Support » Plugin: Wordfence Security - Firewall & Malware Scan » Wordfence notifications marked as spam

  • Resolved voodoochill

    (@voodoochill)


    It seems all notifications from Wordfence (e.g. about users locked out) get sent to my junk box automatically in mac mail.

    They are sent to my gmail account. I actually have spam filtering turned off in mac mail, it seems it’s only the Wordfence notifications to gmail that are doing this.

    Does anyone know why this might be happening? How to fix it? Thanks

Viewing 7 replies - 1 through 7 (of 7 total)
  • Hey @voodoochill,

    I’ve read this on an Apple support forum. Can you please try adjusting the Junk settings and let me know if it helps?

    Mark messages as junk or not junk
    In the Mail app on your Mac, select a message.
    Do one of the following:

    If Mail incorrectly marked the message as junk: Click Move to Inbox in the message banner or click the Not Junk button in the Mail toolbar (or use the Touch Bar). Mail moves the message to your Inbox.

    If Mail failed to mark the message as junk: Click the Junk button in the Mail toolbar (or use the Touch Bar). Mail moves the message to the Junk mailbox.
    Each time you confirm a message as junk or not junk, the junk mail filter improves so Mail can better identify junk mail.

    Please let me know.

    Thanks,

    Gerroald

    • This reply was modified 12 months ago by WFGerroald.
    Thread Starter voodoochill

    (@voodoochill)

    I just checked that and junk settings are not enabled. Also there is no “Not Junk” button in the toolbar (or in the list of possibly available buttons to customise it) So it’s a bit of a mystery.

    Hey @voodoochill,

    What OS version are you using?

    Seeing you’re receiving them in the other accounts it seems to be specific to Mac Mail. If you can share your OS version I can do some more digging as I’d like to help with this. But you may also open a support request with Apple for their thoughts. I strongly assume there’s a setting(s) contributing to this.

    Please let me know.

    Thanks,

    Gerroald

    Thread Starter voodoochill

    (@voodoochill)

    OS is Mojave

    I have just checked some older ones (from when I did have a spam rule in Mac Mail)

    The other accounts emails are domain emails but I notice now that some of them were going into the junk folder correctly. I say correctly because my junk marking rule for those was set in Spamassassin to mark ++++ spam score as spam. The Wordfence notifications were usually +++ or ++++ which I think you have to admit is high.

    Here is an example of the spam bar score on one of my domain emails notifications that went via spamassassin on the server:

    Date: 19 Jun 2020 02:15:11 -0400
    Content-Type: text/html; charset=UTF-8
    Content-Transfer-Encoding: quoted-printable
    X-Spam-Status: Yes, score=4.5
    X-Spam-Score: 45
    X-Spam-Bar: ++++
    X-Spam-Report: Spam detection software, running on the system "cp1.mattwservices.uk",
     has identified this incoming email as possible spam.  The original
     message has been attached to this so you can view it or label
     similar future email.  If you have any questions, see
     root\@localhost for details.
     Content preview:  This email was sent from your website "Pete Thomas" by the
        Wordfence plugin. Wordfence found the following new issues on "Pete Thomas"
        (1 existing issue was also found again). Alert generated at Friday 19th of
        June 2020 at 07:15:09 AM 
     Content analysis details:   (4.5 points, 4.0 required)
      pts rule name              description
     ---- ---------------------- --------------------------------------------------
      0.8 BAYES_50               BODY: Bayes spam probability is 40 to 60%
                                 [score: 0.4414]
      0.8 KAM_COUK               Scoring .co.uk emails higher due to poor registry
                                 security.
      0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                                 blocked.  See
                                 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                                  for more information.
                                 [URIs: wordfence.com]
     -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
                                 [104.245.209.197 listed in wl.mailspike.net]
     -0.0 SPF_PASS               SPF: sender matches SPF record
      0.0 HTML_MESSAGE           BODY: HTML included in message
      0.1 HTTPS_HTTP_MISMATCH    BODY: No description available.
      0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
      1.4 HTML_IMAGE_ONLY_28     BODY: HTML: images with 2400-2800 bytes of
                                 words
      1.1 KAM_REALLYHUGEIMGSRC   RAW: Spam with image tags with ridiculously
                                  huge http urls
     -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                                 author's domain
      0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                                 valid
     -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
     -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                                 envelope-from domain
      0.4 HTML_MIME_NO_HTML_TAG  HTML-only message, but there is no HTML
                                 tag
    X-Spam-Flag: YES
    Subject:  ***SPAM***  [Wordfence Alert] Problems found on petethomas.co.uk

    However this does not explain the gmail one, because those (I presume) go direct to my inbox an=t mac mail so do not go via spamassasin on my server.

    Hey @voodoochill,

    Aha! This is very helpful information. SpamAssassin, as you know is controlled by your email hosting provider. The score does seem high, but I’m not certain of what metrics they use to create the score.

    In light of the new information, I did a little digging. Unless your email server is hosted on your own server, you’ll need to contact whoever manages your email to see if you can whitelist Wordfence.

    This would mean modifying the configuration files for SpamAssassin, such as /etc/mail/spamassassin/local.cf. There may also be a setting in your hosting control panel to do this, your host will know.

    I do find it odd that it does arrive at the Gmail, but not Mac Mail. Though I still believe reaching out to your host or what service manages your emails is the best next step to whitelist the Wordfence notifications.

    Please let me know how it goes.

    Thanks,

    Gerroald

    Thread Starter voodoochill

    (@voodoochill)

    Yes I can whitelist wordfence raeally, I don’t think I should have to.

    Other emails with a spambar of ++++ really are spammers trying to sell me real estate opportunities.

    One part of it I know is because it is being sent from my site obviousl;y, and as you can see for some strange reason spamassassin gives .co.uk a 0.8 (KAM_COUK).

    This seems absurd bot obviously not your fault.

    Anyway, I still think I shopuld not have to whitelist Wordfence – there must be something Wordfence can do to stop the emails appearing spammy.

    Hey @voodoochill,

    I’ve spoken with the Team about this.

    The emails are originating from your site/mail server. The options are to either whitelist Wordfence, or speak with hosting to see if there’s a server/site configuration issue contributing to this, and address it. This is likely going to be a Spamassin/Apache configuration issue. If these notifications were being reported as spam we’d have seen many more reports. However, there have only been a few over years and whitelisting Wordfence resolved it.

    https://spamassassin.apache.org

    Please let me know how it goes.

    Thanks,

    Gerroald

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Wordfence notifications marked as spam’ is closed to new replies.