Please post evidence of postini false positives here

mikeb · ‎10-06-2007

And another one that's just started getting a very ridiculously low score rather than just a low(ish) score.

Quote
Envelope-to: mandm@My_Postinied_PN_Account.plus.com
Delivery-date: Fri, 25 Jan 2008 19:41:31 +0000
Received: from exprod5mx248.postini.com ([64.18.0.168] helo=psmtp.com)
by pih-sunmxcore14.plus.net with smtp (PlusNet MXCore v2.00) id 1JIUQc-0002Pa-Ho
for mandm@My_Postinied_PN_Account.plus.com; Fri, 25 Jan 2008 19:41:31 +0000
Received: from source ([212.21.100.154]) by exprod5mx248.postini.com ([64.18.4.14]) with SMTP;
Fri, 25 Jan 2008 11:41:28 PST
From: "M and M Direct" <mandm@mandmdirectmail.com>
Subject: More lines added and massive reductions at M and M Direct.com
To: mandm@My_Postinied_PN_Account.plus.com
Content-Type: multipart/alternative;
boundary="=_NextPart_2emsgsadvnqw3nerasdf";
charset="iso-8859-1"
MIME-Version: 1.0
Reply-To: feedback@mandmdirect.com
Date: Fri, 25 Jan 2008 19:41:07 +0000
X-e-MSG-email: [EMAIL]->MANDM@My_Postinied_PN_Account.plus.com<-[EMAIL]
X-e-MSG-email_id: [MID]->20888<-[MID]
X-e-MSG-Info-1: This email messages has been delivered by e-MSG.co.uk
X-e-MSG-Info-2: We operate a strict anti-spam policy, if you believe you
should not have
X-e-MSG-Info-3: received this email please visit
http://www.e-MSG.co.uk/feedback.php?email_id=20888
X-Mailer: e-MSG.co.uk
X-pstn-neptune: 1/1/1.00/90
X-pstn-levels: (S: 0.08697/99.19409 CV:99.9000 R:95.9108 P:95.9108 M:95.5423 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c
X-pstn-addresses: from <mandm@mandmdirectmail.com> [20/1]
Message-ID: <E1JIUQc-0002Pa-Ho@pih-sunmxcore14.plus.net>
X-pn-pstn: Spam 1
X-Agent-Received: from PN POP My_Postinied_PN_Account (mail.plus.net); Fri, 25 Jan 2008 22:17:53 +0000
X-Agent-Junk-Probability: 0

B T Plusnet, a bit kinda like P T Barnum ...

... but quite often appears to feature more clowns

snozboz · ‎27-07-2007

My first "false positive" - marked as [-SPAM-] in the subject line and going into my "INBOX.Spam" box but I signed up for this email and have been receiving them from this company without problems up till now:

Quote
From - Mon Jan 28 14:09:52 2008
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Envelope-to: my_postinied_email_address
Delivery-date: Mon, 28 Jan 2008 03:22:27 +0000
Received: from exprod5mx233.postini.com ([64.18.0.119] helo=psmtp.com)
by pih-sunmxcore11.plus.net with smtp (PlusNet MXCore v2.00) id 1JJKZm-0002c1-I6
for my_postinied_email_address; Mon, 28 Jan 2008 03:22:27 +0000
Received: from source ([83.170.81.145]) (using TLSv1) by exprod5mx233.postini.com ([64.18.4.10]) with SMTP;
Sun, 27 Jan 2008 19:22:23 PST
Received: from gbc1-ms-01.lovefilm.com ([85.133.41.20])
by smtp5.uk2.net with esmtp (Exim 4.60)
(envelope-from <donotreply@lovefilm.com>)
id 1JJKZj-000086-4g
for my_postinied_email_address; Mon, 28 Jan 2008 03:22:23 +0000
Received: from localhost.localdomain (gbc1-mail-01.lovefilm.com [10.0.6.90])
by gbc1-ms-01.lovefilm.com (Postfix) with ESMTP id 456771B5EC
for <my_postinied_email_address>; Sun, 27 Jan 2008 19:38:01 +0000 (GMT)
Content-Disposition: inline
Content-Type: text/html; charset=iso-8859-1
MIME-Version: 1.0
Date: Sun, 27 Jan 2008 19:38:01 UT
Subject: [-SPAM-] 10% off everything on Wednesday at the LOVEFiLM Shop
To: my_postinied_email_address
From: LOVEFiLM.com <donotreply@lovefilm.com>
X-Mailer: MIME::Lite::HTML 1.21
Message-Id: <20080127193801.456771B5EC@gbc1-ms-01.lovefilm.com>
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.7
X-Spam-Report: Content analysis details: (0.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.7 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
X-pstn-levels: (S: 0.00000/96.35205 CV:99.9000 R:95.9108 P:95.9108 M:95.5423 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c
X-pstn-addresses: from <donotreply@lovefilm.com> [50/4]
X-pn-pstn: Spam 1
X-PN-VirusFiltered: by PlusNet MXCore (v4.00)

