Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validation emails are being spamcanned again #2547

Closed
ara4n opened this issue Nov 5, 2016 · 18 comments
Closed

Validation emails are being spamcanned again #2547

ara4n opened this issue Nov 5, 2016 · 18 comments
Assignees
Labels
A-Registration P1 S-Critical Prevents work, causes data loss and/or has no workaround T-Defect X-Regression
Milestone

Comments

@ara4n
Copy link
Member

ara4n commented Nov 5, 2016

We seem to have reintroduced the "HTML_IMAGE_ONLY_28" rule again, presumably when rebranding for Riot :(

X-Spam-Report: 
        *  3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
        *      [score: 1.0000]
        * -0.0 SPF_PASS SPF: sender matches SPF record
        *  0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
        *      [score: 1.0000]
        *  1.4 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words
        *  0.0 HTML_MESSAGE BODY: HTML included in message
        *  1.1 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
        * -0.4 AWL AWL: Adjusted score from AWL reputation of From: address
@ara4n ara4n added T-Defect S-Critical Prevents work, causes data loss and/or has no workaround I18n P1 A-Registration and removed I18n S-Critical Prevents work, causes data loss and/or has no workaround labels Nov 5, 2016
@ara4n
Copy link
Member Author

ara4n commented Dec 24, 2016

this is still true on arasphere:

X-Spam-Report: 
    *  3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
    *      [score: 1.0000]
    *  0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
    *       See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
    *      for more information.
    *      [URIs: vector.im]
    * -0.0 SPF_PASS SPF: sender matches SPF record
    *  0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
    *      [score: 1.0000]
    *  1.4 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words
    *  0.0 HTML_MESSAGE BODY: HTML included in message
    *  1.1 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
    *  0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
    * -0.3 AWL AWL: Adjusted score from AWL reputation of From: address

@lukebarnard1
Copy link
Contributor

lukebarnard1 commented Mar 31, 2017

According to http://serverfault.com/a/174022, the email needs to have more text in it! This could be quite simple to fix. We just have to decide what text to put in it. FTR the text at the moment reads:

Hello,

We have received a request to register this email address on riot.im. If this
was you who made this request, you may use the following link to complete 
the verification of your email address:

Complete email verification

Please note that Riot requires Chrome, Firefox or Safari on the web, or iOS 
or Android on mobile.

If you aren't aware of making such a request, please disregard this email.

thanks,

Riot

2400-2800 bytes of words refers to the HTML content I think, which is ~ 2500 bytes (and bizarrely not the actual textual content).

@ara4n
Copy link
Member Author

ara4n commented Mar 31, 2017

@lampholder can you bulk out the verbiage a bit please? they live in https://github.com/matrix-org/sydent/tree/master/res and Dave can deploy when done (or show you how)

@ara4n ara4n assigned lampholder and unassigned ara4n Mar 31, 2017
@lampholder
Copy link
Member

Heh, did we trigger this by removing the (broken) reference to the IP address?

/me takes a crack at the wording.

@ara4n
Copy link
Member Author

ara4n commented Mar 31, 2017

it was a problem before, but it probably got exacerbated by removing the IP address. Worst case, just chuck a more detailed "You're receiving this because..." section at the bottom.

@lampholder
Copy link
Member

I've bulked it out significantly by borrowing some of the blurb from riot.im:

https://github.com/matrix-org/sydent/tree/registration_wording_change

@ara4n / @AmandineLP would you like to review the content? I conflated bulking out the word count with addressing a pet peeve about the email's somewhat robotic tone, because I'm a nuisance.

/me intends to fix up the matrix version of the file too after verifying that this change does indeed do the needful.

@lampholder
Copy link
Member

Our SpamAssassin score is now 0.0/5 (according to https://spamscorechecker.com/check anyway)

@lampholder
Copy link
Member

We're still triggering HTML_IMAGE_ONLY_20 on the matrix validation token email.

@lampholder
Copy link
Member

That's now fixed too.

@ara4n
Copy link
Member Author

ara4n commented Apr 1, 2017

this looks good but is there a reason we don't think that invite mails won't be suffering the same problem too?

@ara4n ara4n reopened this Apr 1, 2017
@lampholder
Copy link
Member

We haven't changed invite emails recently AFAIK.

...but a quick check reveals they're every bit as bad:

* 1.6 HTML_IMAGE_ONLY_24 BODY:HTML: images with 2000-2400 bytes of words.

@lampholder
Copy link
Member

Are there any other categories of email we send? Notification emails might be affected too?

@lampholder lampholder added this to the RW002 milestone Apr 3, 2017
slipeer added a commit to slipeer/sydent that referenced this issue Apr 10, 2017
* Change README examples from camelcase to underscore because e39348e

* Change README example from tokenId to sid because 056a3e9

* Change README sid example from int to string because ea73b0a

* Remove IP address from verification emails

because its wrong, since requests are now proxied through the HS

* Fix README examples to be JSON

Rather than deprecated x-form-www-urlencoded

* Proposed wording change - vastly more words to fix element-hq/element-web#2547

* A few very minor punctuation/wording tweaks

* Adding some more words to the matrix registration email template, too.
@lampholder
Copy link
Member

I can confirm that I have not received notification emails (though my email setup is now... complicated so it's not super obvious where it might be being canned).

@ara4n
Copy link
Member Author

ara4n commented Apr 21, 2017

as a first cut please let's fix invite emails? they may not have been changed, but they were borderline problematic in the first place...

@lampholder
Copy link
Member

More words here: matrix-org/sydent#44

@lampholder
Copy link
Member

Cool; changes merged for invites - I'll test against the spamwhatsit when they've been pushed live (which won't happen last thing on a Friday)

@ara4n
Copy link
Member Author

ara4n commented Apr 22, 2017

just to confirm, invites are indeed failing right now, with:

X-Spam-Status: Yes, score=6.0 required=5.0 tests=AWL,BAYES_99,BAYES_999,
    HTML_IMAGE_ONLY_28,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,URIBL_BLOCKED autolearn=no
    autolearn_force=no version=3.4.1
X-Spam-Report: 
    *  0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
    *       See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
    *      for more information.
    *      [URIs: matrix.org]
    * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
    *      trust
    *      [83.166.64.11 listed in list.dnswl.org]
    *  3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
    *      [score: 1.0000]
    *  1.4 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words
    *  0.0 HTML_MESSAGE BODY: HTML included in message
    *  0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
    *      [score: 1.0000]
    *  0.9 AWL AWL: Adjusted score from AWL reputation of From: address

dbkr added a commit to matrix-org/sydent that referenced this issue Apr 24, 2017
Longer invite emails bulked out with the same Riot/Matrix text to fix element-hq/element-web#2547
@lampholder
Copy link
Member

spamscoreschecker.com is down, but I can verify that invite emails are now coming through to gmail successfully (from both riot and matrix).

bmarty added a commit to element-hq/element-android that referenced this issue May 4, 2021
bmarty added a commit to element-hq/element-android that referenced this issue May 5, 2021
bmarty added a commit to element-hq/element-android that referenced this issue Jun 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-Registration P1 S-Critical Prevents work, causes data loss and/or has no workaround T-Defect X-Regression
Projects
None yet
Development

No branches or pull requests

3 participants