SA Bugzilla – Bug 5316
Genuine Hotmail emails being marked highly due to FORGED_HOTMAIL_RCVD test.
Last modified: 2007-03-07 07:09:08 UTC
Hi, We are getting several reports here of people being sent genuine emails from Hotmail addresses and their emails marked as Spam & filtered accordingly due to the additional score from the FORGED_HOTMAIL_RCVD test. I understand that this has been reported previously but can't see a solution which would relate to our specific case. I have attached a message for your information along with the results of our spam score test. I hope you can help! Kind regards Nikki Doyle IT Support Officer ISSS - Computing Services Loughborough University
Created attachment 3845 [details] Headers or an email & spam test result for FORGED_HOTMAIL_RCVD problem. Thanks.
Your attachment is a Microsoft Word document :-( But I confirm what you find: most or all hotmail mail is marked with FORGED_HOTMAIL_RCVD these days. Maybe as a result of a restructuring in their network. X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on firewall. X-Spam-Level: ****** X-Spam-Status: Yes, score=6.2 required=4.0 tests=AWL,BAYES_99, DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,FORGED_HOTMAIL_RCVD, HTML_IMAGE_ONLY_08,HTML_MESSAGE,SPF_PASS autolearn=no version=3.1.7 X-Spam-Report: * -0.0 SPF_PASS SPF: sender matches SPF record * 2.3 FORGED_HOTMAIL_RCVD Forged hotmail.com 'Received:' header found * 0.0 HTML_MESSAGE BODY: HTML included in message * 3.1 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 0.9983] * 0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org * 0.2 DNS_FROM_RFC_POST RBL: Envelope sender in * postmaster.rfc-ignorant.org * -3.2 AWL AWL: From: address is in the auto white-list X-Envelope-From: <aaaaaaaaaaaa@hotmail.com> Received: from bay0-omc3-s41.bay0.hotmail.com ([65.54.246.241]) by xl with ESMTP id 1171032199-17249-1 for <mmmmmmmmmmmmmmm>; Fri, 09 Feb 2007 15:43:19 CET Received: from BAY106-W10 ([65.54.161.110]) by bay0-omc3-s41.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Fri, 9 Feb 2007 06:43:14 -0800
Created attachment 3877 [details] Another real Hotmail message tagged as forged Same problem, slightly different headers. I have a local rule that gives extra weight to anything claiming to be from Hotmail, but that's not related to this bug.
thanks for the working sample, John. with 3.2.0: Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 HTML_MESSAGE BODY: HTML included in message