michael.scheidell at secnap
Mar 30, 2012, 3:26 AM
Post #4 of 13
On 3/29/12 6:06 PM, Kevin A. McGrail wrote:
Re: Request to change rule RCVD_IN_RP_CERTIFIED
[In reply to]
> As a side note, linkedin likely had someone from FreeBSD list use the
> email address to invite people. I doubt linkedin actually did it.
> They are an easily abused system but I've never seen them actually
> support spam.
as in 'technically', yes linkedin did (see sender and from headers.) is
in who pushed the button, who loaded the names, no, they didn't. But,
unless they want to identify the user in the From (not the mfrom/sender
which would break spf), they 'sent it', facilitated it being sent,
allowed it to be sent.
or, they allow the sender to forge From headers. (if they didn't send
it, they forged the From headers)
But I am not asking SA to fix linked in, or stop them from spamming (it
was unsolicited, it was commercial. (they want to build up their links,
actual member wants to spam me using linked in).
I want to address the 'easily abused system'.
If linked in has an easily abused system, and RP gets paid to list them,
and the default SA score for RCVD_IN_RP_CERTIFIED is -3.0 points than I
request that until RP stops certifying 'easily abused system(s)' that
the score be lowered.
further, I would like SA to consider, in general, the - scores for all
the 'spam for hire' rules.
If this email would not score high on its own, it would not need -3.0
score. If it gets its score dropped by -3.0 points, not only is
questionable valuable email passed through, but Bayesian keys are added
as if they are 'clean' email.
So, email like this sent from other sources will eventually come in as
'clean', due to Bayesian credits.
I would like to consider tflags for all 'spam for hire' scores be
changed to net nice noautolearn
this way, at least you aren't adding insult to injury.
Michael Scheidell, CTO
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integrator
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com/