You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Thomas Kinghorn <th...@mtnns.net> on 2004/10/11 07:24:34 UTC

low scoring spam

Hi List.

I have been receiving some very low scoring spam messages lately.

Any ideas on how to increase the scores a bit.

Here are the results:

@:ö0-------------------- Start SpamAssassin results ----------------------
This mail is probably spam.  The original message has been altered
so you can recognise or block similar unwanted mail in future.
See http://spamassassin.org/tag/ for more details.

Content analysis details:   (3.7 hits, 4.4 required)
 2.5 HEAD_LONG              Message headers are very long
-3.3 ALL_TRUSTED            Did not pass through any untrusted hosts
 2.1 HEAD_ILLEGAL_CHARS     Header contains too many raw illegal characters
 0.1 MISSING_HEADERS        Missing To: header
 0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60%
                            [score: 0.5000]
 1.0 URIBL_SBL              Contains an URL listed in the SBL blocklist
                            [URIs: patsmail.com]
 1.2 MISSING_SUBJECT        Missing Subject: header

-------------------- End of SpamAssassin results -------------------

I have attached the message aswell.

 <<****SPAM****: 5.0: When she went into Kitty's little room, a pretty, pink
little room, fu...>> 


Regards, 

Tom

Re: low scoring spam

Posted by Loren Wilton <lw...@earthlink.net>.

Well, first off I'd send a note to Geocities letting them know they are
being used as a spam host.  That may not appreciate that, and take
appropriate action.

Second I'd look to some of the SARE rules.  The OEM rules *might* have added
a point or two to this spam.  However, it only mentions a single product
reasonably by name, and that may be below the threshhold.  However, the
obfuscation on the name might be enough to trigger a rule.

Third, you didn't show the received headers, but you obviously have a
problem there.  I would presume that the All Trusted rule should not have
fired on the received path.  So you probably have a misconfiguration
somehow, and fixing that will add 3.3 points to this spam.  It may also
cause other rules to fire, as the received headers are a goldmine of stuff
for detecting spam.

        Loren