8

Suppose: someone fills out my contact form on www.example.com/contact/.

My server-side script sends this information to a sales person at the organization.

  • To make SPF work, I set the "From" as sales@example.com
  • To make the "Reply" button work (for the sales person), I set "Reply-To" to the email address that the website visitor has filled in

Now, apparently this is a problem: if someone fills in the contact form with a gmail or hotmail email address for example, it triggers the following SpamAssassin rules:

  • 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
  • 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different freemails

How am I supposed to avoid that while keeping SPF working and keeping the Reply button working for the person that receives this email? Or is it simply not possible?

Note that I do not want to change SpamAssassin config because I would like to figure out how to fix this in general.

Sygmoral
  • 181
  • 1
  • 1
  • 4

1 Answers1

4

I do not think you can do anything about it, as these rules are exactly matching what you're doing. I would say the rules get way too much spam points and discriminates against freemail, as your use case definitely shows, but that's a decision of the spamassassin devs.

If it only goes to your mailserver, change the spamassassin config. It's perfectly normal that you reassign different points for different use cases.

Another solution is to add negative spam points for this use case. You can add some "via_webform -5.0" rule,i.e. by setting a X-via-webform header when sending the mail and matching it with spamassassin.

Using only internal routing may score you "only trusted relays" negative points as well.

Or consider not running spamassassin on these mails and filter in the webform, i.e. with a captcha only.

allo
  • 1,524
  • 1
  • 19
  • 35