never legit

[lian]

Hello, I receive two newsletter I cannot put as legit. Each time, they show as "new" sender. See attachment.

[mjs]

Do the following:

Check this box to avoid this message next time

If this is not your problem (WOT message) then to help better understand the issue you are having please post a screenshot of your problem using the following instructions How to take a screenshot & attach/insert it into your post.

[Jeff]

(note: lakrsrool replied while I was typing this; I did not get the impression that this was related to WOT, but I could be wrong)

I'm not sure what you mean that it shows as a "new" sender each time -- do you mean that the actual newsletter is sending from a different email address or simply that POP Peeper is not recognizing it as legit?

Have you marked previous messages from this newsletter as legit?

Assuming that the sender's email address does not actually change each time (which would be very unusual) have you confirmed that the sender is in your white list? There's a couple of ways to do this, but there's one way that will provide additional information which will be helpful:

Perform the following so that we can see exactly what's going on:
- Right-click on the most recent message from this newsletter and select AntiJunk -> Show evaluation
- Copy the text from the window and paste it in your reply. If there are any email addresses listed, please edit the text to hide the email address (e.g. change 'jsmith@example.com' to '@example.com')

[lian]

Score: 31.5

White List: score: -1.5
-@wanadoo.fr: (-1.5)

URI BlackList: score: 34
multi.uribl.com: (34) (mjt.lu (4))

Bayesian: score: -1 0% (conf: 1250 / 1521 = 82.18%)

It's always the same email.

[Jeff]

Ok, this is why:
"
URI BlackList: score: 34
multi.uribl.com: (34) (mjt.lu (4))
"

There's a few things to mention here, but I'll start with the most important:

You need to disable multi.uribl.com:
From PP's main menu: Tools / AntiJunk -> Main interface
Select URI Blacklist on the left
Uncheck "multi.uribl.com"
(multi.surbl.org is good and should be enabled)


Observations / notes:

What version of POP Peeper are you using? Presumably, less than v4.1?

The problem with multi.uribl.com is that they tend to block any requests. If your IP (or whatever logic they use) is blocked, then PP would interpret the result as a false positive until PP v4.1.

PP v4.0 included multi.uribl.com, but it was disabled by default
PP v4.1 removed multi.uribl.com (although you can still add it if you want); the false-positive was fixed

The default weight for URIBL is 1.5 but yours is set to 34 -- that is a very high and rather strange value, was that intentional?

If that uribl is disabled, then the overall score of your email would be -2.5 -- which is very much on the side of "legitimate".

[lian]

I've got Pop 4.3 and I must admit I played with scores. I will change this.

[Jeff]

btw, had I paid more attention to this:
multi.uribl.com: (34) (mjt.lu (4))
I would have recognized that this does *not* indicate a blocked result from uribl.com. For some reason, when *I* perform a lookup from my computer, I get a blocked result; but I went directly to the source and I found that that URL (mjt.lu) *is* listed.

The url is in their grey list, which is defined as:

- This lists [sic] contains domains found in UBE/UCE, and possibly honour opt-out requests. It may include ESPs which allow customers to import their recipient lists and may have no control over the subscription methods. This list can and probably will cause False Positives depending on your definition of UBE/UCE. This zone rebuilds several times a day as necessary.

If you want to continue to use uribl.com, my advice would be to use black.uribl.com instead of multi (multi includes black and grey, as well as red). If you do, let us know if you have better results.