#43 Spam False Positives (Rainloop "Not Spam" button)

Open
opened 2 years ago by Ghost · 13 comments
Ghost commented 2 years ago

When getting a spam false positive in Rainloop’s Spam folder, selecting it and marking “Not Spam”, moves it to the Inbox but it doesn’t seem to train the mail server to actually mark it as not spam in the future.

When getting a spam false positive in Rainloop's Spam folder, selecting it and marking "Not Spam", moves it to the Inbox but it doesn't seem to train the mail server to actually mark it as not spam in the future.
Ghost commented 2 years ago
Poster

This thread on GH might be relevant:

https://github.com/RainLoop/rainloop-webmail/issues/1330

This thread on GH might be relevant: https://github.com/RainLoop/rainloop-webmail/issues/1330
Ghost commented 2 years ago
Poster

@Uncled1023 Until this issue is resolved, is it possible for you to whitelist the domain ifttt.com and ift.tt in my email account? I sent false positive samples and whitelist requests to your support email but had no reply.

@Uncled1023 Until this issue is resolved, is it possible for you to whitelist the domain `ifttt.com` and `ift.tt` in my email account? I sent false positive samples and whitelist requests to your support email but had no reply.
Uncled1023 commented 2 years ago
Owner

Hello,

Yea, let me look into whitelisting those domains.

Hello, Yea, let me look into whitelisting those domains.
Uncled1023 commented 2 years ago
Owner

Those two domains have been whitelisted. Will be looking into a more automated method of allowing false positive sampling and processing.

Those two domains have been whitelisted. Will be looking into a more automated method of allowing false positive sampling and processing.
Ghost commented 2 years ago
Poster

Thanks, this should work for the time being. :+1:

Thanks, this should work for the time being. :+1:
Ghost commented 2 years ago
Poster

Er… no. Still not whitelisted. Got this today (April 15), the only difference is that the email wasn’t filtered into the Spam folder but directly into the Inbox.

From: dailydigest@ifttt.com

Spam detection software, running on the system "Teknik-Server",
has identified this incoming email as possible spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
support@teknik.io for details.

Content preview:  ----- [10 items] ----- ============================ Secret
  Space Programs: Full or Partial Disclosure? - (added at April 14, 2017 at
  06:32AM) [...] 

Content analysis details:   (6.3 points, 5.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                           See
                           http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                            for more information.
                           [URIs: ifttt.com]
0.5 RCVD_IN_SORBS_SPAM     RBL: SORBS: sender is a spam source
                           [50.31.63.158 listed in dnsbl.sorbs.net]
1.6 JAM_MORTGAGE_BD        BODY: Body contains mortgage, debt or similar
0.2 JAM_LONG_LINK          BODY: Very long link in mail, possibly filled up with
                           random words by bulk mailer
0.1 JAM_PHARMACY_BD        BODY: Body contains pharmacy, medication etc
0.5 JAM_LOAN_BD            BODY: Body contains "loan"
0.5 JAM_DO_STH_HERE        BODY: Body contains Click/Order/Press... Here
0.0 HTML_IMAGE_RATIO_06    BODY: HTML has a low ratio of text to image area
0.0 HTML_MESSAGE           BODY: HTML included in message
0.5 JAM_LARGE_FONT_SIZE    RAW: Body of mail contains parts with very large
                           font
-0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from author's
                           domain
-0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
0.0 LOTS_OF_MONEY          Huge... sums of money
2.5 JAM_PHARMACY_IMAGE_ONLY Subject contains medical products and
                           shipping information
0.0 T_REMOTE_IMAGE         Message contains an external image

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.
Er... no. Still not whitelisted. Got this today (April 15), the only difference is that the email wasn't filtered into the Spam folder but directly into the Inbox. ```text From: dailydigest@ifttt.com Spam detection software, running on the system "Teknik-Server", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see support@teknik.io for details. Content preview: ----- [10 items] ----- ============================ Secret Space Programs: Full or Partial Disclosure? - (added at April 14, 2017 at 06:32AM) [...] Content analysis details: (6.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: ifttt.com] 0.5 RCVD_IN_SORBS_SPAM RBL: SORBS: sender is a spam source [50.31.63.158 listed in dnsbl.sorbs.net] 1.6 JAM_MORTGAGE_BD BODY: Body contains mortgage, debt or similar 0.2 JAM_LONG_LINK BODY: Very long link in mail, possibly filled up with random words by bulk mailer 0.1 JAM_PHARMACY_BD BODY: Body contains pharmacy, medication etc 0.5 JAM_LOAN_BD BODY: Body contains "loan" 0.5 JAM_DO_STH_HERE BODY: Body contains Click/Order/Press... Here 0.0 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to image area 0.0 HTML_MESSAGE BODY: HTML included in message 0.5 JAM_LARGE_FONT_SIZE RAW: Body of mail contains parts with very large font -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 LOTS_OF_MONEY Huge... sums of money 2.5 JAM_PHARMACY_IMAGE_ONLY Subject contains medical products and shipping information 0.0 T_REMOTE_IMAGE Message contains an external image The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. ```
Ghost commented 2 years ago
Poster

And another one today (April 17):

From: dailydigest@ifttt.com

Spam detection software, running on the system "Teknik-Server",
has identified this incoming email as possible spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
support@teknik.io for details.

