The new CMAE_1 rule with strength of 10 is flagging a log of legitimate email from organizations I have signed up for (The Frisco RoughRiders baseball team, Cars.com, etc) as spam and I've had to add a custom rule to change its value to 0 for now.
Just a heads up to anyone, that seems a little strong for a rule that has that many false positives.
SpamAssassin CMAE_1 rule false positives
Moderator: Moderators
Re: SpamAssassin CMAE_1 rule false positives
I reported one of them to CloudMark and got this... A legitimate organizations phone number was used in some spam so they started flagging all email with that phone number in it (including email from the legitimate organization).
They are clearly WAY overzealous and there is no way their filters should have a default value of 10 in SpamAssassin, in my opinion.
Hi,
Thank you for contacting Cloudmark.
That fingerprint is for the phone number 972<dash>3341993, which was in messages that were reported spammy by end users and that hit honey pots.
Looking at the feedback I see:
- 80% of reports seen were to block
- 46% of blocks were from spam traps
- 2 ISPs provided spam trap feedback
- First report : 2015-05-13 04:07:18
- Last report : 2015-06-25 09:54:46
It has been legit since 2015-06-24 07:34:22 PT.
Thanks.
Regards,
Raphael Kouhana
Cloudmark Customer Support
------------
ContactInformation:
FirstName: Steve
LastName: Martin
Company:
Email: steve@planomartins.com
Telephone:
SupportIssue:
Summary: False positive on legitimate email
Description: Cloud mark caused this email to be marked as spam. It is from a legitimate organization that I subscribe to email from.
Priority: P3
Reproducibility: Have not tried
FalsePositive: Neither
SystemDown: No
ref:_00D30Pfe._50050eqR9t:ref
They are clearly WAY overzealous and there is no way their filters should have a default value of 10 in SpamAssassin, in my opinion.
Hi,
Thank you for contacting Cloudmark.
That fingerprint is for the phone number 972<dash>3341993, which was in messages that were reported spammy by end users and that hit honey pots.
Looking at the feedback I see:
- 80% of reports seen were to block
- 46% of blocks were from spam traps
- 2 ISPs provided spam trap feedback
- First report : 2015-05-13 04:07:18
- Last report : 2015-06-25 09:54:46
It has been legit since 2015-06-24 07:34:22 PT.
Thanks.
Regards,
Raphael Kouhana
Cloudmark Customer Support
------------
ContactInformation:
FirstName: Steve
LastName: Martin
Company:
Email: steve@planomartins.com
Telephone:
SupportIssue:
Summary: False positive on legitimate email
Description: Cloud mark caused this email to be marked as spam. It is from a legitimate organization that I subscribe to email from.
Priority: P3
Reproducibility: Have not tried
FalsePositive: Neither
SystemDown: No
ref:_00D30Pfe._50050eqR9t:ref
Re: SpamAssassin CMAE_1 rule false positives
If we end up keeping it we'll most likely have a separate feature module for it rather than using it through SpamAssassin. We're using it through SA initially only because it required the least effort and the existing tools allowed for it to be disabled by setting the score to 0 or setting a lower score. It would probably be similar to the DNSBL filter where we have reject, tag (with headers), or disable operating modes.
Seth Mattinen, Roller Network LLC
Re: SpamAssassin CMAE_1 rule false positives
Thanks, I ended up setting it to 4.4 and it was pretty well behaved.