DATE_IN_FUTURE_03_06 matches wrongly
Posted: 22 Aug 2019 09:46
For some time the Matching Rule DATE_IN_FUTURE_03_06 scores at many mails for no obvious reason.
Score Matching Rule Description
3.03 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date
It occurs to several sending domains. But the system time displayed in our EFA system is correct.
This is the Message Header of an example received mail:
Received on: 21/08/19 13:24:57
[...]
Received: from mail.*********.de (mail.*********.de [**.***.**.**])
by mail2.***.de (Postfix) with ESMTP id 1483511C88
for <*******.********@***.de>; Wed, 21 Aug 2019 09:06:13 +0200 (CEST)
From: ****** ********** <*.**********@*********.de>
To: ******* ******* <*******.********@***.de>
Subject: Info
Thread-Topic: Info
Thread-Index: AdVYEwbpn9yUfSdYRfiHJCoECm9amw==
Date: Wed, 21 Aug 2019 11:24:42 +0000
Message-ID: <7934E0BF-118C-4A62-99CE-B55EFC53A1C0@*********.de>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="utf-8"
Content-ID: <2BE34BEBB0A7AD48A8FF71FE510D2501@***.loc>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
It's a very annoying problem because the score of this matching rule is 3.03 and compared to other rules quite high. This results to many false spam matches.
Score Matching Rule Description
3.03 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date
It occurs to several sending domains. But the system time displayed in our EFA system is correct.
This is the Message Header of an example received mail:
Received on: 21/08/19 13:24:57
[...]
Received: from mail.*********.de (mail.*********.de [**.***.**.**])
by mail2.***.de (Postfix) with ESMTP id 1483511C88
for <*******.********@***.de>; Wed, 21 Aug 2019 09:06:13 +0200 (CEST)
From: ****** ********** <*.**********@*********.de>
To: ******* ******* <*******.********@***.de>
Subject: Info
Thread-Topic: Info
Thread-Index: AdVYEwbpn9yUfSdYRfiHJCoECm9amw==
Date: Wed, 21 Aug 2019 11:24:42 +0000
Message-ID: <7934E0BF-118C-4A62-99CE-B55EFC53A1C0@*********.de>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="utf-8"
Content-ID: <2BE34BEBB0A7AD48A8FF71FE510D2501@***.loc>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
It's a very annoying problem because the score of this matching rule is 3.03 and compared to other rules quite high. This results to many false spam matches.