SpamAssassin CMAE_1 rule false positives

Need help? Ask here.

Moderator: Moderators

Locked
cheezmo
Posts: 4
Joined: Fri Jun 26, 2015 5:54 am

SpamAssassin CMAE_1 rule false positives

Post by cheezmo »

The new CMAE_1 rule with strength of 10 is flagging a log of legitimate email from organizations I have signed up for (The Frisco RoughRiders baseball team, Cars.com, etc) as spam and I've had to add a custom rule to change its value to 0 for now.

Just a heads up to anyone, that seems a little strong for a rule that has that many false positives.
cheezmo
Posts: 4
Joined: Fri Jun 26, 2015 5:54 am

Re: SpamAssassin CMAE_1 rule false positives

Post by cheezmo »

I reported one of them to CloudMark and got this... A legitimate organizations phone number was used in some spam so they started flagging all email with that phone number in it (including email from the legitimate organization).

They are clearly WAY overzealous and there is no way their filters should have a default value of 10 in SpamAssassin, in my opinion.


Hi,

Thank you for contacting Cloudmark.

That fingerprint is for the phone number 972<dash>3341993, which was in messages that were reported spammy by end users and that hit honey pots.

Looking at the feedback I see:
- 80% of reports seen were to block
- 46% of blocks were from spam traps
- 2 ISPs provided spam trap feedback
- First report : 2015-05-13 04:07:18
- Last report : 2015-06-25 09:54:46

It has been legit since 2015-06-24 07:34:22 PT.

Thanks.

Regards,

Raphael Kouhana
Cloudmark Customer Support

------------

ContactInformation:
FirstName: Steve
LastName: Martin
Company:
Email: steve@planomartins.com
Telephone:
SupportIssue:
Summary: False positive on legitimate email
Description: Cloud mark caused this email to be marked as spam. It is from a legitimate organization that I subscribe to email from.
Priority: P3
Reproducibility: Have not tried
FalsePositive: Neither
SystemDown: No


ref:_00D30Pfe._50050eqR9t:ref
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: SpamAssassin CMAE_1 rule false positives

Post by Seth »

If we end up keeping it we'll most likely have a separate feature module for it rather than using it through SpamAssassin. We're using it through SA initially only because it required the least effort and the existing tools allowed for it to be disabled by setting the score to 0 or setting a lower score. It would probably be similar to the DNSBL filter where we have reject, tag (with headers), or disable operating modes.
Seth Mattinen, Roller Network LLC
cheezmo
Posts: 4
Joined: Fri Jun 26, 2015 5:54 am

Re: SpamAssassin CMAE_1 rule false positives

Post by cheezmo »

Thanks, I ended up setting it to 4.4 and it was pretty well behaved.
Locked