Please post evidence of postini false positives here
Yet another one due to the recent PN changes 
Quote Envelope-to: TM@My_Postinied_PN_account.plus.com
Delivery-date: Thu, 31 Jan 2008 16:01:38 +0000
Received: from exprod5mx249.postini.com ([64.18.0.169] helo=psmtp.com)
by pih-sunmxcore13.plus.net with smtp (PlusNet MXCore v2.00) id 1JKbr6-0006XT-Ck
for TM@My_Postinied_PN_account.plus.com; Thu, 31 Jan 2008 16:01:38 +0000
Received: from source ([209.104.37.27]) by exprod5mx249.postini.com ([64.18.4.11]) with SMTP;
Thu, 31 Jan 2008 10:01:33 CST
Date: 31 Jan 2008 08:01:10 -0800
Message-Id: <8556-1201795270217555-860166674158915@reply.ticketmaster.com>
Reply-to: Ticketmaster <ticketalert@mailservices.ticketmaster.co.uk>
From: Ticketmaster <ticketalert@mailservices.ticketmaster.co.uk>
To: TM@My_Postinied_PN_account.plus.com
Subject: Check out this week's hot tickets and special offers
MIME-Version: 1.0
X-NTF-MIME: BOTH
X-NTF-cell_id: 204804_5
X-NTF-unique_key: 94027670
Content-Type: multipart/alternative; boundary="_8556_1201795270217555_860166674158915_reply_ticketmaster_com__2"
X-pstn-neptune: 7/6/0.86/89
X-pstn-levels: (S: 3.65022/99.90000 CV:99.9000 R:95.9108 P:95.9108 M:79.5359 C:86.0174 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p M c
X-pstn-addresses: from <ticketalert@mailservices.ticketmaster.co.uk> [20/1]
X-pn-pstn: Spam 1
X-Agent-Received: from PN POP My_Postinied_PN_account (mail.plus.net); Thu, 31 Jan 2008 20:05:53 +0000
X-Agent-Junk-Probability: 0
... and another one due to a ridiculously low spam score, also with a history of messages not being delivered at all to my postinied A/C but being freely delivered to my non-postini A/C
Quote Envelope-to: argos@My_Postinied_PN_account.plus.com
Delivery-date: Thu, 31 Jan 2008 18:13:12 +0000
Received: from exprod5mx233.postini.com ([64.18.0.119] helo=psmtp.com)
by pih-sunmxcore11.plus.net with smtp (PlusNet MXCore v2.00) id 1JKduR-00078F-OT
for argos@My_Postinied_PN_account.plus.com; Thu, 31 Jan 2008 18:13:12 +0000
Received: from source ([195.140.186.55]) by exprod5mx233.postini.com ([64.18.4.11]) with SMTP;
Thu, 31 Jan 2008 12:13:09 CST
Received: from app14.muc.ec-messenger.com (app14.muc.ec-messenger.com [172.16.8.44])
by mta24.muc.ec-messenger.com (READY) with ESMTP id 86F434C55FA
for <argos@My_Postinied_PN_account.plus.com>; Thu, 31 Jan 2008 19:13:08 +0100 (CET)
Date: Thu, 31 Jan 2008 19:13:08 +0100 (CET)
From: Argos <argos@email-argos.co.uk>
Reply-To: Argos <smartlve@argos.co.uk>
To: argos@My_Postinied_PN_account.plus.com
Message-ID: <19867822.1201803188550.ecMessenger@email-argos.co.uk>
Subject: Exclusive competition from The Gos
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_23008922_6546126.1201803188539"
X-eC-messenger-mid: 700043775
X-eC-messenger-cid: 7081
X-eC-messenger-sender-domain: bounce.email-argos.co.uk
X-eC-messenger-IP: 9/DEFAULT
X-eC-messenger-email: argos@My_Postinied_PN_account.plus.com
X-pstn-levels: (S: 0.00000/97.04963 CV:99.9000 R:95.9108 P:95.9108 M:95.5423 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m c
X-pstn-addresses: from <argos@email-argos.co.uk> [20/1]
X-pn-pstn: Spam 1
X-Agent-Received: from PN POP My_Postinied_PN_account (mail.plus.net); Thu, 31 Jan 2008 20:05:54 +0000
X-Agent-Junk-Probability: 0
... and just for good measure, here's yet another one due to the recent PN changes
Quote Envelope-to: tandm@My_Postinied_PN_account.plus.com
Delivery-date: Thu, 31 Jan 2008 11:03:30 +0000
Received: from exprod5mx233.postini.com ([64.18.0.119] helo=psmtp.com)
by pih-sunmxcore19.plus.net with smtp (PlusNet MXCore v2.00) id 1JKXCb-00064Z-Qd
for tandm@My_Postinied_PN_account.plus.com; Thu, 31 Jan 2008 11:03:30 +0000
Received: from source ([195.140.185.225]) by exprod5mx233.postini.com ([64.18.4.11]) with SMTP;
Thu, 31 Jan 2008 03:03:27 PST
