Email notification from Wordfence high spam score

  • Resolved Mr Lucky

    (@voodoochill)


    2 years, 10 months ago

    Some worfence email notifications (Wordfence Alert] Problems found on…) seem to be getting high spam score in spam assassin.

    Is there a fix for this, thanks. Obviously I can’t do anything about the .co.uk, but the other issues seem strange

      0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                             blocked.  See
                             https://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URIs: petethomas.co.uk]
  0.8 BAYES_50               BODY: Bayes spam probability is 40 to 60%
                             [score: 0.4965]
  0.8 KAM_COUK               Scoring .co.uk emails higher due to poor registry
                             security.
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
  0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
  0.1 HTTPS_HTTP_MISMATCH    BODY: No description available.
  1.6 HTML_IMAGE_ONLY_24     BODY: HTML: images with 2000-2400 bytes of
                             words
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.5 KAM_REALLYHUGEIMGSRC   RAW: Spam with image tags with ridiculously
                              huge http urls
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                             author's domain
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                             valid
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
  0.4 HTML_MIME_NO_HTML_TAG  HTML-only message, but there is no HTML
                             tag
    • This topic was modified 2 years, 10 months ago by Mr Lucky.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @voodoochill, thanks for letting us know.

    You may need to alter the threshold of what is allowed at the server, and also make sure to mark emails from your WordPress sites as safe at the destination set as the recipient for Wordfence emails. They will come from wordpress @ yoursitename . com so can be expected if you haven’t done this already.

    We have a case open for improving the Spam Assassin score as part of future plugin development, which we have now added your log information to for our reference so thank-you for that. I cannot comment on specific delivery dates for scheduled development here on the forums, however.

    Thanks,

    Peter.

    Thread Starter Mr Lucky

    (@voodoochill)

    Many thanks

    You may need to alter the threshold of what is allowed at the server,

    The server Spam assassin settings are default. My mail client flags anything with a sam score of 4 **** and it seems odd that all other emails with **** are actual spam

    and also make sure to mark emails from your WordPress sites as safe at the destination set as the recipient for Wordfence emails.

    Will do

    I assume nothing can be done about the .co.uk domain extension (although I could change that to be one of my .com emails, but then I’m not sure if it would then get a spam assassin flag for an email that is different domain to the actual site.

    Howebver it seems like this is the biggest issue which I think would be great if WF can address: `1.6 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of
    words`

    Plugin Support wfpeter

    (@wfpeter)

    Hi @voodoochill,

    It might be worth speaking with Spam Assissin’s support about the .co.uk issue as their decision about registry security isn’t really your fault for picking this type of domain. It’s certainly a commonly-used and established domain extension and it does seem odd on the face of it to treat it more harshly.

    I absolutely agree with addressing the 1.6 HTML_IMAGE_ONLY_24 BODY issue, which is fairly hard to avoid as the format of the email provides only necessary information to customers as we see it. It seems like we’d have to add more words or remove some images to balance the ratio. This has been submitted to the development team and will be addressed when this work is carried out.

    Thanks again for your follow-up and assisting us with the log information,

    Peter.

    Thread Starter Mr Lucky

    (@voodoochill)

    Thanks

    Plugin Support wfpeter

    (@wfpeter)

    No worries @voodoochill, any changes we make should be documented in our change logs for that release version.

    If you have any further Wordfence questions in future don’t hesitate to start a new topic and we’ll be glad to help out!

    Peter.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Email notification from Wordfence high spam score’ is closed to new replies.