Results 1 to 4 of 4

Thread: Spam detection software has identified this incoming email as possible spam

  1. #1
    Join Date
    Jan 2018
    Posts
    5

    Spam detection software has identified this incoming email as possible spam

    Hi all,

    On our DirectAdmin servers I'm getting reports (since today) that mail is marked as spam, which it isn't. It from user1@adomain.com to user2@adomain.com (so from and to the same domain). I attach the analysis details of 2 of these messages.

    Message 1:
    Code:
    Content analysis details:   (6.9 points, 3.0 required)
    
    pts rule name              description
    ---- ---------------------- --------------------------------------------------
    0.0 FSL_HELO_NON_FQDN_1    No description available.
    0.0 TVD_RCVD_IP            Message was received from an IP address
    0.0 T_SPF_TEMPERROR        SPF: test of record failed (temperror)
    0.0 HTML_MESSAGE           BODY: HTML included in message
    0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
                               background
    2.5 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam
                               (FTSDMCXX/boundary variant) direct-to-MX
    0.2 SHORT_HELO_AND_INLINE_IMAGE Short HELO string, with inline image
    0.4 RDNS_DYNAMIC           Delivered to internal network by host with
                               dynamic-looking rDNS
    1.3 DYN_RDNS_AND_INLINE_IMAGE Contains image, and was sent by dynamic
                               rDNS
    0.0 DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and HTML
    2.5 DYN_RDNS_SHORT_HELO_IMAGE Short HELO string, dynamic rDNS, inline
                               image
    
    The original message was not completely plain text, and may be unsafe to
    open with some email clients; in particular, it may contain a virus,
    or confirm that your address can receive spam.  If you wish to view
    it, it may be safer to save it to a file and open it with an editor.
    Message 2:
    Code:
    Content analysis details:   (6.0 points, 3.0 required)
    
    pts rule name              description
    ---- ---------------------- --------------------------------------------------
    0.0 FSL_HELO_NON_FQDN_1    No description available.
    0.0 TVD_RCVD_IP            Message was received from an IP address
    0.0 T_SPF_TEMPERROR        SPF: test of record failed (temperror)
    0.0 HTML_MESSAGE           BODY: HTML included in message
    1.6 HTML_IMAGE_ONLY_12     BODY: HTML: images with 800-1200 bytes of words
    0.2 SHORT_HELO_AND_INLINE_IMAGE Short HELO string, with inline image
    0.4 RDNS_DYNAMIC           Delivered to internal network by host with
                               dynamic-looking rDNS
    1.3 DYN_RDNS_AND_INLINE_IMAGE Contains image, and was sent by dynamic
                               rDNS
    0.0 DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and HTML
    2.5 DYN_RDNS_SHORT_HELO_IMAGE Short HELO string, dynamic rDNS, inline
                               image
    
    The original message was not completely plain text, and may be unsafe to
    open with some email clients; in particular, it may contain a virus,
    or confirm that your address can receive spam.  If you wish to view
    it, it may be safer to save it to a file and open it with an editor.
    This server has a static IP, is not on any blacklist and spf, dkim and dmarc for the domains are properly configured.

    In one of the messages there are 2 smilies (which are images) but overall I don't see anything strange at the content.

    Any ideas?

  2. #2
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,482
    Hello,

    SpamAssassin does not give less scores to SPAM emails even if they are delivered within one and the same domain.

    Check the rule name which got the highest scores and real SpamAssassin official wiki for more details to understand what are they about. It will help you. If you don't want to spend time learning the things you can go a simple way and whitelist your domain in your server, i.t. SpamAssassin section and/or global white lists under /etc/virtual/

  3. #3
    Join Date
    Jan 2018
    Posts
    5
    Hi zEitEr,

    I did some checking before posting and couldn't find a proper explanation for these specific high scores. Also, the messages look fine to me. Maybe the direct-to-MX is more clear now after some more googling, but this is not doable for remote clients (using an ISPs SMTP server instead of the DirectAdmin server).

    I'll do some more digging. Thanks anyway.

    Kind regards,
    iodisiciple

  4. #4
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,482
    Check your emails with https://mail-tester.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •