[LINK] RFI: messagelabs.com
Scott Howard
scott at doc.net.au
Sat Jun 20 13:56:28 AEST 2020
Messagelabs is a cloud-based mail filtering (ie, anti-spam/etc) company.
About 10-15 years ago they were the largest player in this space, although
they have dropped off a lot since. They were acquired by Symantec in 2008,
and Symantec was subsequently acquired by Broadcom last year.
Having said that, your beef is not with MessageLabs as such. Messagelabs
allows companies to configure filters for mail, including keyword based
filtering lists. These can be used for outgoing email (eg, block anything
containing the term "company confidential"), or, as you've discovered,
inbound email.
"SVHA" (which appears to be St Vincent's Health Australia) seems to have
such a filter configured. So blame them, not Messagelabs.
(I spent many years working for 3 of Messagelabs largest competitors in
this space - all of which had equivalent functionality, and could be
equally stupid if poorly configured as has been done here)
Scott
On Fri, Jun 19, 2020 at 4:54 AM Roger Clarke <Roger.Clarke at xamax.com.au>
wrote:
> This one stopped me in my tracks - which takes some doing given the time
> I've spent in this parish.
>
> Below is the "alert notification" I received, then the context that gave
> rise to it, and then the message incl. headers.
>
> Have we really reached the point that we have to use GPG to avoid having
> our messages intercepted by puritanical bots?
>
> Can anyone throw any light on the (Bible Belt, USA?) corporation that
> provides the service that delivered this inanity?
>
>
> -------- Forwarded Message --------
> Subject: Possible Profanity Detected
> Date: 19 Jun 2020 10:40:17 -0000
> From: alert at notification.messagelabs.com
> To: Roger.Clarke at xamax.com.au
>
> The following word(s) in your email with subject "Re: A Bird With No
> Name!!! or When is a chough not a chough?" have been detected as
>
> possible profanity; bastard
>
> [ The puncterroneous ';' instead of ':' is in the original.]
>
> This may be our email filtering system misinterpreting some words within
> your email, however, please review the content of your email to ensure
> it complies with the SVHA Acceptable Use Policy, available on the Intranet.
>
> [ St Vincents Health Australia was the domain of one of the recipients.]
>
> You are reminded that swearing or other objectionable content is forbidden.
>
> [ Ah, 'forbidden'. Now *there's* an Old Testament word (St James
> version) that you don't see very often these days.]
>
> Your original email has not been modified or impacted, and will have
> been delivered to it’s intended recipient.
>
> [ And the apostrophe imp is at it again as well.]
>
> This possible breach of Acceptable Use has been logged
>
> [ Instead of the person who implemented this nonsense, who should have
> been.]
>
> For any questions, please contact the SVHA IT Helpdesk.
>
> ___________________________________
>
> It's not particularly relevant, but, for the record, the context was:
>
> > I don't deny climate in the least.
> > I merely object when it intrudes unduly into my affairs.
> > Also when it changes more rapidly than can be coped with by a
> self-respecting once-modestly-left and increasingly-modestly-right,
> and therefore immodestly-limping, old bastard.
>
> (The even broader context was a somewhat Montypythonesque conversation
> about white-winged choughs in the burnt-out area NW of Mittagong. But I
> digress).
>
> ___________________________________
>
> From - Fri Jun 19 20:44:39 2020
> X-Account-Key: account3
> X-UIDL: UID73705-1534144771
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> X-Mozilla-Keys:
>
> Return-Path: <alert at notification.messagelabs.com>
> Delivered-To: Roger.Clarke at xamax.com.au
> Received: from s221.syd2.hostingplatform.net.au
> by s221.syd2.hostingplatform.net.au with LMTP
> id 4CAsAD+W7F6msAYAnwW8sQ
> (envelope-from <alert at notification.messagelabs.com>)
> for <Roger.Clarke at xamax.com.au>; Fri, 19 Jun 2020 20:41:03 +1000
> Return-path: <alert at notification.messagelabs.com>
> Envelope-to: Roger.Clarke at xamax.com.au
> Delivery-date: Fri, 19 Jun 2020 20:41:03 +1000
> Received: from mail2.bemta24.messagelabs.com ([67.219.250.13]:24712)
> by s221.syd2.hostingplatform.net.au with esmtp (Exim 4.93)
> (envelope-from <alert at notification.messagelabs.com>)
> id 1jmESC-001qaK-Fd
> for Roger.Clarke at xamax.com.au; Fri, 19 Jun 2020 20:41:02 +1000
> Received: from [100.112.128.109] (using TLSv1.2 with cipher
> DHE-RSA-AES256-GCM-SHA384 (256 bits))
> by server-5.bemta.az-a.us-west-2.aws.symcld.net id
> FE/15-28811-2169CEE5; Fri, 19 Jun 2020 10:40:18 +0000
> X-Env-Sender: alert at notification.messagelabs.com
> X-StarScan-Received:
> X-StarScan-Version: 9.50.2; banners=-,-,-
> X-VirusChecked: Checked
> Received: (qmail 30471 invoked by uid 1004); 19 Jun 2020 10:40:17 -0000
> Date: 19 Jun 2020 10:40:17 -0000
> Message-ID: <20200619104017.30470.qmail at server-7.tower-324.messagelabs.com
> >
> To: Roger.Clarke at xamax.com.au
> MIME-Version: 1.0
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
> X-Mailer: StarScan
> From: alert at notification.messagelabs.com
> Subject: Possible Profanity Detected
> X-Spam-Status: No, score=1.8
> X-Spam-Score: 18
> X-Spam-Bar: +
> X-Ham-Report: Spam detection software, running on the system
> "s221.syd2.hostingplatform.net.au",
> has NOT identified this incoming email as spam. The original
> message has been attached to this so you can view it or label
> similar future email. If you have any questions, see
> root\@localhost for details.
> Content preview: The following word(s) in your email with subject "Re:
> A Bird
> With No Name!!! or When is a chough not a chough?" have been detected
> as
> possible profanity; bastard This may be our email filtering system [...]
> Content analysis details: (1.8 points, 5.0 required)
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
> [score: 0.4998]
> -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
> -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
> no trust
> [67.219.250.13 listed in list.dnswl.org]
> -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
> [67.219.250.13 listed in wl.mailspike.net]
> 1.0 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any
> anti-forgery methods
> X-Spam-Flag: NO
>
> The following word(s) in your email with subject "Re: A Bird With No Name!=
> !! or When is a chough not a chough?" have been detected as possible profa=
> nity; bastard
> This may be our email filtering system misinterpreting some words within y=
> our email, however, please review the content of your email to ensure it =
> complies with the SVHA Acceptable Use Policy, available on the Intranet.
>
> You are reminded that swearing or other objectionable content is forbidden=
> .
>
> Your original email has not been modified or impacted, and will have been =
> delivered to it=E2=80=99s intended recipient.
>
> This possible breach of Acceptable Use has been logged
>
> For any questions, please contact the SVHA IT Helpdesk.
>
>
> --
> Roger Clarke mailto:Roger.Clarke at xamax.com.au
> T: +61 2 6288 6916 http://www.xamax.com.au http://www.rogerclarke.com
>
> Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
>
> Visiting Professor in the Faculty of Law University of N.S.W.
> Visiting Professor in Computer Science Australian National University
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>
More information about the Link
mailing list