Description
We found that all emails from a fintech company were triggering SpamAssassin's URIBL_BLACK. We reviewed the email content and checked every single URI, but none were listed at https://uribl.com
Upon further investigation, we found that references to an "undefined" URL in their email code were causing the false-positives by triggering URIBL_BLACK for undefined.com, which at the time of our investigation was blacklisted at https://uribl.com . Here's the exact code causing the false positive:
Here's the URIBL_BLACK rule being triggered:
We've contacted URIBL and they've suggested that our scanner software has to be appending a .COM to host parts that don't have a TLD. To mitigate this issue, they have delisted undefined.com in the meantime, so it may no longer be possible to reproduce this issue exactly.
We have reported this issue to ConfigServer (because we're using MailScanner Front-End), but they believe it could be related to MailScanner, reason why I'm reporting this as a possible bug here.
To Reproduce
Steps to reproduce the behavior:
- Send an email with a static element that links to
http:undefined. - Check the MailScanner SpamCheck header if
URIBL_BLACKwas triggered.
Note: Since URIBL have delisted undefined.com from their database, this issue will no longer be reproduceable for undefined. A different word of which .COM domain is blacklisted would be necessary. Maybe one from this page? https://uribl.com/gold.shtml
We're not 100% sure if this issue is related to MailScanner, but it was the last possible point of failure in our investigation.
Thank you for your attention.