Received: from app06.muc.ec-messenger.com (app06.muc.ec-messenger.com [172.16.8.36])
by aps56.muc.ec-messenger.com (READY) with ESMTP id E1ED92AA20
for <tandm@My_Postinied_PN_account.plus.com>; Thu, 31 Jan 2008 12:02:15 +0100 (CET)
Date: Thu, 31 Jan 2008 12:02:15 +0100 (CET)
From: Thompson & Morgan <tm-newsletter@thompson-morgan.com>
Reply-To: Thompson & Morgan <ccare@thompson-morgan.com>
To: tandm@My_Postinied_PN_account.plus.com
Message-ID: <32125931.1201777335921.ecMessenger@newsletter.thompson-morgan.com>
Subject: Complimentary Sarpo Potatoes with selected orders
MIME-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-eC-messenger-mid: 400132333
X-eC-messenger-cid: 527
X-eC-messenger-sender-domain: bounce.newsletter.thompson-morgan.com
X-eC-messenger-email: tandm@My_Postinied_PN_account.plus.com
X-pstn-neptune: 52/32/0.62/67
X-pstn-levels: (S: 1.27853/99.86715 CV:99.9000 R:95.9108 P:95.9108 M:97.0282 C:60.2565 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m C
X-pstn-addresses: from <tm-newsletter@thompson-morgan.com> [20/1]
X-pn-pstn: Spam 1
X-Agent-Received: from PN POP My_Postinied_PN_account (mail.plus.net); Thu, 31 Jan 2008 20:05:30 +0000
X-Agent-Junk-Probability: 0
I have 10 genuine emails that have been put into spam, should i post all 10 headers 
thanks
thanks
Quote from: terminal netreg, from bobs earlier message ...
Quote from: Bob Just to reiterate what I said up there folks ^^^
It makes it a lot easier for us to collate, analyse and report these false positives if they're sent as attachments to notspam@spamtraining.plus.com.
A few of you are doing this but the more we get the better!
forwarding as attachments to the notspam address should be sufficient.
This forum seems to be for people to vent their frustration at the way postini / plusnet seem incapable of recognising certain emails as not being spams (lost count of the number of false positives I've had this week, in excess of 50)
understood, sent 10 yesterday and another 4 today
thanks for the clarification.
Will forwarding false positives to spam @ spamtraining.plus.net do any good?
When a considerable number are because Plusnet are misinterpreting the Postini headers Plusnet cannot forward them automatically to Postini as they will be ridiculed.
They know that they have made a complete foul-up of the tagging as Spam 1,2 etc (or if they don't they haven't been paying any attention to these forums).
Given the minuscule proportion of the emails forwarded for DSPAM training that were actually used I suspect this is just a publicity stunt just to kid us that something is being done.
When a considerable number are because Plusnet are misinterpreting the Postini headers Plusnet cannot forward them automatically to Postini as they will be ridiculed.
They know that they have made a complete foul-up of the tagging as Spam 1,2 etc (or if they don't they haven't been paying any attention to these forums).
Given the minuscule proportion of the emails forwarded for DSPAM training that were actually used I suspect this is just a publicity stunt just to kid us that something is being done.
My experience. I run ZoneLabs Security Suite which has anti-spam & anti-phishing. I have had an occasional false positive - eBay, Play.com - but, the important bit, no false negatives. The spams/phishing mails get put into separate files by Zone Labs so I've no way of telling whether your system is responsible for sorting or not. Doesn't matter as the result is what matters and that is excellent. Recommend ZoneLabs security anytime; certainly between it and Postini spam is rare
cp:blue Errant smiley sorted mod:end
cp:blue Errant smiley sorted mod:end
Has PN started any whitelisting yet based on message sent to notspam ?
So far, the response from PN on this seems inert.
