Chris's Wiki :: blog/spam/AntiSpamCopyingGoogle Commentshttps://utcc.utoronto.ca/~cks/space/blog/spam/AntiSpamCopyingGoogle?atomcommentsDWiki2022-11-05T23:06:37ZRecent comments in Chris's Wiki :: blog/spam/AntiSpamCopyingGoogle.By Opk on /blog/spam/AntiSpamCopyingGoogletag:CSpace:blog/spam/AntiSpamCopyingGoogle:a26996570c703e997547fd999ecd31d4b4be35d4Opk<div class="wikitext"><p>I came across this recently on a mailing list server I look after for an open source project. When I went through logs, invalid message IDs is not something that corresponded to spammers so much as a couple of e-mail self-hosters who had configured their message IDs without an @. I increased the rspamd scoring on it mainly because gmail was bouncing them and I prefer to protect our IP reputation. Gmail accounts for nearly half the subscribers anyway.</p>
<p>We'll never know but my assumption was that gmail were rejecting it because they do want to effect better RFC compliance. There seems to be a wider trend in the industry away from the traditional <a href="https://en.wikipedia.org/wiki/Robustness_principle">robustness principle</a> because writing code that is liberal in what it accepts is hard to get right and opens you up to mistakes that leave security holes.</p>
</div>2022-11-05T23:06:37ZBy Andy Balholm on /blog/spam/AntiSpamCopyingGoogletag:CSpace:blog/spam/AntiSpamCopyingGoogle:c6582674bb5da49a2a5b171d3ae5e685e2a4e5a4Andy Balholm<div class="wikitext"><p>Rspamd has the MISSING_MID rule that matches messages with no Message-ID. It has a score of 2.5 points by default.</p>
</div>2022-11-02T17:34:25ZBy sam on /blog/spam/AntiSpamCopyingGoogletag:CSpace:blog/spam/AntiSpamCopyingGoogle:0fb1bdcd6026d7c8b48b83e77d9ee6b95092e565sam<div class="wikitext"><p>I wouldn't think that, if Google are explicitly saying why they're rejecting a message, then that reason isn't a significant spam signal. It's true that spam is a very low-margin 'business' and that spammers will put in the absolute least effort that they possibly can, but it's also true that Google et al go to great lengths to avoid disclosing what causes a message to be marked as spam so that spammers can't learn that and adapt.</p>
</div>2022-11-02T09:28:21ZBy Sotiris Tsimbonis on /blog/spam/AntiSpamCopyingGoogletag:CSpace:blog/spam/AntiSpamCopyingGoogle:f647189f36a9f6014be35d0d9fe1f26ce2a2cebcSotiris Tsimbonishttps://stsimb.irc.gr/<div class="wikitext"><p>I would note two things here</p>
<p>1) I've seen many MTAs in the past that inserted missing (MessageID) headers if they were missing (e.g. <a href="https://www.postfix.org/postconf.5.html#always_add_missing_headers">postfix < 2.6</a>). Gmail used to do that, but that's obviously over now.</p>
<p>2) Gmail used to accept everything no matter how bad it was, it never ever rejected anything at smtp level. I suppose that now is the time they've matured enough, they've gathered all the data in the world they need, and feel it's no longer useful to them to store these. They're probably reached a tripping point where rejecting these has more benefits to them than accepting them.</p>
</div>2022-11-02T06:58:05Z