1 Reply Latest reply on Nov 5, 2009 2:56 AM by dshah1

    McAfee Secure Messaging Service / Postini: false positive?

      Hello,

      I'm puzzled by this email message that gets quarantined by McAfee Secure Messaging Service (it's based on Postini) for no reason that I can think of.

      Here are the Postini headers:

      X-pstn-2strike: clear
      X-pstn-neptune: 0/0/0.00/0
      X-pstn-levels: (S: 0.02932/98.63596 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
      X-pstn-settings: 3 (1.0000:1.0000) s cv gt3 gt2 gt1 r p m c
      X-pstn-addresses: from [db-null]
      X-pstn-disposition: quarantine

      I read the docs (http://www.mcafee-sms.com/webdocs/admin%5Fee%5Fmcafee/wwhelp/wwhimpl/common/html /wwhelp.htm?context=MACAFFHelp&file=header%5Foverview.html#951634) and in short, the x-pstn-settings header tells me that NONE of the filters was triggered, but the x-pstn-levels header tells me that the final score (0.02932) is low enough to classify the email as bulk/spam.

      Can anyone explain to me why the final score is so low when none of the filters were triggered?

      Does anyone have any suggestions on how to prevent this from happening?

      Here are some headers from other messages that did pass thru:

      X-pstn-levels: (S: 3.85797/99.90000 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )

      X-pstn-levels: (S:16.99179/99.90000 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:94.5022 C:99.5902 )

      The first header is from a message that came from the same server as the message that was classified as spam. This message was not an auto generated message. All the scores except the final score are the same? The message that was classified as spam was auto generated.

      The other message came from LinkedIn and was an auto generated message.

      How is the final score computed?