grahamv · ‎27-07-2007

Another perfectly acceptable mail marked as [-SPAM-] - this one offers me an upgrade for a registered software package

Quote
Received: from 127.0.0.1 by xxxx.plus.com with POP3
id <UID1525-1185954532."xxxx+xxxx@mail.plus.net"@127.0.0.1>
for <"xxxx+xxxx@mail.plus.net"@127.0.0.1>;
Tue, 29 Jan 2008 11:24:17 +0000
Envelope-to: xxxx@xxxx.plus.com
Delivery-date: Tue, 29 Jan 2008 09:49:47 +0000
Received: from exprod5mx226.postini.com ([64.18.0.85] helo=psmtp.com)
by pih-sunmxcore14.plus.net with smtp (PlusNet MXCore v2.00) id 1JJn6A-00013D-LE
for xxxx@xxxx.plus.com; Tue, 29 Jan 2008 09:49:47 +0000
Received: from source ([216.54.194.104]) by exprod5mx226.postini.com ([64.18.4.13]) with SMTP;
Tue, 29 Jan 2008 01:49:45 PST
Message-ID: <11.1B.28908.8B6FE974@dc1bhmta03>
Date: Tue, 29 Jan 2008 01:27:36 -0800
From: "Roxio" <roxio@roxioemail.com>
Reply-To: roxio@roxioemail.com
To: =?UTF-8?B?IA==?= <xxxx@xxxx.plus.com>
X-Outgoing: roxio
Subject: [-SPAM-] =?UTF-8?B?Um94aW8gQ3JlYXRvciAxMCBmb3IgwqMzOS45OTogU2F2ZSDCozIwIE5vdyE=?=
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="--479ef1880b906-MultiPart-Mime-Boundary"
X-pstn-levels: (S: 0.00000/96.92614 CV:99.9000 R:95.9108 P:95.9108 M:95.5423 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c
X-pstn-addresses: from <roxio@roxioemail.com> [18/1]
X-pn-pstn: Spam 1
X-PN-VirusFiltered: by PlusNet MXCore (v4.00)

mikeb · ‎10-06-2007

Another one as a direct result of the recent PN changes. Spam score of 97.97078 (meaning 98% NOT spam) but marked as spam by PN

Quote
Envelope-to: rbf@My_Postinied_PN_Account.plus.com
Delivery-date: Tue, 29 Jan 2008 03:11:22 +0000
Received: from exprod5mx234.postini.com ([64.18.0.120] helo=psmtp.com)
by pih-sunmxcore18.plus.net with smtp (PlusNet MXCore v2.00) id 1JJgsb-0006Ol-IK
for rbf@My_Postinied_PN_Account.plus.com; Tue, 29 Jan 2008 03:11:21 +0000
Received: from source ([209.123.82.21]) by exprod5mx234.postini.com ([64.18.4.10]) with SMTP;
Mon, 28 Jan 2008 22:11:20 EST
DomainKey-Signature: a=rsa-sha1; c=simple; d=pmailuk.com; q=dns; s=grahamcrackers;
b=cKbWkRpGcOJA9uOJi6AoRSP7dvbOwlAwraEX+gUfkZYTBkJA87Wfmv6T65Da
PrFrv0+MlV9KZaK3US3kudFlWRwan/lZ+1fYr6IxsSMiy/bO+5b7uvwak
ugeJcQjxZXbP3Ayw45aT8YCv+d2qL48Noy7YkHZvFP4v+S3SaFGhCs=;
Date: Mon, 28 Jan 2008 22:11:20 -0500 (EST)
From: "Rockinbeerfest, RBF Festivals" <rbf@rbf.pmailuk.com>
To: rbf@My_Postinied_PN_Account.plus.com
Message-ID: <2067367.5162411201576280292.JavaMail.root@ptmail1.pt.local>
Subject: Cream of Hendrix & CRF 08 Dates Confirmed
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-CampaignID: patrontechnology-6700
X-CampaignEmailID: AeiSl-eNodyhNuq4ax3yB-q5b_w9
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S:97.97078/99.90000 CV:99.9000 R:95.9108 P:95.9108 M:81.4829 C:99.7951 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p M c
X-pstn-addresses: from <rbf@rbf.pmailuk.com> [20/1]
X-pn-pstn: Spam 1
X-Agent-Received: from PN POP My_Postinied_PN_Account (mail.plus.net); Tue, 29 Jan 2008 09:59:33 +0000
X-Agent-Junk-Probability: 0

