#39709 closed enhancement (worksforme)
Add filler content to New Site Registration email to avoid space ratio spam rule
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | Keywords: | ||
| Focuses: | multisite | Cc: |
Description
I noticed SpamAssassin on helpscout.net is coming very close to flagging the New Site Registration emails as spam.
The biggest rule being triggered is `TVD_SPACE_RATIO_MINFP`, with a weight of 2.5, getting the message 50% of the way to the the default threshold of 5. That rule looks for excessive whitespace in the message body, and I'm guessing it's being triggered by the high ratio of newlines to paragraph text. I uploaded a pastebin with the full headers and body.
I don't have time right now to verify whether or not helpscout.net is using the default SpamAssassin configuration, or if they've weighted this rule more heavily for some reason, but even if they have, it seems likely that others will as well. Additionally, the current message text seems like poor UX, and I think the fix for the spam issue would also fix that.
I think the fix would be to add some filler text to the message body, to decrease the ratio of newlines to paragraph text. e.g.:
Howdy, this is your WordPress multisite installation at {example.org}. I thought you'd like to know that a new site was created. The details are below:
It doesn't really matter what the text is, as long as it's a normal sentence or two, so whatever makes the most sense from a UX point of view will probably be fine.
If the new text does include the domain name, I think we should avoid entering a full URL, because that could trigger other spam rules. (As an aside, I think it's generally a bad idea to include URLs in emails, since it trains users to expect and click them, which makes them more vulnerable to phishing. That's another ticket, though.)
I think the next steps for this ticket would be:
- Reproduce the issue with a local SpamAssassin instance, to verify that
2.5is the default score for this message (rather than something Help Scout modified) - Test that adding some filler text will prevent the rule from being triggered. I don't think it'll really matter what the text is, for the purposes of testing.
- Decide on what the best text would be from a UX perspective
Change History (4)
#2
@
8 months ago
- Resolution set to worksforme
- Status changed from new to closed
Reproduction Report
Description
❌ This report can't validates that the issue can be reproduced anymore
Environment
- WordPress: 6.9-alpha-60093-src
- PHP: 8.2.28
- Server: nginx/1.29.0
- Database: mysqli (Server: 8.4.5 / Client: mysqlnd 8.2.28)
- Browser: Chrome 138.0.0.0
- OS: Windows 10/11
- Theme: Twenty Twenty-Five 1.2
- MU Plugins: None activated
- Plugins:
- Micro Email Testing 1.0.0
- Test Reports 1.2.0
Reproduction Results
- When doing a new site registration, 4 emails are sent:
- New User Registration, no spam detected
- Login Details, no spam detected
- New Site Created, no spam detected
- New * Site: *, no spam detected
Actual Results
- ❌ Issue reported is not occurring any more
Additional Notes
- Spam filters have been updated overtime, and also as we can see, the emails have changed a bit since they are not exactly as the ones reported originally. Closing this with
worksforme
- Feel free to reopen if you happen to find something I've not considered in this testing.
#4
@
8 months ago
After check #40081 I've was wondering how the New Site Registration emails looked today. So I tested with my own raw data
Return-Path: <test@example.com>
Received: from example.com (example.com. [212.18.121.3])
by 8f6e7071a180 (Mailpit) with SMTP
for <test@example.com>; Tue, 15 Jul 2025 09:54:06 +0000 (UTC)
Date: Tue, 15 Jul 2025 09:54:06 +0000
To: test@example.com
From: test <test@example.com>
Subject: New Site Registration: http://example.com:8889/harry
Message-ID: <exz15gY8fniQJyL37YqvT7ihC0vtDSljaijkPeVeK8s@localhost.localdomain>
X-Mailer: PHPMailer 6.9.3 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
New Site: Harry Site
URL: http://example.com:8889/harry
Remote IP address: 172.18.0.1
Disable these notifications: https://example.com:8889/wp-admin/network/settings.php
And here are the results by SpamAssassin:
{
success: true,
score: '0.9',
rules: [
{
score: '-1.9',
description: 'BODY: Bayes spam probability is 0 to 1% [score: 0.0022]'
},
{
score: '0.0',
description: 'RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [212.18.121.3 listed in sa-accredit.habeas.com]'
},
{
score: '0.0',
description: 'RBL: ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/ [212.18.121.3 listed in zen.spamhaus.org]'
},
{
score: '0.0',
description: 'RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [212.18.121.3 listed in bl.score.senderscore.com]'
},
{
score: '0.0',
description: 'URI: Uses non-standard port number for HTTP'
},
{
score: '2.8',
description: 'WordPress login/admin URI, possible phishing'
},
{ score: '0.0', description: 'To == From and direct-to-MX' }
],
report: ' pts rule description \n' +
'---- ---------------------- --------------------------------------------------\n' +
'-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: \n' +
' 0.0022] \n' +
' 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity \n' +
' was blocked. See \n' +
' https://knowledge.validity.com/hc/en-us/articles/…\n' +
' 20961730681243 for more information. [212.18.121.3\n' +
' listed in sa-accredit.habeas.com] \n' +
' 0.0 RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE: The query to \n' +
' zen.spamhaus.org was blocked due to usage of an \n' +
' open resolver. See \n' +
' https://www.spamhaus.org/returnc/pub/ \n' +
' [212.18.121.3 listed in zen.spamhaus.org] \n' +
' 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity \n' +
' was blocked. See \n' +
' https://knowledge.validity.com/hc/en-us/articles/…\n' +
' 20961730681243 for more information. [212.18.121.3\n' +
' listed in bl.score.senderscore.com] \n' +
' 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP \n' +
' 2.8 URI_WPADMIN WordPress login/admin URI, possible phishing \n' +
' 0.0 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX '
}
Emails doesn't seem to be as spacey any more (this is why TVD_SPACE_RATIO_MINFP is not being triggered), still the only worry some part is the URI_WPADMIN that triggers a big 2.8 but will be further analysed in #40081
I checked the current message using Postmark's spam-check API and it got a score of
6.9, with the following breakdown:pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 NO_RELAYS Informational: message was not relayed via SMTP 0.4 NO_DNS_FOR_FROM RBL: Envelope sender has no MX or A DNS records 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: wordcamp.dev] 2.6 URI_WPADMIN WordPress login/admin URI, possible phishing -0.0 NO_RECEIVED Informational: message has no Received headers 0.0 TVD_SPACE_RATIO TVD_SPACE_RATIO 1.5 PHP_ORIG_SCRIPT Sent by bot & other signs 2.4 TVD_SPACE_RATIO_MINFP Space ratioRelated: I opened #40081 for the
URL_WPADMINissue.Adding the
Howdy...example message above dropped the message's score from6.9to3.0. So, I think that's a good solution. The next step would be to settle on what the real filler message should be. Any opinions?