cancel
Showing results for 
Search instead for 
Did you mean: 

Obvious Non Spam Swine Flu Health Advice Email Treated As Spam

Capvermell
Grafter
Posts: 417
Registered: 16-12-2007

Obvious Non Spam Swine Flu Health Advice Email Treated As Spam

The below email was put in to the Spam folder, even though it seems to be a blatantly legitimate email from a legitimate sender (Royal Pharmaceutical Society).
I'm not normally having any problems with any good email being classed as spam on this account, even though Edge Filtering (Block Blatant Spam) is set to On and Aggressiveness to 5.
Did they use a dodgy email house to bulk send the email?  Or is it to do with the number of emails they sent out at once from the same email address?
It seems a rather unfortunate email to be classed as spam, seeing as how it contains critical health advice about a possible pandemic.
The disagreement between the "enveope-from" and "x-sender" domains appears the most likely possible culprit?
I have now whitelisted the sending email address domain in Spam settings but I don't think I should really have needed to.
Quote
Return-path: <bo-EQ-YTN-9PADU-BYLXT@rpsgb.net>
Envelope-to: xxxxxx@xxxxxx.plus.com
Delivery-date: Wed, 29 Apr 2009 17:56:52 +0100
Received: from [212.159.7.39] (helo=mx.ptn-ipin04.plus.net)
     by pih-inmx01.plus.net with esmtp (PlusNet MXCore v2.00) id 1LzD5X-0004uN-AZ
     for .plus.com; Wed, 29 Apr 2009 17:56:51 +0100
Received-SPF: None identity=pra; client-ip=80.249.108.229;
     receiver=mx.ptn-ipin04.plus.net;
     envelope-from="bo-EQ-YTN-9PADU-BYLXT@rpsgb.net";
     x-sender="info@rpsgb.net";
     x-conformance=sidf_compatible
Received-SPF: Pass identity=mailfrom; client-ip=80.249.108.229;
     receiver=mx.ptn-ipin04.plus.net;
     envelope-from="bo-EQ-YTN-9PADU-BYLXT@rpsgb.net";
     x-sender="bo-EQ-YTN-9PADU-BYLXT@rpsgb.net";
     x-conformance=sidf_compatible
Received-SPF: None identity=helo; client-ip=80.249.108.229;
     receiver=mx.ptn-ipin04.plus.net;
     envelope-from="bo-EQ-YTN-9PADU-BYLXT@rpsgb.net";
     x-sender="postmaster@229.ncuk.mta.dotmailer.co.uk";

