Solved

what do the codes in message headers for SPAM hits mean?

Posted on 2011-03-10
3
1,392 Views
Last Modified: 2012-06-22
We are runnign Exchange SErver 2003, SP2 and F-Secure for Exchange Server with SPAM protection in use.  Most things work OK, but I would like to know how to determine what causes a piece of email to be flagged as spam from the information in the message header.  I don't know what all the codes mean.  Some messages, that look harmless, end up in the SPAM mailbox, where i have to hunt for them and forward them manually.  I could white list the sender, but why is it flagged in the first place? Maybe I could tweak f-secure or Exchange if i understood the codes.

Here is a sample:
Message-Id: <8CDAB2638D0DC26-1E60-1F238@webmail-m034.sysops.aol.com>
X-AOL-VSS-CODE: clean
X-AOL-VSS-INFO: 5400.1158/0
X-Spam-Flag: YES
X-AOL-SENDER: xxxxx@aol.com
Return-Path: xxxxxx@aol.com
X-OriginalArrivalTime: 07 Mar 2011 21:32:37.0779 (UTC) FILETIME=[2E186630:01CBDD0F]
X-MS-Exchange-Organization-SCL: 7
X-Spam-Status: YES, hits=7 required=5, ct-refid=[str=0001.0A3D0202.4D754EF6.0077,ss=1,vtr=str,vl=0,fgs=0], tests=CTENGINE_UNKNOWN,DNS_AVAILABLE,FIRST_UNTRUSTED_MANY_NO_RDNS,FIRST_UNTRUSTED_NO_RDNS,FROM_LOCAL_NOVOWEL,FS_INVALID_HELO,FS_UNTRUSTED_5,HTML_MESSAGE,RDNS_NONE,FS_CLASS_SPAM_7
0
Comment
Question by:quaybj
  • 2
3 Comments
 
LVL 14

Accepted Solution

by:
Ehab Salem earned 500 total points
ID: 35120819
I am assuming that 'tests' are the test performed by the antispam filter, and some values there are related to spam detection techniques:
tests=CTENGINE_UNKNOWN,DNS_AVAILABLE,FIRST_UNTRUSTED_MANY_NO_RDNS,FIRST_UNTRUSTED_NO_RDNS,FROM_LOCAL_NOVOWEL,FS_INVALID_HELO,FS_UNTRUSTED_5,HTML_MESSAGE,RDNS_NONE,FS_CLASS_SPAM_7
- CTENGINE is a bulk mail detector technique
- NO_RDNS means reverse DNS not found, which is an indication of spam (not always)
- Invalid HELO is a spam indication as well
- Sender IP has an untrsuted level of 5.

I repeat: these are assumptions from reading the header you provided.
0
 

Author Comment

by:quaybj
ID: 35137415
Thanks for your answers, i am looking into these to see if i can make an adjustment on our end (don't think so).
0
 

Author Closing Comment

by:quaybj
ID: 35160853
the solution being partial was my fault, i should have asked what to do with the answers!
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question