Mailing List Archive

Question about whitelisting of naadac.org
Hi All,

The company naadac.org is experiencing problems with their e-mails being marked as SPAM, when they are putting link to their domain www.naadac.org<http://www.naadac.org> in the signature of their mails.
Is it possible to whitelist this domain/link in your SPAM filtering?
Results from the mail-tester.com tool are available below:

[cid:image001.png@01D78EFB.CD78CAE0]
Kind Regards
Lukas

Ricoh Europe Holdings PLC is a company registered in England, under company number 06273215, with a registered office at 20 Triton Street, London, NW1 3BF. The UK business of Ricoh Europe Holdings PLC is operated by: (i) Ricoh Europe PLC, a company registered in England under company number 00720944, with a registered office at 20 Triton Street, London, NW1 3BF; (ii) Ricoh UK Limited, a company registered in England under company number 01271033, with a registered office at Ricoh House, 800 Pavilion Drive, Northampton, NN4 7YL; and (iii) Ricoh Capital Limited, a company registered in England under company number 03001351, with a registered office at 20 Triton Street, London, NW1 3BF Please consider the environment before printing this e-mail
Re: Question about whitelisting of naadac.org [ In reply to ]
--On Wednesday, August 11, 2021 8:57 PM +0000 Lukasz Maik
<Lukasz.Maik@ricoh-europe.com> wrote:

> The company naadac.org is experiencing problems with their e-mails being
> marked as SPAM, when they are putting link to their domain
> www.naadac.org<http://www.naadac.org> in the signature of their mails. Is
> it possible to whitelist this domain/link in your SPAM filtering? Results
> from the mail-tester.com tool are available below:

You should copy/paste the text of the report, not a screen capture.

According to the image, your domain and/or its A record are in the SBL
blocklist. So you need to find out why and go fix that.

<https://www.spamhaus.org/sbl/>
Re: Question about whitelisting of naadac.org [ In reply to ]
On Wed, 11 Aug 2021, Lukasz Maik wrote:

> Hi All,
>
> The company naadac.org is experiencing problems with their e-mails being
> marked as SPAM, when they are putting link to their domain
> www.naadac.org in the signature of their mails.
>
> Is it possible to whitelist this domain/link in your SPAM filtering?
> Results from the mail-tester.com tool are available below:
>
> [cid:image001.png@01D78EFB.CD78CAE0]

0.644 points is not sufficient to mark a message as spam using the default
scoring, and isn't worth hitting the panic button. If it's being marked as
spam by some recipients, there are other reason(s). Is this analysis the
only thing you are basing your analysis on?

As Kenneth said, contact Spamhaus regarding why that domain is listed.

In order to offer more advice, we would have to see the results from a
site that is actually marking such a message as spam (i.e. where it's
scoring 5 or more points).

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The difference between ignorance and stupidity is that the stupid
desire to remain ignorant. -- Jim Bacon
-----------------------------------------------------------------------
Tomorrow: the 900th anniversary of the muslim Seljuq defeat at Didgori
Re: Question about whitelisting of naadac.org [ In reply to ]
On Wed, 2021-08-11 at 20:43 -0700, John Hardin wrote:
> As Kenneth said, contact Spamhaus regarding why that domain is listed.
>
>
I took a look at it with a text-mode web browser, Lynx, thats too simple
to try to process nastys and with all cookies disabled. It looked more
than slightly suspect to me - AFAICT entries in its top-level menu link
only to a recursive chain of identical top-level menus.

It reminded me of nothing so much as the mazes in Colossal Cavern and
their 'little twisty passages which all look the same' - and built the
same way too!

My bottom line take - a useless URL that deserves to be listed.


Martin
RE: Question about whitelisting of naadac.org [ In reply to ]
Dear John,

Sure, please find full tests results here: https://www.mail-tester.com/test-bw02eaxrt

We've lost a point for not having DKIM/DMARC authentication, which is unfortunately not supported by our hosted exchange.
We also lost 0.5 point for not having alt attribute in the images, so we will add it.
Total is 7.8/10.

The problem, when user is sending normal work e-mails, recipients are finding those messages in the Junk Email folder. Even people with who he was previously working before.

Kind Regards
Lukas

-----Original Message-----
From: John Hardin <jhardin@impsec.org>
Sent: Thursday, August 12, 2021 5:43 AM
To: users@spamassassin.apache.org
Subject: Re: Question about whitelisting of naadac.org

This message was sent from an external source. Please be careful opening attachments/links or replying to sources you don't know.

