High SpamAssassin scores

Hi sanderpinkse,
Thanks for your message.

Emails being marked as SPAM that have been sent by BNFW is something I really want to make sure doesn’t happen. As you might know, it’s tricky to get the balance right, especially with automated emails.

The issue that we have is that WordPress is difficult about how you can change the details of the ‘To’ field in the email header using wp_mail() and so it may not be possible to fix. I’ve not come across any others plugins that change the format in this way either so whilst I appreciate it’s triggering the TO_NO_BRKTS_HTML_ONLY rule in SpamAssassin, the To field probably isn’t the main cause of a high score.

I’d be interested to hear your thoughts on this too though.
Hope this helps!

Thanks,
Jack

Hi Jack,

Here is a copy of the relevant headers:

X-Spam-Status: No, score=2.392 tagged_above=-999 required=3
	tests=[HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377,
	MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_LOW=-0.7, TO_NO_BRKTS_HTML_ONLY=2,
	T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001]

As you can see, the total score is approaching 3, the tipping point. The TO_NO_BRKTS_HTML_ONLY rule is responsible for almost all of that.

I know almost nothing about SpamAssassin. This might be specific to the mail server setup of my provider. But a value of 2 for the TO_NO_BRKTS_HTML_ONLY rule seems high enough to warrant some investigation…

By using custom values for the From: field in BNFW I can prevent the BNFW notifications being marked as spam. Before I started doing that, they almost invariably were.

Thanks for looking into this!

Sander

Hi sanderpinkse,
Thanks for the additional info.

So when you were using the default ‘[email protected]’ email address it had a high SpamAssassin score and when you changed the from and to settings the score went down. Is that correct?

Thanks,
Jack

Hi Jack,

That is correct. I changed the From address to an email address on the same domain that I also use for different purposes. I think SpamAssassin recognises that as a “known sender”, or something like that.

Here are the relevant headers (I used the Send Me a Test Email option in BNFW):

X-Spam-Status: No, score=0.49 tagged_above=-999 required=3
	tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377,
	MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_LOW=-0.7,
	TO_NO_BRKTS_HTML_ONLY=1.999, T_RP_MATCHES_RCVD=-0.01]

Hold on… I just repeated that test, and now the scores are high again:

X-Spam-Status: No, score=2.391 tagged_above=-999 required=3
	tests=[HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377,
	MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_LOW=-0.7, TO_NO_BRKTS_HTML_ONLY=2,
	T_RP_MATCHES_RCVD=-0.01]

Just goes to show how little I understand of the workings of SpamAssassin.
I have no idea why the Bayesian filter kicks in on the first test, but not on the second…

Cheers,

Sander

Hi Sander,
My knowledge of SpamAssassin is limited too but it looks like your server is marking anything from an email address beginning with ‘wordpress’ as potential SPAM and giving it a high score. As soon as you change the email address to something that has an email account on your server, it lowers the risk based on this.

I’m not sure this is an issue that can be solved in the BNFW plugin :/

Jack

Hi Jack,

I’m not quite sure that is true. The two mails I quoted form above were sent using the same From: address. One of them scored 0.49, the other 2.391.

However, that is not my point. Apparently, any html mail that is sent using wp_mail() invokes the TO_NO_BRKTS_HTML_ONLY rule in SpamAssassin. That rule has a weight of 2, so I assume you would want to avoid it.

I can easily work around the problem (changing the From: address, not sending as html), but you probably want BNFW to work properly using the default setup.

Cheers,

Sander

Hi Sander,
Oh, I see – so it’s only notifications sent out using HTML that invoke the TO_NO_BRKTS_HTML_ONLY rule – is that right?

Jack

Hi Jack,

That’s right. More specifically:

TO_NO_BRKTS_HTML_ONLY To: misformatted and HTML only

I think if you would supply a text/plain alternative besides text/html, the overall score would be much lower.

Cheers,

Sander

A quick follow up: I just received another notification:

X-Spam-Status: No, score=0.392 tagged_above=-999 required=3
	tests=[HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377,
	MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_LOW=-0.7, T_RP_MATCHES_RCVD=-0.01,
	URIBL_BLOCKED=0.001]

No mention of TO_NO_BRKTS_HTML_ONLY at all…

SpamAsassin has me at a loss. Please don’t spend any more time on this…

Cheers,

Sander

Hi Sander,
Not a problem – thanks for letting me know.

If you’re having trouble with SpamAssassin and HTML emails, you can set the notification to use Plain Text instead if it helps.

Thanks for your feedback.
Jack

Hi Jack,

I did switch to plain text, because another three notifications were markled as psam:

X-Spam-Score: 3.031
X-Spam-Level: ***
X-Spam-Status: Yes, score=3.031 tagged_above=-999 required=3
	tests=[HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.635,
	MIME_HTML_ONLY=1.105, RCVD_IN_DNSWL_LOW=-0.7,
	TO_NO_BRKTS_HTML_ONLY=1.999, T_RP_MATCHES_RCVD=-0.01,
	URIBL_BLOCKED=0.001]

Plain text does produce rather ugly mails, though:

<p><strong>This is a test email. All shortcodes below will show in place but not be replaced with content.</strong></p>
<p>[comment_author] ([comment_author_email]) schreef:</p>
<p><em>[comment_content]</em></p>
<p><strong>Comment [comment_approved]</strong></p>
<p>[permalink]</p>

Shouldn’t these tags get stripped out?

Cheers,

Sander

Hi Sander,
There should stay as they show you the formatting, although there’s a bug in the current version which is stripping them out which has been fixed and will be available in the next version.

I’m looking into improving the test notifications at the mo but this won’t come for a little while yet.

Thanks,
Jack