     x-conformance=sidf_compatible
Authentication-Results: mx.ptn-ipin04.plus.net; dkim=pass (signature verified) header.i=info@rpsgb.net
X-SBRS: 1.9
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AsHlADMk+ElQ+Wzld2dsb2JhbACCIjGBIZJ7AQwKCQkRLhsUuDYBBIItgUiFWQ
X-IPAS: Level5
X-IronPort-AV: E=McAfee;i="5300,2777,5600"; a="74850528"
X-IronPort-AV: E=Sophos;i="4.40,267,1238972400";
     d="scan'208,217";a="74850528"
Received: from 229.ncuk.mta.dotmailer.co.uk ([80.249.108.229])
     by mx.ptn-ipin04.plus.net with ESMTP; 29 Apr 2009 17:56:50 +0100
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dm-key1; d=rpsgb.net;
     h=From:ToCheesyate:Subject:MIME-Version:Content-Type:List-Unsubscribe:Reply-To:Message-ID; i=info@rpsgb.net;
     bh=GBLS6NjdDymygIspFg1BOFQhf6k=;
     b=zlFije8TkUwukbKt05VBDbuZcl6F56Wfr8+1p/Akhv69IISkVVysKZiYSAM3Fi6aapoTmfuz9e2Z
     V8JYywen9Q==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dm-key1; d=rpsgb.net;
     b=kflNhMGTRIpzN7z2W9ZANu4BytNzOFUwH6emTFSlnnPn9ZeNtBfNLRFgcdV1+NBbOet0mfPxoq6G
     EOz8FIPJPQ==;
Received: from droid1 (10.0.12.55) by 229.ncuk.mta.dotmailer.co.uk (PowerMTA(TM) v3.5r6) id hv23ce0k6rc8 for <xxxxxx@xxxxxx.plus.com>; Wed, 29 Apr 2009 17:56:39 +0100 (envelope-from <bo-EQ-YTN-9PADU-BYLXT@rpsgb.net>)
From: "Heidi Wright - RPSGB" <info@rpsgb.net>
To: "xxxxxx@xxxxxx.plus.com" <xxxxxx@xxxxxx.plus.com>
Date: Wed, 29 Apr 2009 17:56:49 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
     boundary="_=aspNetEmail=_0877e0cdf11b466cb491f624c221df8b"
X-Mailer: aspNetEmail ver 3.5.2.0
X-dmid: EQ-YTN-9PADU
List-Unsubscribe: <http://dmtrk2.net/EQ-YTN-E39PADU94/uns.aspx>
Bounces-to: bo-EQ-YTN-9PADU-BYLXT@rpsgb.net
Reply-To: "Heidi Wright - RPSGB" <re-EQ-YTN-9PADU-BYLXT@rpsgb.net>
Message-ID: <DROID1a55194433c1f40b6bf85c45d84ef1903@droid1>
X-pn-pstn: Spam 5
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject:    RPSGB information on swine influenza
From:    "Heidi Wright - RPSGB" <info@rpsgb.net>
Date:    Wed, April 29, 2009 17:56
To:    xxxxxx@xxxxxx.plus.com" <xxxxxx@xxxxxx.plus.com>
Priority:    Normal
Options:    View Full Header |  View Printable Version  | Download this as a file | Hide Images | Spam | Not Spam
Dear xxxxxxxxx,
Further to the concerns circulating about human swine influenza, please find below information for pharmacists from the Royal Pharmaceutical Society:
Current status
At present, the Society is keeping a watching brief on the situation.  It is important that individuals are advised to remain calm and understand we are not currently in a pandemic situation.
The World Health Organisation has a six-phased approach to pandemics.  Phases 1–3 correlate with preparedness, including capacity development and response planning activities, while Phases 4–6 signal the need for response and mitigation efforts.
The current phase of pandemic alert is 4, which is characterised by verified human-to-human transmission of an animal or human-animal influenza virus able to cause community-level outbreaks.
In a pandemic the supply of antivirals such as Tamiflu and Relenza is controlled very tightly and at present alert status (WHO 4) all supply is maintained by local Health Protection Units.  The purpose of this is to monitor all patients in order to identify a new trigger, outbreak or mutation of the organism and plot geographic occurrence and spread.
The location of local Health Protection Units can be found here.
If a patient presents with a prescription for an antiviral such as Tamiflu or Relenza, the patient should be referred back to their doctor.  There are very few supplies of these products in the wholesalers because it is not the normal influenza season.  However, the government has stockpiled large quantities of these products for treatment of cases of swine flu and the supply of this is controlled through the local Health Protection Units.
Should the need arise, pharmacists will receive further information and guidance as part of the Department of Health’s strategy to deal with an influenza pandemic.
Keeping up-to-date with information
The situation is evolving on a daily basis. Leaflets containing advice about the basic steps people can take to avoid infection will be sent to every household in the country over the next few days.
For the very latest updates, sources of accurate information for professionals and the public include:
• The Health Protection Agency
• The World Health Organisation
• The Department of Health
Symptoms and treatment:
The symptoms of swine influenza in people are similar to the symptoms of regular human seasonal influenza infection and include fever, fatigue, lack of appetite, coughing and sore throat. Some people with swine flu have also reported vomiting and diarrhoea. Individuals returning from affected areas who become unwell within seven days of their return should be advised to stay at home and contact their GP or NHS Direct for further advice.
Testing has shown that the human swine influenza H1N1virus can be treated with the antiviral drugs oseltamavir (Tamiflu) and zanamivir (Relenza).  The government has stockpiled these antivirals
Advice for the public:
Pharmacists should reiterate to worried patients that it is good practice to follow respiratory and hand hygiene advice such as:
• Covering your nose and mouth when coughing or sneezing, using a tissue when possible.
• Disposing of dirty tissues promptly and carefully.
• Maintaining good basic hygiene, for example washing hands frequently with soap and water to reduce the spread of the virus from your hands to face or to other people.
• Cleaning hard surfaces (eg. door handles) frequently using a normal cleaning product.
• Making sure children follow this advice.
Additional information
Most of the previously reported swine influenza cases recovered fully from the disease without requiring medical attention and without antiviral medicines.
It has been determined that this virus is contagious and it spreads between people, although it is not known how easily.  Swine influenza viruses are not transmitted by food.  There is no risk of catching the illness from eating properly handled and cooked pork or pork products.
Counterfeit issues
If the situation escalates, unscrupulous traders will likely take advantage of the public’s fears to sell counterfeit drugs over the internet.  In particular, people should be advised not to buy medicines from unknown sources or respond to spam e-mails offering to supply Tamiflu or Relenza.
Most of the drugs offered in this way turn out to be counterfeit and may contain anything from sugar to more dangerous substances that can cause serious risks to health.
The public should also be reminded that it is never a good idea to obtain a prescription-only medicine without a valid prescription.  The medicine may not be suitable for the individual and could result in unpleasant side-effects or serious health risks.

