Spamassassin Marks Linuxforum Email As SPAM
I found the Linuxforums email in my Junk folder the other day after Spamassassin updated the header as SPAM. Pretty ironic, n'est pas? The "culprit" is priorityoneemail.com who sends Linuxforums' email. Distributed Checksum Clearinghouses (w_w_w.rhyolite.com/dcc/) received reports that this Email Service Provided has sent SPAM for clients other than Linuxforums. You can see some of their SPAM at Google group news.admin.net-abuse.sightings (groups.google.com/group/news.admin.net-abuse.sightings/topics) then search for priorityoneemail. As you know, Spamassassin can use DCC as part of it's rule set and, in this case, DCC's score tipped your email into the SPAM category for me. Perhaps you should consider changing vendors for sending the forum email. More detail below.
> X-Spam-Status: Yes, score=8.2 required=8.0 tests=AWL,DCC_CHECK,HTML_MESSAGE,
> > MIME_HTML_ONLY,SPF_PASS shortcircuit=no autolearn=no version=3.2.3
> > X-Spam-Report:
> > * -0.0 SPF_PASS SPF: sender matches SPF record
> > * 0.0 HTML_MESSAGE BODY: HTML included in message
> > * 1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
> > * 3.6 DCC_CHECK Listed in DCC (rhyolite.com/anti-spam/dcc/)
> > * 2.9 AWL AWL: From: address is in the auto white-list
> > Received: from mail052.priorityoneemail.com ([188.8.131.52])
> > by w_w_w7.website-server.net with esmtp (Exim 4.69)
> > (envelope-from <bounce(at)priorityoneemail.com>)
> > id 1OqDRW-0002xK-AU
> > for bren(at)vrnashville.com; Mon, 30 Aug 2010 18:07:10 -0500
Response from DCC:
Was that linuxforums_org mail message bulk or subtantially identical
to a bunch of other messages? It sounds likely and if so, then DCC did
the right thing. Spam is unsolicited bulk mail. DCC detects bulk mail.
To tell your DCC client [Spamassassin] that a particular stream
of bulk mail is wanted or solicited, you should whitelist it.
There is probably more to the story than that the linuxforums_org email
is merely bulk. It is probably being reported as extreme bulk or likely
spam with a target count "many" by an unwilling subscriber. Judging
from your headers, the sender of that message was priorityoneemail.com,
which appears to be an email service provider or ESP. Most ESPs willfully
and knowingly send substantial amounts of unsolicited bulk email or
spam because they choose for competitive and profit reasons to not
really discipline customers with dirty target lists.
priorityoneemail.com redirects to w_w_w_1shoppingcart.com/Shopping Cart & Ecommerce Software - 1ShoppingCart.com
and that web page waves all kinds of red flags for those who hate spam.
The old, now defunct NANAS netnews group has reports of spam from
priorityoneemail.com. See Google Groups (groups.google.com/groups/search?q=priorityoneemail+group%3Anews.admin.net-abuse.sightings).
I also see that SMTP client or mail sender at mail052_priorityoneemail.com
[184.108.40.206] as a very bulky DCC Reputation. See
Query DCC Reputations for 220.127.116.11
Poking at the distributed DCC database shows that 18.104.22.168 has been sending mail that targets are saying is spam by reporting it to DCC with target counts of many. That could be because priorityoneemail.com
sends a lot of solicited bulk mail that DCC users have not whitelisted, but my guess based on experience with other outfits is that priorityoneemail.com simply sends "gift subscriptions" or other unsolicited
bulk email that it would insist is not spam several reasons on rhyolite.com/anti-spam/that-which-we-dont.html
Vernon Schryver vjs(at)rhyolite.com