SW.
why the lowscore From PN to PN
Quote Envelope-to: sue@xxxxxxx.me.uk
Delivery-date: Mon, 04 Feb 2008 07:45:38 +0000
Received: from exprod5mx225.postini.com ([64.18.0.84] helo=psmtp.com)
by pih-sunmxcore10.plus.net with smtp (PlusNet MXCore v2.00) id 1JLw1I-0002f9-EQ
for sue@xxxxxxx.me.uk; Mon, 04 Feb 2008 07:45:37 +0000
Received: from source ([212.159.14.212]) (using TLSv1) by exprod5mx225.postini.com ([64.18.4.10]) with SMTP;
Mon, 04 Feb 2008 02:45:31 EST
Received: from [87.112.6.95] (helo=oemcomputer)
by ptb-relay01.plus.net with smtp (Exim) id 1JLw1B-00057i-Gn
for sue@xxxxxx.me.uk; Mon, 04 Feb 2008 07:45:30 +0000
Message-ID: <001501c86701$e441b9c0$0501a8c0@home>
From: "Sue" <Sue@xxxxxxxx.idps.co.uk>
To: <sue@xxxxxxxx.me.uk>
Subject: [-SPAM-] Fw: It's Time To Celebrate Chinese New Year
Date: Mon, 4 Feb 2008 07:45:11 -0000
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1409
Disposition-Notification-To: "Sue" <Sue@xxxxxxx.idps.co.uk>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
X-Plusnet-Relay: a277393bfe392d1c88de25e878ebded7
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S: 0.04054/98.76080 CV:99.9000 R:95.9108 P:95.9108 M:97.0282 C:51.8443 )
X-pstn-settings: 1 (0.1500:0.1500) cv gt3 gt2 gt1 r p m C
X-pstn-addresses: from <Sue@xxxxxxxx.idps.co.uk> [17/1]
X-pn-pstn: Spam 1
X-PN-Spam-Filtered: by PlusNet MXCore (v4.00)
X-Antivirus: AVG for E-mail 7.5.516 [269.19.19/1257]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=======AVGMAIL-47A6CF8A5043======="
--=======AVGMAIL-47A6CF8A5043=======
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0012_01C86701.DF2DAD40"
------=_NextPart_000_0012_01C86701.DF2DAD40
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
WeightWatchers.CO.UK
To ensure Weight Watchers emails make it to your inbox, add =
weightwatchers@info.weightwatchers.co.uk to your address book.
Quote from: jelv Given the minuscule proportion of the emails forwarded for DSPAM training that were actually used I suspect this is just a publicity stunt just to kid us that something is being done.
Jelv, it is not a publicity stunt. instead it gives us a very good indication as to how well the current implementation is working. The forwarded emails will help us refine our own detection algorithms as well as Postini theirs.
Quote from: godsell4 Has PN started any whitelisting yet based on message sent to notspam ?
So far, the response from PN on this seems inert.
No. No global white-listing has been enforced based on the forwarded emails. Neither am I sure that doing this would be to everyone's liking.
Quote from: pierre_pierre why the lowscore From PN to PN
pierre_pierre, AFAIK this shouldn't be happening. We made some changes last week that should pass all PN > PN email passing through our relays as good.
Quote from: terminal well that was a week ago, still no sign of those buttons being updated. Any guess when this might be done?
The changes were supposed to be made last week but our QA guys weren't happy with them going out on a Friday. Should hopefully be done today all being well. Apologies for the confusion.
Guys, this thread isn't being ignored and the category filtering is definitely something that needs revisiting. Things like this shouldn't be happening and we've opened a problem to re-evaluate the heurisitcs (Ref: 49866)!
Bob,
Can I repeat a suggestion I made a while back. When you get the default settings right please make that SPAM 3 and make (by default) SPAM 1, 2 & 3 get tagged etc. That then gives room for two more lenient levels below - SPAM 1 could be S: 0.00000 only. The current SPAM 3, 4 and 5 are so strict they are worthless - to use them people would have to whitelist a colossal amount of addresses.
Can I repeat a suggestion I made a while back. When you get the default settings right please make that SPAM 3 and make (by default) SPAM 1, 2 & 3 get tagged etc. That then gives room for two more lenient levels below - SPAM 1 could be S: 0.00000 only. The current SPAM 3, 4 and 5 are so strict they are worthless - to use them people would have to whitelist a colossal amount of addresses.