Heidi Wright
Head of Practice
9 REPLIES
Superuser
Superuser
Posts: 8,885
Thanks: 413
Fixes: 36
Registered: 06-04-2007

Re: Obvious Non Spam Swine Flu Health Advice Email Treated As Spam

The SenderBase reputation of the sending mail server is Good, so no problem there. The message is also DKIM signed and passes that check, though I think Plusnet have yet to implement use of this information.
The reason for it being scored as Spam seems to be the filters making the wrong call. I suggest you forward the message as an attachment to ham@access.ironport.com to help train those filters.
Edit: to correct mix-up between spam and virus-detection filters. Embarrassed
David
ChrisL
Grafter
Posts: 733
Thanks: 2
Registered: 13-12-2007

Re: Obvious Non Spam Swine Flu Health Advice Email Treated As Spam

If you take advantage of the highest level of spam protection, the quid pro quo will be a higher risk of mistakes like this being made.  A very good thing you kept a check on your spam folder in these circumstances!  A lesson to us all, I think?
Chris
Community Veteran
Posts: 19,098
Thanks: 432
Fixes: 21
Registered: 31-08-2007

Re: Obvious Non Spam Swine Flu Health Advice Email Treated As Spam

If your spam levels are sufficinetly low, why use the spam folder? Direct to Inbox.
How do the agressiveness settings relate to the SBRS?
ChrisL
Grafter
Posts: 733
Thanks: 2
Registered: 13-12-2007

Re: Obvious Non Spam Swine Flu Health Advice Email Treated As Spam

If you direct (identified) spam to Inbox, you then need two operations first to move it to Delete folder and then to purge it.  By directing spam to Delete in the first place, I can check the Delete folder for false positives before letting it purge itself. I don't use the Spam folder or quarantine, though I might -- to avoid downloading spam -- if I was getting significant amounts.
ChrisL
Grafter
Posts: 733
Thanks: 2
Registered: 13-12-2007

Re: Obvious Non Spam Swine Flu Health Advice Email Treated As Spam

Quote from: Anotherone
How do the agressiveness settings relate to the SBRS?

This wants an answer from someone more qualified, but AFAIK our aggressiveness settings only affect the spam filters AFTER the SenderBase Reputation Score has been added.  Anything failing the SBRS will be bounced whatever our settings in Manage My Mail.  (And in theory, I think, anything given a sufficiently high SBRS will sail through without further filtering.)
Community Veteran
Posts: 19,098
Thanks: 432
Fixes: 21
Registered: 31-08-2007

Re: Obvious Non Spam Swine Flu Health Advice Email Treated As Spam

Certainly if you Pop your mail, it is far more convenient to direct Spam to the Inbox if it's at low levels. You then don't have to login in to webmail to check anything (this is by the way what the majority of users do and most don't have a clue about Spam or how to set the filtering). The Delete folder gets cleared out periodically and I wouldn't want to have to remember that I must login by such and such to make sure I didn't have any false positives - which for me was a far bigger issue than the Spam.
Luckily, at the time of writing, I'm no longer getting false positives (as far as I know) and levels of spam are currently zero - which of course can change.
How IP processes mail with a specific SBRS is reasonably clearly stated. However, what isn't for example, is say the SBRS is say 0.6, and there are no other factors to identify the message as Spam, if the agressiveness is set to say 5, will it get tagged SPAM? Or another, if say the SBRS is -0.6, will setting the Agressiveness at a specific level or higher ensure the message is tagged as SPAM?
This may be spelled out somewhere and I've missed it! ..or forgotten Embarrassed
ChrisL
Grafter
Posts: 733
Thanks: 2
Registered: 13-12-2007

Re: Obvious Non Spam Swine Flu Health Advice Email Treated As Spam

Quote from: Anotherone
Certainly if you Pop your mail, it is far more convenient to direct Spam to the Inbox if it's at low levels. You then don't have to login in to webmail to check anything  [snip]

Yes -- I've been at cross-purposes! -- I agree with this, but also have [-SPAM-] tagged in the subject line. It's then an easy matter to get your email client to delete spam as it is downloaded, and this saves you having to delete it yourself.  Just check the Delete/Trash folder in your client for false-positives before allowing it to purge.
Chris
Community Veteran
Posts: 19,098
Thanks: 432
Fixes: 21
Registered: 31-08-2007

Re: Obvious Non Spam Swine Flu Health Advice Email Treated As Spam

Quote
....but also have [-SPAM-] tagged in the subject line
taken as read!
xpcomputers
Grafter
Posts: 460
Registered: 13-04-2007

Re: Obvious Non Spam Swine Flu Health Advice Email Treated As Spam

I think the problem here is that spammers always like to play on people's fears, and accordingly fake emails about Swine Flu currently abound! I would suspect that there are very small amounts of genuine email about swine flu compared to these fakes.
Therefore, currently, emails which include genuine info about swine flu are likely to have a higher percentage chance of being classified as spam because the content filters will scan the email and see a very "spammy" topic. I guess the closest equivalent would be a doctors email giving out advice to doctors about viagra etc. It would have a much higher chance of being incorrectly marked as spam than one from the same source, about ingrowing toenails (for example)!
Now that doesn't make the false positive right, or explain it away, but since you are set to level 5, you will have more chance of getting false positives than someone who has the default of level 2 set.. (or the lowest setting of 1).
If you send your email to the ham address above, then the filters will hopefully get trained to see the difference between genuine swine flu emails, and spam ones, but unfortunately it might take a while.
Hope this helps.
Mike