You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Thomas Kinghorn <th...@mtnns.net> on 2004/10/11 07:24:34 UTC
low scoring spam
Hi List.
I have been receiving some very low scoring spam messages lately.
Any ideas on how to increase the scores a bit.
Here are the results:
@:รถ0-------------------- Start SpamAssassin results ----------------------
This mail is probably spam. The original message has been altered
so you can recognise or block similar unwanted mail in future.
See http://spamassassin.org/tag/ for more details.
Content analysis details: (3.7 hits, 4.4 required)
2.5 HEAD_LONG Message headers are very long
-3.3 ALL_TRUSTED Did not pass through any untrusted hosts
2.1 HEAD_ILLEGAL_CHARS Header contains too many raw illegal characters
0.1 MISSING_HEADERS Missing To: header
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5000]
1.0 URIBL_SBL Contains an URL listed in the SBL blocklist
[URIs: patsmail.com]
1.2 MISSING_SUBJECT Missing Subject: header
-------------------- End of SpamAssassin results -------------------
I have attached the message aswell.
<<****SPAM****: 5.0: When she went into Kitty's little room, a pretty, pink
little room, fu...>>
Regards,
Tom
Re: low scoring spam
Posted by Loren Wilton <lw...@earthlink.net>.
Well, first off I'd send a note to Geocities letting them know they are
being used as a spam host. That may not appreciate that, and take
appropriate action.
Second I'd look to some of the SARE rules. The OEM rules *might* have added
a point or two to this spam. However, it only mentions a single product
reasonably by name, and that may be below the threshhold. However, the
obfuscation on the name might be enough to trigger a rule.
Third, you didn't show the received headers, but you obviously have a
problem there. I would presume that the All Trusted rule should not have
fired on the received path. So you probably have a misconfiguration
somehow, and fixing that will add 3.3 points to this spam. It may also
cause other rules to fire, as the received headers are a goldmine of stuff
for detecting spam.
Loren