How to block SPAMMY emails from legitimate Gmail/Hotmail accounts?

[ovizii]

I've seen quite a few emails coming through lately from Gmail/Hotmail/Outlook.com offering some random services and products which were not blocked. The point is Bayes says definitely SPAM but there are a lot of other rules which lower the scores so far that BAYES alone isn't enough to classify it as SPAM.

Blacklisting is quite pointless as there are never 2 mails from the same sender.

Code: Select all

Spamassassin Score:	4.78
Spam Report:	
Score	Matching Rule	Description
3.50	BAYES_95	Bayes spam probability is 95%
2.50	BAYES_BL	Bayes Blacklist everything above 40%
0.15	C_RBL_DRMX	Listed in bl.drmx.org
-0.80	C_RBL_HOSTKARMA_Y	Sender listed in HOSTKARMA-YELLOW
0.15	C_RBL_TECHNOVISION	Listed in st.technovision.dk SpamTrap
0.30	C_RFC_ABUSE	Domain without abuse inbox
0.30	C_RFC_POSTMASTER	Domain without postmaster account
1.10	DCC_CHECK	Detected as bulk mail by DCC (dcc-servers.net)
-0.10	DKIM_SIGNED	Message has a DKIM or DK signature, not necessarily valid
-0.20	DKIM_VALID	Message has at least one valid DKIM or DK signature
-0.25	DKIM_VALID_AU	Message has a valid DKIM or DK signature from author's domain
0.05	FREEMAIL_FROM	Sender email is commonly abused enduser mail provider
0.25	GMD_PRODUCER_GPL	PDF producer was GPL Ghostscript
0.05	HTML_MESSAGE	HTML included in message
1.02	MISSING_HEADERS	Missing To: header
-0.70	RCVD_IN_DNSWL_LOW	Sender listed at http://www.dnswl.org/, low trust
-0.50	RCVD_IN_MSPIKE_H2	Average reputation (+2)
0.00	RCVD_NOT_IN_IPREPDNS	Sender not listed at http://www.chaosreigns.com/iprep/
-0.90	SENDERSCORE_087	SenderScore Reputation 87% (score.senderscore.com)
-0.50	SENDERSCORE_WHITE	SenderScore Reputation White (score.senderscore.com)
-0.50	SO_PUB_SNDR_DOMAIN_DKIM_60	Sender's domain DKIM is listed in reputation-sender-60.rbl.scrolloutf1.com
-1.00	SO_PUB_SNDR_IP_70	Sender's ip address is listed in reputation-ip-70.rbl.scrolloutf1.com
1.00	SO_PUB_URIBL_IP_30	URL's ip address is listed in reputation-ip-30.rbl.scrolloutf1.com
-0.15	SPF_PASS	SPF: sender matches SPF record
-0.01	TXREP	Score normalizing based on sender's reputation
0.01	T_FREEMAIL_DOC_PDF	MS document or PDF attachment, from freemail
0.01	T_FREEMAIL_RVW_ATTCH	Please review attached document, from freemail

or is this not even considered SPAM (it isn't according to SpamHaus => https://www.spamhaus.org/consumer/definition/)

A message is Spam only if it is both Unsolicited and Bulk.

Unsolicited Email is normal email
(examples: first contact enquiries, job enquiries, sales enquiries)

Bulk Email is normal email
(examples: subscriber newsletters, customer communications, discussion lists)

and this doesn't look like bulk :-/

[pdwalker]

You might want to adjust the BAYES_XX scores upwards to get the result you want.

[ovizii]

Thanks, I'll give that a try but the point is that these big freemailers usually hit a lot of the whitelists so I need quite a huge BAYES score to top that. And I'm not sure that shortcircuiting Bayes_999 is a good idea.

[pdwalker]

If you can describe in words what makes these messages spammy, then you can adjust your spamassassin rules or weightings to match your description.

You said that BAYES thinks it spam, even though it is from gmail, thus I suggested giving the BAYES_xx values of interest to you a greater weight.

If you think bayes_95 is spam, change the value to 5 instead of 3.5 for example. And then adjust higher bayes_xx values upwards else upwards.