On Wed, 11 Aug 2021, Lukasz Maik wrote:

> Hi All,
>
> The company naadac.org is experiencing problems with their e-mails
> being marked as SPAM, when they are putting link to their domain
> https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.naadac.org%2F&amp;data=04%7C01%7CLukasz.Maik%40ricoh-europe.com%7Cd9ba04e2fffa42bd4b1b08d95d435fec%7Cdd29478d624e429eb453fffc969ac768%7C0%7C0%7C637643367114945933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=IkcJvzYcpJvlUWr3l%2FzGbvD3IbSSaeia66LNwTjOj60%3D&amp;reserved=0 in the signature of their mails.
>
> Is it possible to whitelist this domain/link in your SPAM filtering?
> Results from the mail-tester.com tool are available below:
>
> [cid:image001.png@01D78EFB.CD78CAE0]

0.644 points is not sufficient to mark a message as spam using the default scoring, and isn't worth hitting the panic button. If it's being marked as spam by some recipients, there are other reason(s). Is this analysis the only thing you are basing your analysis on?

As Kenneth said, contact Spamhaus regarding why that domain is listed.

In order to offer more advice, we would have to see the results from a site that is actually marking such a message as spam (i.e. where it's scoring 5 or more points).

--
John Hardin KA7OHZ https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.impsec.org%2F~jhardin%2F&amp;data=04%7C01%7CLukasz.Maik%40ricoh-europe.com%7Cd9ba04e2fffa42bd4b1b08d95d435fec%7Cdd29478d624e429eb453fffc969ac768%7C0%7C0%7C637643367114945933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=99khbdmpdLV%2BpMuWur8MkrCcd2dzn5qr02xBSWC7GH8%3D&amp;reserved=0
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The difference between ignorance and stupidity is that the stupid
desire to remain ignorant. -- Jim Bacon
-----------------------------------------------------------------------
Tomorrow: the 900th anniversary of the muslim Seljuq defeat at Didgori
Ricoh Europe Holdings PLC is a company registered in England, under company number 06273215, with a registered office at 20 Triton Street, London, NW1 3BF. The UK business of Ricoh Europe Holdings PLC is operated by: (i) Ricoh Europe PLC, a company registered in England under company number 00720944, with a registered office at 20 Triton Street, London, NW1 3BF; (ii) Ricoh UK Limited, a company registered in England under company number 01271033, with a registered office at Ricoh House, 800 Pavilion Drive, Northampton, NN4 7YL; and (iii) Ricoh Capital Limited, a company registered in England under company number 03001351, with a registered office at 20 Triton Street, London, NW1 3BF Please consider the environment before printing this e-mail
Re: Question about whitelisting of naadac.org [ In reply to ]
Lukasz Maik <Lukasz.Maik@ricoh-europe.com> writes:

[.not sure what the relationship of ricoh-europe is to a US .org is]

> Sure, please find full tests results here: https://www.mail-tester.com/test-bw02eaxrt
>
> We've lost a point for not having DKIM/DMARC authentication, which is unfortunately not supported by our hosted exchange.
> We also lost 0.5 point for not having alt attribute in the images, so we will add it.
> Total is 7.8/10.
>
> The problem, when user is sending normal work e-mails, recipients are
> finding those messages in the Junk Email folder. Even people with who
> he was previously working before.

I'm not sure anybody said this yet, but: spamassassin the project is not
going to add your domain to a whitelist because you are having problems
with how others sort your mail. As I understand it, the project would
only consider that sot of addition for domains that are 1) really known
to send pretty much zero spam and 2) users of spamassassin are
inconvenienced by what they perceive as incorrect tagging as spam.
Note that this is very different from senders being unhappy about how
recipients tag the messages.

Reading the test report, I see that you have a URL in SBL

This domain has two hits in rfc-clueless

https://multirbl.valli.org/lookup/naadac.org.html

and the outgoing IP address is

208.70.208.232 Spam Grouper Net block list


So basically you (they?) need to clean up all the issues. That may
involve finding a mail host that doesn't do business with spammers and
whose IP addresses are not in DNSBLs.


Also, if you are bothered by recipient filtering decisions, you need to
ask the recipients what filtering they are doing and why they sorted how
they did. That's up to them, not the spamassassin project.

It may be that they have no idea and are uncooperative. I have had
problems with yahoo misfiling mail, and found the experience of asking
them about it not to be useful. So it is possible that your recipients
should get a different email provider.



You might also remove URLS to social media. They have privacy policies
which are inconsistent with addiction treatment anyway.
Re: Question about whitelisting of naadac.org [ In reply to ]
Hi Lukasz,

The Spamassassin score looks reasonable. If mail-tester uses anything
similar to a stock Spamassassin setup, then you should be safe and
spamassassin will not be the cause of your delivery problems.
Whitelisting a somewhat arbitrary URL will not solve your problem.

Of course, it could be that certain recipients of your customer have
setup additional Spamassasin rules, tuned their setup to raise some
penalties, or added additional filtering (outside of SA) to their
mailstack that results in a different conclusion. You cannot be sure
unless you ask the mail-admin of those customers.

