Hi all,
I saw a bit higher spam level lately, I went to inspect the spam report inside the headers and found:
X-SPAM-LEVEL: Spam detection results: 2
BAYES_50 0.8 Bayes spam probability is 40 to 60%
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain
DMARC_PASS -0.1 DMARC pass policy
HTML_MESSAGE 0.001 HTML included in message
HTML_TAG_BALANCE_BODY 0.1 HTML has unbalanced "body" tags
RCVD_IN_MSPIKE_H2 0.001 Average reputation (+2)
RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS
SPF_HELO_PASS -0.001 SPF: HELO matches SPF record
SPF_PASS -0.001 SPF: sender matches SPF record
URIBL_ABUSE_SURBL 1.25 Contains an URL listed in the ABUSE SURBL blocklist [www.bubblyfogje.name,bubblyfogje.name]
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [bubblyfogje.name]
I can see that:
1 - queries to Validity are blocked
2 - queries to URIBL was blocked
the mail gateways are using internal caching DNS servers.
The email I took this from was clearly spam, seems one of those domains registered on purpose just to send spam.
Any suggestions?
TIA
Mike
I saw a bit higher spam level lately, I went to inspect the spam report inside the headers and found:
X-SPAM-LEVEL: Spam detection results: 2
BAYES_50 0.8 Bayes spam probability is 40 to 60%
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain
DMARC_PASS -0.1 DMARC pass policy
HTML_MESSAGE 0.001 HTML included in message
HTML_TAG_BALANCE_BODY 0.1 HTML has unbalanced "body" tags
RCVD_IN_MSPIKE_H2 0.001 Average reputation (+2)
RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS
SPF_HELO_PASS -0.001 SPF: HELO matches SPF record
SPF_PASS -0.001 SPF: sender matches SPF record
URIBL_ABUSE_SURBL 1.25 Contains an URL listed in the ABUSE SURBL blocklist [www.bubblyfogje.name,bubblyfogje.name]
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [bubblyfogje.name]
I can see that:
1 - queries to Validity are blocked
2 - queries to URIBL was blocked
the mail gateways are using internal caching DNS servers.
The email I took this from was clearly spam, seems one of those domains registered on purpose just to send spam.
Any suggestions?
TIA
Mike
Last edited: