You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by RW <rw...@googlemail.com> on 2016/05/06 22:31:48 UTC

Interesting spam

Anyone playing  whack-a-mole with those "pretty girl looking for
handsome man" spams might be interested in this spam I got today:

http://pastebin.com/SFegJAj1

Re: Interesting spam

Posted by RW <rw...@googlemail.com>.

On Sat, 7 May 2016 05:12:56 +0200
Reindl Harald wrote:

> Am 07.05.2016 um 05:08 schrieb Reindl Harald:
> >
> >
> > Am 07.05.2016 um 00:31 schrieb RW:  
> >>
> >> Anyone playing  whack-a-mole with those "pretty girl looking for
> >> handsome man" spams might be interested in this spam I got today:
> >>
> >> http://pastebin.com/SFegJAj1  
> 
> BTW - your pastebin version is wracked - got the same (rejected, 
> milter-bcc) and that complete one (no missing headers) has even more
> score

Well obviously I only posted the rendered text. The headers and html
are completely irrelevant.

For the benefit of anyone else that's completely missed the point,
the spammer has screwed-up and dumped  a big chunk of the dictionary
that's used for auto-generating these spams into a single email. It has
alternate phrases conveniently grouped together and even includes "="
as a phrase separator.

Re: Interesting spam

Posted by Reindl Harald <h....@thelounge.net>.


Am 07.05.2016 um 05:08 schrieb Reindl Harald:
>
>
> Am 07.05.2016 um 00:31 schrieb RW:
>>
>> Anyone playing  whack-a-mole with those "pretty girl looking for
>> handsome man" spams might be interested in this spam I got today:
>>
>> http://pastebin.com/SFegJAj1

BTW - your pastebin version is wracked - got the same (rejected, 
milter-bcc) and that complete one (no missing headers) has even more score

Content analysis details:   (31.4 points, 5.5 required)

  pts rule name              description
---- ---------------------- 
--------------------------------------------------
  5.5 CUST_DNSBL_6           RBL: zen.spamhaus.org (xbl.spamhaus.org)
                             [94.23.222.100 listed in zen.spamhaus.org]
-0.1 CUST_DNSWL_5           RBL: list.dnswl.org (No Trust)
                             [94.23.222.100 listed in list.dnswl.org]
  1.0 NIXSPAM_IXHASH         DIGEST: ix.dnsbl.manitu.net
  1.0 CUST_DNSBL_26          RBL: score.senderscore.com (senderscore.com 
Medium)
                             [94.23.222.100 listed in score.senderscore.com]
  1.5 CUST_DNSBL_19          RBL: score.senderscore.com (senderscore.com 
High)
  0.1 SPF_NONE               SPF: sender does not publish an SPF Record
  2.0 DATE_IN_FUTURE_06_12   Date: is 6 to 12 hours after Received: date
-2.0 USER_IN_MORE_SPAM_TO   User is listed in 'more_spam_to'
  0.5 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
  5.5 BAYES_80               BODY: Bayes spam probability is 80 to 95%
                             [score: 0.9133]
  0.0 HTML_MESSAGE           BODY: HTML included in message
  2.0 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
                             above 50%
                             [cf: 100]
  0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                             [cf: 100]
  0.5 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
  3.5 CUST_DNSBL_11          RBL: hostkarma.junkemailfilter.com
                        [94.23.222.100 listed in 
hostkarma.junkemailfilter.com]
  1.0 FSL_BULK_SIG           Bulk signature with no Unsubscribe
  1.5 IXHASH_CHECK           Message hits one ore more IXHASH digest-sources
  3.0 URI_WP_DIRINDEX        URI for compromised WordPress site, 
possible malware
  2.5 DIGEST_MULTIPLE_LOCAL  Message hits more than one network digest check
                              (razor, pyzor, ixhash)
  2.0 URI_WP_HACKED_2        URI for compromised WordPress site, 
possible malware

>
> Content analysis details:   (16.4 points, 5.5 required)
>
>  pts rule name              description
> ---- ----------------------
> --------------------------------------------------
>  7.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
>                             [score: 0.9998]
> -0.0 NO_RELAYS              Informational: message was not relayed via SMTP
>  2.0 MISSING_HEADERS        Missing To: header
>  0.4 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
>                             [score: 0.9998]
> -0.0 NO_RECEIVED            Informational: message has no Received headers
>  1.0 MISSING_FROM           Missing From: header
>  3.0 MISSING_MID            Missing Message-Id: header
>  2.5 MISSING_DATE           Missing Date: header
>  0.0 NO_HEADERS_MESSAGE     Message appears to be missing most RFC-822
> headers
net/signature.asc.what.htm

Re: Interesting spam

Posted by Reindl Harald <h....@thelounge.net>.


Am 07.05.2016 um 00:31 schrieb RW:
>
> Anyone playing  whack-a-mole with those "pretty girl looking for
> handsome man" spams might be interested in this spam I got today:
>
> http://pastebin.com/SFegJAj1

Content analysis details:   (16.4 points, 5.5 required)

  pts rule name              description
---- ---------------------- 
--------------------------------------------------
  7.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                             [score: 0.9998]
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP
  2.0 MISSING_HEADERS        Missing To: header
  0.4 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
                             [score: 0.9998]
-0.0 NO_RECEIVED            Informational: message has no Received headers
  1.0 MISSING_FROM           Missing From: header
  3.0 MISSING_MID            Missing Message-Id: header
  2.5 MISSING_DATE           Missing Date: header
  0.0 NO_HEADERS_MESSAGE     Message appears to be missing most RFC-822 
headers