B T Plusnet, a bit kinda like P T Barnum ...

... but quite often appears to feature more clowns

mikeb · ‎10-06-2007

Just another of several messages with a ridiculously low spam score for no good reason:

Quote
Envelope-to: tandm@My_Postinied_PN_Account.plus.com
Delivery-date: Tue, 29 Jan 2008 11:41:03 +0000
Received: from exprod5mx241.postini.com ([64.18.0.161] helo=psmtp.com)
by pih-sunmxcore12.plus.net with smtp (PlusNet MXCore v2.00) id 1JJopq-0006Ip-NW
for tandm@My_Postinied_PN_Account.plus.com; Tue, 29 Jan 2008 11:41:03 +0000
Received: from source ([195.140.185.250]) by exprod5mx241.postini.com ([64.18.4.11]) with SMTP;
Tue, 29 Jan 2008 03:41:00 PST
Received: from app13.muc.ec-messenger.com (app13.muc.ec-messenger.com [172.16.8.43])
by mta21.muc.ec-messenger.com (READY) with ESMTP id 0CEC5AC28A
for <tandm@My_Postinied_PN_Account.plus.com>; Tue, 29 Jan 2008 12:41:00 +0100 (CET)
Date: Tue, 29 Jan 2008 12:41:00 +0100 (CET)
From: Thompson & Morgan <tm-newsletter@thompson-morgan.com>
Reply-To: Thompson & Morgan <ccare@thompson-morgan.com>
To: tandm@My_Postinied_PN_Account.plus.com
Message-ID: <14283080.1201606860037.ecMessenger@newsletter.thompson-morgan.com>
Subject: Unique Blue Fuchsia Available in a Half Price Collection
MIME-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-eC-messenger-mid: 400132206
X-eC-messenger-cid: 527
X-eC-messenger-sender-domain: bounce.newsletter.thompson-morgan.com
X-eC-messenger-email: tandm@My_Postinied_PN_Account.plus.com
X-pstn-neptune: 9/9/1.00/90
X-pstn-levels: (S: 0.09546/99.24621 CV:99.9000 R:95.9108 P:95.9108 M:95.5423 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c
X-pstn-addresses: from <tm-newsletter@thompson-morgan.com> [20/1]
X-pn-pstn: Spam 1
X-Agent-Received: from PN POP My_Postinied_PN_Account (mail.plus.net); Tue, 29 Jan 2008 11:47:17 +0000
X-Agent-Junk-Probability: 0

B T Plusnet, a bit kinda like P T Barnum ...