So you need to get in touch with them, not with the SA community (but as
you can see, we're happy to point you in the correct direction ;-> ).

Kind regards,
Tom

On 12-08-2021 22:16, Lukasz Maik wrote:
> Dear John,
>
> Sure, please find full tests results here:
> https://www.mail-tester.com/test-bw02eaxrt
>
> We've lost a point for not having DKIM/DMARC authentication, which is
> unfortunately not supported by our hosted exchange. We also lost 0.5
> point for not having alt attribute in the images, so we will add it.
> Total is 7.8/10.
>
> The problem, when user is sending normal work e-mails, recipients are
> finding those messages in the Junk Email folder. Even people with who
> he was previously working before.
>
> Kind Regards Lukas
>
> -----Original Message----- From: John Hardin <jhardin@impsec.org>
> Sent: Thursday, August 12, 2021 5:43 AM To:
> users@spamassassin.apache.org Subject: Re: Question about
> whitelisting of naadac.org
>
> This message was sent from an external source. Please be careful
> opening attachments/links or replying to sources you don't know.
>
> On Wed, 11 Aug 2021, Lukasz Maik wrote:
>
>> Hi All,
>>
>> The company naadac.org is experiencing problems with their e-mails
>> being marked as SPAM, when they are putting link to their domain
>> https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.naadac.org%2F&amp;data=04%7C01%7CLukasz.Maik%40ricoh-europe.com%7Cd9ba04e2fffa42bd4b1b08d95d435fec%7Cdd29478d624e429eb453fffc969ac768%7C0%7C0%7C637643367114945933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=IkcJvzYcpJvlUWr3l%2FzGbvD3IbSSaeia66LNwTjOj60%3D&amp;reserved=0
>> in the signature of their mails.
>>
>> Is it possible to whitelist this domain/link in your SPAM
>> filtering? Results from the mail-tester.com tool are available
>> below:
>>
>> [cid:image001.png@01D78EFB.CD78CAE0]
>
> 0.644 points is not sufficient to mark a message as spam using the
> default scoring, and isn't worth hitting the panic button. If it's
> being marked as spam by some recipients, there are other reason(s).
> Is this analysis the only thing you are basing your analysis on?
>
> As Kenneth said, contact Spamhaus regarding why that domain is
> listed.
>
> In order to offer more advice, we would have to see the results from
> a site that is actually marking such a message as spam (i.e. where
> it's scoring 5 or more points).
>
> -- John Hardin KA7OHZ
> https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.impsec.org%2F~jhardin%2F&amp;data=04%7C01%7CLukasz.Maik%40ricoh-europe.com%7Cd9ba04e2fffa42bd4b1b08d95d435fec%7Cdd29478d624e429eb453fffc969ac768%7C0%7C0%7C637643367114945933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=99khbdmpdLV%2BpMuWur8MkrCcd2dzn5qr02xBSWC7GH8%3D&amp;reserved=0
>
>
jhardin@impsec.org pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873
> 2E79
> -----------------------------------------------------------------------
>
>
The difference between ignorance and stupidity is that the stupid
> desire to remain ignorant. -- Jim Bacon
> -----------------------------------------------------------------------
>
>
Tomorrow: the 900th anniversary of the muslim Seljuq defeat at Didgori
> Ricoh Europe Holdings PLC is a company registered in England, under
> company number 06273215, with a registered office at 20 Triton
> Street, London, NW1 3BF. The UK business of Ricoh Europe Holdings PLC
> is operated by: (i) Ricoh Europe PLC, a company registered in England
> under company number 00720944, with a registered office at 20 Triton
> Street, London, NW1 3BF; (ii) Ricoh UK Limited, a company registered
> in England under company number 01271033, with a registered office at
> Ricoh House, 800 Pavilion Drive, Northampton, NN4 7YL; and (iii)
> Ricoh Capital Limited, a company registered in England under company
> number 03001351, with a registered office at 20 Triton Street,
> London, NW1 3BF Please consider the environment before printing this
> e-mail
>
Re: Question about whitelisting of naadac.org [ In reply to ]
On 2021-08-12 at 16:16:21 UTC-0400 (Thu, 12 Aug 2021 20:16:21 +0000)
Lukasz Maik <Lukasz.Maik@ricoh-europe.com>
is rumored to have said:

> Dear John,
>
> Sure, please find full tests results here:
> https://www.mail-tester.com/test-bw02eaxrt

That website is not in any way authoritative, misrerpresents
SpamAssassin scores, is running an obsolete version of SpamAssassin, and
seems to be *INCORRECTLY* claiming that some hostname in an URI in the
message resolves to an IP listed in Spamhaus' SBL. Checking the message
as provided on that page against a current SpamAssassin deployment does
not show hits on URIBL_SBL or URIBL_SBL_A, and manual checks of
www.naadac.org and naadac.org confirm that they are NOT LISTED. If you
show the "source" of the test message on that page, you will note that
it shows a hit on the rule named URIBL_BLOCKED, which indicates a gross
misconfiguration of SpamAssassin and is probably responsible for the
bogus URIBL_SBL and URIBL_SBL_A hits.

