working sample, John.

with 3.2.0:

Content analysis details:   (0.0 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 HTML_MESSAGE           BODY: HTML included in message