... but quite often appears to feature more clowns

bobpullen · ‎04-04-2007

Quote from: mikeb
Another one as a direct result of the recent PN changes. Spam score of 97.97078 (meaning 98% NOT spam) but marked as spam by PN
Quote
Envelope-to: rbf@My_Postinied_PN_Account.plus.com
Delivery-date: Tue, 29 Jan 2008 03:11:22 +0000
Received: from exprod5mx234.postini.com ([64.18.0.120] helo=psmtp.com)
by pih-sunmxcore18.plus.net with smtp (PlusNet MXCore v2.00) id 1JJgsb-0006Ol-IK
for rbf@My_Postinied_PN_Account.plus.com; Tue, 29 Jan 2008 03:11:21 +0000
Received: from source ([209.123.82.21]) by exprod5mx234.postini.com ([64.18.4.10]) with SMTP;
Mon, 28 Jan 2008 22:11:20 EST
DomainKey-Signature: a=rsa-sha1; c=simple; d=pmailuk.com; q=dns; s=grahamcrackers;
b=cKbWkRpGcOJA9uOJi6AoRSP7dvbOwlAwraEX+gUfkZYTBkJA87Wfmv6T65Da
PrFrv0+MlV9KZaK3US3kudFlWRwan/lZ+1fYr6IxsSMiy/bO+5b7uvwak
ugeJcQjxZXbP3Ayw45aT8YCv+d2qL48Noy7YkHZvFP4v+S3SaFGhCs=;
Date: Mon, 28 Jan 2008 22:11:20 -0500 (EST)
From: "Rockinbeerfest, RBF Festivals" <rbf@rbf.pmailuk.com>
To: rbf@My_Postinied_PN_Account.plus.com
Message-ID: <2067367.5162411201576280292.JavaMail.root@ptmail1.pt.local>
Subject: Cream of Hendrix & CRF 08 Dates Confirmed
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-CampaignID: patrontechnology-6700
X-CampaignEmailID: AeiSl-eNodyhNuq4ax3yB-q5b_w9
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S:97.97078/99.90000 CV:99.9000 R:95.9108 P:95.9108 M:81.4829 C:99.7951 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p M c
X-pstn-addresses: from <rbf@rbf.pmailuk.com> [20/1]
X-pn-pstn: Spam 1
X-Agent-Received: from PN POP My_Postinied_PN_Account (mail.plus.net); Tue, 29 Jan 2008 09:59:33 +0000
X-Agent-Junk-Probability: 0

I might be missing something obvious but I can't see why that's getting marked as spam even following the recent changes

Edit: moment of stupidity. I can see why now!

M:81.4829

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

godsell4 · ‎06-04-2007

Surely the S: value should take priority?
SW.

--
3Mb FTTC
https://portal.plus.net/my.html?action=data_transfer_speed

spraxyt · ‎06-04-2007

It is my understanding that native Postini uses triggering of the category filters to raise the effective threshold (the second parenthesised value in the settings line):

Quote
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p M c

The spam score is always compared with that effective threshold, not the base one.
When the base filter setting is 1 I believe category multipliers are 1 (i.e. ignored). However if PlusNet built in suitable multipliers for use when category filters are triggered, then compared the spam score with the multiplied threshold I think that would improve the accuracy of tagging.

David

driveconsultant · ‎03-08-2007

Since my account was migrated to Postini, the spam coming to my various addresses has reduced to a trickle, which is excellent. However, I am now seeing a lot more false positives than I have ever seen. I have put some of these headers through the Postini header interpreter thingy, but it doesn't explain to me why a particular message was classed as spam. As an example, one of my messages has category filter scores well into the 90s, but a spam score of 0.00180. There is no explanation of what perimeter manager is, but this seems to be responsible for the low spam score. I don't particularly want to know in great depth what is going on inside Postini, but I would like to understand why it is classing totally harmless messages as spam.
I know there is a thread about evidence of false positives, but I haven't seen much else about this. Can someone from PN who understands how the filtering works please give an explanation in terms somewhere in between layman and techie speak?

ChrisL · ‎13-12-2007

I think you will have to post the headers before anyone can comment on particular mails.
In general, it looks as though postini is very tough on bulk emails, such as newsletters and advertising circulars. They seem to want the senders of this stuff to be whitelisted to prove it isn't "unsolicited bulk email" (ie spam). Though actually, rather more of mine are now getting through unscathed.
The category filters have no effect on the spam score; if a category filter scores below 85.0, Plusnet will mark the mail as Spam 1 whatever the bulk-filter score, but I haven't seen many of these.
Hope this helps while you wait for a more definitive answer.

ChrisL · ‎13-12-2007

I'm with you on this, spraxyt.
Or Plusnet could use the category filters like they do now with X-pstn-neptune-rslt: qtine -- ie any category scoring less than 85.0 could raise Spam 2 - 5 up one or two levels, making the mail more likely to be tagged (but not certain to be).

mikeb · ‎10-06-2007

Totally brilliant this one. This is daily digest report from a reputable festival (i.e. music) website forum and not only has it been given a ridiculously low score on this particular occasion but it's also apparently top quality p0rN

so PN tagged it as spam !!! Any subsequent messages were presumably dumped/rejected as well just for good measure.
Well, I can assure you all that I've had a real good close look on the off chance that I've perhaps missed something *really* good in today's digest but unfortunately there are absolutely definitely no t*ts, b*ms, appendages various or anything even remotely smutty and entertaining to be seen anywhere in this TEXT ONLY message

Not really anything remotely smutty or otherwise that risque in the text either other than the usual innuendo that you get in general banter on a forum.
Mind you, someone did actually finish their post with "x" so that's obviously a big no-no then. I guess Mr.Postini must have noted the excessive use of overly red lipstick or something

I'm quite disappointed ~~that I didn't find anything remotely naughty~~ in Mr.Postini's definition of top quality p0rN !

