Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
STY_INVIS_DIRECT
noel.butler at ausics
Oct 2, 2023, 5:38 PM
Post #1 of 2 (118 views)
Permalink
72_active.cf/STY_INVIS_DIRECT

Anyone else seeing this go haywire?

It's triggering on legit emails everywhere, even from paypal, for past
few days by looks of helpdesk, and my own paypal email this morning, 2.5
score is pushing a lot of Email into "Junk folders", for now I'ma change
that score to 0.25

--
Regards,
Noel Butler

This Email, including attachments, may contain legally privileged
information, therefore at all times remains confidential and subject to
copyright protected under international law. You may not disseminate
this message without the authors express written authority to do so.
If you are not the intended recipient, please notify the sender then
delete all copies of this message including attachments immediately.
Confidentiality, copyright, and legal privilege are not waived or lost
by reason of the mistaken delivery of this message.
Re: STY_INVIS_DIRECT [ In reply to ]
jhardin at impsec
Oct 2, 2023, 7:05 PM
Post #2 of 2 (118 views)
Permalink
On Tue, 3 Oct 2023, Noel Butler wrote:

> 72_active.cf/STY_INVIS_DIRECT

Invisible styling is sadly fairly common in legit commercial emails. Sigh.

This should only hit on direct-to-MX emails. Are the hits coming from
sources that strip internal topology history so that they look like the
mail client is directly hitting your MX? Are they coming from sources in
your trust list?

Friday's net masscheck had enough corpora to publish, the rules and scores
have been updated. Its masscheck performance is strongly spammy, S/O
0.979.

https://ruleqa.spamassassin.org/20231001-r1912645-n/STY_INVIS_DIRECT/detail


I'll try some FP tuning, but I can't guarantee that will help.


> Anyone else seeing this go haywire?
>
> It's triggering on legit emails everywhere, even from paypal, for past few
> days by looks of helpdesk, and my own paypal email this morning, 2.5 score is
> pushing a lot of Email into "Junk folders", for now I'ma change that score to
> 0.25

2.5 points by itself shouldn't be enough to quarantine/junk messages. What
else is spammy about those messages?


--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Are you a mildly tech-literate politico horrified by the level of
ignorance demonstrated by lawmakers gearing up to regulate online
technology they don't even begin to grasp? Cool. Now you have a
tiny glimpse into a day in the life of a gun owner. -- Sean Davis
-----------------------------------------------------------------------
1,220 days since the first private commercial manned orbital mission (SpaceX)

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal