Security & Compliance System Administration

Anti-spam measurements are working?

It has been a while, but it appears challenge-response spam filtering is back and now even more stupid.

If yes, it got caught as unsolicited email by our spam blocker. You can release the mail from spam quarantine by simply replying to this message. At the same time the spam blocker will recognize you as a trusted sender (from this email address) and automatically add you to my Allow list for this and any future communication.

Many illegal spammers forge email addresses to try to get past spam blocking software. These spammers send hundreds of millions of spam messages a day, clogging email servers and wasting people’s time. We regret that these spammers have forced us to send this message to you.

But why stupid? First of all no relevant data at all, only a source and target email address and a company URL where you should be able to find how to clear it. Wasn’t able to find anything btw. When matching the timestamps it appears to be related to a posting I did on a mailing list, a double opt-in mailing list. And RFC 5230, section 4.6 has some nice hints for vacation responders that may also apply to these kinds of spam filters. Also, my email domain has a closed SPF-record in DNS, meaning you can identify if I’m really the sender. Which will not be the case as a mailing list has a different return-path header. Another indicator that the software isn’t using the right data from the headers.

Looking at the headers from their response it appears they know how to set an SPF record for their own domain, but validating incoming no. Also, their software forgot to add a Date-field to the mail headers. For now, I fed this e-mail from to the Bayesian filter and if it keeps coming back it will get its own line in my blacklist for SpamAssassin.