Hi everyone. I hope the energy is over.
I wanted to discuss antispam with you.
I agree that there are powerful solutions, but it is also true that they are expensive.
For customers who need it and have the budget, I change the MX so that it passes through an input gateway.But I also give a basic service to everyone and I rely on the built-in services of SM (Cyren, message sniffer, RBL, URIBL, greylist, etc.).
Putting a gateway on everything that arrives and that is an excellent antispam is not feasible for the costs.
I have evaluated it several times, but it would also increase costs for basic customers.
But I keep trying.
I received a message that has passed through with these
headersX-SmarterMail-SpamAction: None | NoActionX-SmarterMail-TotalSpamWeight: 0X-SmarterMail-Spam: Reverse DNS Lookup [Passed]: 0, SPF [Pass]: 0, Null Sender: 0, Backscatter: 0, SEM - Black: 0, Surriel: 0, Spamhaus: 0, UCEProtect Level 2: 0, Truncate: 0, Barracuda: 0, UCEProtect Level 1: 0, HostKarma: 0, SpamCop: 0, DMARC [passed]: 0, ISpamAssassin [raw: 0]: 0, DKIM [Pass]: 0, _ARC: none, URIBL Black: 0, SEM-URI: 0DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d = zzcgtyyhostioob.org; s = mail; h = Message-Id: Date: MIME-Version: Content-Type: To :Subject:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description: Resent-Date: Resent-From: Resent-Sender: Resent-To: Resent-Cc : Resent-Message-ID: In-Reply-To: References: List-Id: List-Help: List-Unsubscribe: List-Subscribe: List-Post: List-Owner: List-Archive; bh = NOgDePPdYFgR / tUXddw7VGZVq4eWVT8PMMg20oM1bJE =; b = PIDQ0UsCKhyyOkvULdJ81xXg3g b224P0OVTFUZYENsY0w9lBJ + re / p84mBMLnB3KIBXFKT0V2LXocBMFXNlMZ1LaoL + w9Nys0JzsNvz u2RTWO + zSj8r8IaD1zphUvsG4qHjc2F6MgSEIpiC668pyXtnhx4vFr / hofxnpkcG2aPYQw7fl / V + L qqgBfHwtUSUR5nVFLkYP/cnwXGPANhWIMfJnEt2DxmZj4oRXrn32aBxO9IP/7ScUaQLcUZltFxUpz vaLdm/SMb8HmIL5zjyMh7NxiwhZnCgC0CYP87vwh8l5vfM4y44dnzvj0JqpzTrXDXU0//P4IuZVW+ K+bV9f9A==; From: "Assistance.aruba.it" <mail@zzcgtyyhostioob.org>
I took the .eml and did a stupid test, asking chatgpt to analyze it.
Here is the result:
🚨 Phishing Email Analysis Report
The analyzed email is almost certainly a phishing attempt, even though basic technical checks appear to pass.
❗ Strong Fraud Indicators
❌ Fake sender domain: zzcgtyyhostioob.org (not related to Aruba in any way)
❌ Spoofed display name: “Assistenza.aruba.it”
❌ Generic greeting: “Dear Customer”
❌ Urgency & threat: service suspension warning
❌ Payment link prompt: typical credential/credit card harvesting tactic
⚠️ Why it bypassed spam filters
Technical authentication passed:
SPF ✅
DKIM ✅
DMARC ✅
Spam score: 0
This happens because modern phishing campaigns use fresh, clean domains to avoid blacklists.
✅ Final Verdict
👉 PHISHING EMAIL — DO NOT CLICK — DO NOT REPLY
It is a fake unpaid invoice scam impersonating Aruba.
I'm wondering:
Even if I developed an agent that ran this type of test and returned a score, how would I connect it?
I could still use a local LLM (I tried it and the results are still excellent).
Some sort of external management would be needed.
An agent could also handle the training if done well.
But I need a way to connect it to the anti-spam system.
A bit like what happened with rsSpamD, but with a custom agent.
It's just an idea, yet to be tested, but what do you think?