Content preview:  ----- [10 items] ----- ============================ China
  Study Links Immune Activation By Vaccination & Autism - (added at April 16,
  2017 at 06:42AM) [...] 

Content analysis details:   (5.4 points, 5.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                           See
                           http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                            for more information.
                           [URIs: ift.tt]
0.2 JAM_LOW_PRICES_BD      BODY: Mail contains hint about low prices
0.3 JAM_VALIUM_BD          BODY: Body contains medicine Valium
0.2 JAM_LONG_LINK          BODY: Very long link in mail, possibly filled up with
                           random words by bulk mailer
0.1 JAM_PHARMACY_BD        BODY: Body contains pharmacy, medication etc
0.5 JAM_XANAX_BD           BODY: Body contains medicine Xanax
0.0 HTML_MESSAGE           BODY: HTML included in message
0.5 JAM_LARGE_FONT_SIZE    RAW: Body of mail contains parts with very large
                           font
-0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from author's
                           domain
-0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
3.0 JAM_PHARMACY_PRODUCTS_BD Body contains multiple typical medicines
                           like Viagra or Xanax
0.7 DRUGS_ANXIETY          Refers to an anxiety control drug

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.
And another one today (April 17): ```txt From: dailydigest@ifttt.com Spam detection software, running on the system "Teknik-Server", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see support@teknik.io for details. Content preview: ----- [10 items] ----- ============================ China Study Links Immune Activation By Vaccination & Autism - (added at April 16, 2017 at 06:42AM) [...] Content analysis details: (5.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: ift.tt] 0.2 JAM_LOW_PRICES_BD BODY: Mail contains hint about low prices 0.3 JAM_VALIUM_BD BODY: Body contains medicine Valium 0.2 JAM_LONG_LINK BODY: Very long link in mail, possibly filled up with random words by bulk mailer 0.1 JAM_PHARMACY_BD BODY: Body contains pharmacy, medication etc 0.5 JAM_XANAX_BD BODY: Body contains medicine Xanax 0.0 HTML_MESSAGE BODY: HTML included in message 0.5 JAM_LARGE_FONT_SIZE RAW: Body of mail contains parts with very large font -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 3.0 JAM_PHARMACY_PRODUCTS_BD Body contains multiple typical medicines like Viagra or Xanax 0.7 DRUGS_ANXIETY Refers to an anxiety control drug The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. ```
Ghost commented 2 years ago
Poster

Another one today. Any clues why isn’t working?

Another one today. Any clues why isn't working?
Uncled1023 commented 2 years ago
Owner

Alright, thanks. I’ll have to recheck the whitelists/levels.

Alright, thanks. I'll have to recheck the whitelists/levels.
Uncled1023 commented 2 years ago
Owner

Ok, so I think I finally fixed it. Needed to modify the SpamAssassin as well. Let me know if it is working now.

Ok, so I think I finally fixed it. Needed to modify the SpamAssassin as well. Let me know if it is working now.
Ghost commented 2 years ago
Poster

Today’s mail from IFTTT arrived well but it doesn’t happen with every email message. I’ll close it and re-open if not fixed. Thanks.

Today's mail from IFTTT arrived well but it doesn't happen with every email message. I'll close it and re-open if not fixed. Thanks.
Ghost commented 2 years ago
Poster

Re-opening. Forgot this was a feature request about the Not Spam button in Rainloop. =)

Re-opening. Forgot this was a feature request about the **Not Spam** button in Rainloop. =)
Ghost changed title from Spam False Positives to Spam False Positives (Rainloop "Not Spam" button) 2 years ago
Ghost commented 1 year ago
Poster

Just a note, ifttt.com and ift.tt (and any other domain) can be removed from whitelist on dmz76@teknik.io (if still enabled), since I don’t use IFTTT services anymore.

Just a note, `ifttt.com` and `ift.tt` (and any other domain) can be removed from whitelist on `dmz76@teknik.io` (if still enabled), since I don't use IFTTT services anymore.
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
Cancel
Save
There is no content yet.