Quote
Envelope-to: efests@My_Postinied_PN_Account.plus.com
Delivery-date: Tue, 29 Jan 2008 00:10:08 +0000
Received: from exprod5mx243.postini.com ([64.18.0.163] helo=psmtp.com)
by pih-sunmxcore14.plus.net with smtp (PlusNet MXCore v2.00) id 1JJe3D-00018r-2M
for efests@My_Postinied_PN_Account.plus.com; Tue, 29 Jan 2008 00:10:07 +0000
Received: from source ([194.116.175.220]) (using TLSv1) by exprod5mx243.postini.com ([64.18.4.11]) with SMTP;
Mon, 28 Jan 2008 16:10:04 PST
Received: (qmail 25262 invoked by uid 48); 29 Jan 2008 00:10:03 +0000
Message-ID: <20080129001003.25259.qmail@efestivals.co.uk>
To: efests@My_Postinied_PN_Account.plus.com
Subject: Your daily new topics digest ( Festival Forums )
MIME-Version: 1.0
Date: Tue, 29 Jan 2008 00:10:03 +0000
From: "Festival Forums" <forums@efestivals.co.uk>
X-Priority: 3
X-Mailer: IPB PHP Mailer
Content-type: text/plain; charset="iso-8859-1"
X-pstn-2strike: clear
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S: 1.45489/99.87965 CV:99.9000 R:95.9108 P: 0.0059 M:97.0282 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r P m c
X-pstn-addresses: from <forums@efestivals.co.uk> [20/1]
X-pn-pstn: Spam 1
X-Agent-Received: from PN POP My_Postinied_PN_Account (mail.plus.net); Tue, 29 Jan 2008 00:13:13 +0000
X-Agent-Junk-Probability: 0

B T Plusnet, a bit kinda like P T Barnum ...

... but quite often appears to feature more clowns

ChrisL · ‎13-12-2007

Nice one, Mike! With S: 1.45489 this would have got caught by any system of using category scores.
Makes you wonder what proportion of forum-type notices are actually pronographic though, eh?

mikeb · ‎10-06-2007

Maybe so ... but even if it was something a lil naughty, assuming that it's legal and not unsolicited then it's not really up to postini to act as censor or moral guardian is it ? What people choose to view or read (within reason of course and therefore within the law) is entirely their own business.
And I'm pretty p*ssed off that not only were they 110% wrong but they also potentially prevented me from receiving other messages as well because that one should have been rejected for whatever reason postini think was reasonable.

B T Plusnet, a bit kinda like P T Barnum ...

... but quite often appears to feature more clowns

ChrisL · ‎13-12-2007

Quote from: mikeb
it's not really up to postini to act as censor or moral guardian is it ? What people choose to view or read (within reason of course and therefore within the law) is entirely their own business.

To be fair, Postini do give users control over the category filters. Some employers are going to want to try and block anything naughty from people at work, etc.
It's a matter of balance, isn't it, between keeping us clean of spam and risking a few false-positives on the one hand, or tolerating a level of spam to avoid wrongly tagged mails on the other? I must say, they're now getting it about 100% right for me

Please post evidence of postini false positives here

Re: Please post evidence of postini false positives here

Re: Please post evidence of postini false positives here

Re: Please post evidence of postini false positives here

Re: Please post evidence of postini false positives here

Re: Please post evidence of postini false positives here

Re: Please post evidence of postini false positives here

Re: Please post evidence of postini false positives here

Re: Please post evidence of postini false positives here

Why so many false positives?

Re: Why so many false positives?

Re: Please post evidence of postini false positives here

Re: Please post evidence of postini false positives here

Re: Please post evidence of postini false positives here

Re: Please post evidence of postini false positives here

Re: Please post evidence of postini false positives here