IN SHORT: mail-tester.com is a garbage site providing garbage results.
No one should trust it for anything.

> We've lost a point for not having DKIM/DMARC authentication, which is
> unfortunately not supported by our hosted exchange.

That is a far more likely cause for delivery problems than anything
else. There is no excuse for any commercial mail provider to not offer
it to their hosted customers.

> We also lost 0.5 point for not having alt attribute in the images, so
> we will add it.
> Total is 7.8/10.

Note that the number on the mail-tester.com site is an invention of
mail-tester.com, an organization that can't even be bothered to keep
their SpamAssassin installation updated or to have the needed recursive
DNS resolver for SA to use. That "Total" is meaningless. The points
allotted for each element are arbitrary and basically meaningless.


> The problem, when user is sending normal work e-mails, recipients are
> finding those messages in the Junk Email folder. Even people with who
> he was previously working before.

That has nothing to do with SpamAssassin. No reasonable SpamAssassin
deployment would score the message shown on that test page anywhere near
the standard spam threshold (5.0). SpamAssassin is not involved in how
any receiving sites choose to deliver mail, all SpamAssassin does is
provide a score. In this case that score is essentially zero, provided
SA is not misconfigured.



--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
RE: Question about whitelisting of naadac.org [ In reply to ]
On Thu, 12 Aug 2021, Lukasz Maik wrote:

> Dear John,
>
> Sure, please find full tests results here: https://www.mail-tester.com/test-bw02eaxrt
>
> We've lost a point for not having DKIM/DMARC authentication, which is unfortunately not supported by our hosted exchange.

That's not something SA scores for.

> We also lost 0.5 point for not having alt attribute in the images, so we will add it.

That's also not something SA scores for. The above problems are things
mail-tester thinks you can do to improve your message, independent of
whatever SA thinks of it.

The net SA score for that test message is 0.644 points, which is well
under the default spam threshold of 5 points.

This is in the headers in that test message:

X-Spam-Status: No/0.7/5.0

"No".

I agree with Bill's comments regarding www.mail-tester.com, and echo that
"www.naadac.org" is not listed at SBL.

> Total is 7.8/10.

Meaningless.

> The problem, when user is sending normal work e-mails, recipients are
> finding those messages in the Junk Email folder. Even people with who he
> was previously working before.

If we could see one of *those* mails (which was quarantined in a
production environment versus analyzed in a misconfigured and stale
theoretical environment), with all headers intact (<- this is important),
then we might be able to tell you why it ended up there.


> Kind Regards
> Lukas
>
> -----Original Message-----
> From: John Hardin <jhardin@impsec.org>
> Sent: Thursday, August 12, 2021 5:43 AM
> To: users@spamassassin.apache.org
> Subject: Re: Question about whitelisting of naadac.org
>
> On Wed, 11 Aug 2021, Lukasz Maik wrote:
>
>> Hi All,
>>
>> The company naadac.org is experiencing problems with their e-mails
>> being marked as SPAM, when they are putting link to their domain
>> https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.naadac.org%2F&amp;data=04%7C01%7CLukasz.Maik%40ricoh-europe.com%7Cd9ba04e2fffa42bd4b1b08d95d435fec%7Cdd29478d624e429eb453fffc969ac768%7C0%7C0%7C637643367114945933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=IkcJvzYcpJvlUWr3l%2FzGbvD3IbSSaeia66LNwTjOj60%3D&amp;reserved=0 in the signature of their mails.
>>
>> Is it possible to whitelist this domain/link in your SPAM filtering?
>> Results from the mail-tester.com tool are available below:
>>
>> [cid:image001.png@01D78EFB.CD78CAE0]
>
> 0.644 points is not sufficient to mark a message as spam using the default scoring, and isn't worth hitting the panic button. If it's being marked as spam by some recipients, there are other reason(s). Is this analysis the only thing you are basing your analysis on?
>
> As Kenneth said, contact Spamhaus regarding why that domain is listed.
>
> In order to offer more advice, we would have to see the results from a site that is actually marking such a message as spam (i.e. where it's scoring 5 or more points).

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...every time I sit down in front of a Windows machine I feel as
if the computer is just a place for the manufacturers to put their
advertising. -- fwadling on Y! SCOX
-----------------------------------------------------------------------
Today: the 900th anniversary of the muslim Seljuq defeat at Didgori