You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by RW <rw...@googlemail.com> on 2016/05/06 22:31:48 UTC
Interesting spam
Anyone playing whack-a-mole with those "pretty girl looking for
handsome man" spams might be interested in this spam I got today:
http://pastebin.com/SFegJAj1
Re: Interesting spam
Posted by RW <rw...@googlemail.com>.
On Sat, 7 May 2016 05:12:56 +0200
Reindl Harald wrote:
> Am 07.05.2016 um 05:08 schrieb Reindl Harald:
> >
> >
> > Am 07.05.2016 um 00:31 schrieb RW:
> >>
> >> Anyone playing whack-a-mole with those "pretty girl looking for
> >> handsome man" spams might be interested in this spam I got today:
> >>
> >> http://pastebin.com/SFegJAj1
>
> BTW - your pastebin version is wracked - got the same (rejected,
> milter-bcc) and that complete one (no missing headers) has even more
> score
Well obviously I only posted the rendered text. The headers and html
are completely irrelevant.
For the benefit of anyone else that's completely missed the point,
the spammer has screwed-up and dumped a big chunk of the dictionary
that's used for auto-generating these spams into a single email. It has
alternate phrases conveniently grouped together and even includes "="
as a phrase separator.
Re: Interesting spam
Posted by Reindl Harald <h....@thelounge.net>.
Am 07.05.2016 um 05:08 schrieb Reindl Harald:
>
>
> Am 07.05.2016 um 00:31 schrieb RW:
>>
>> Anyone playing whack-a-mole with those "pretty girl looking for
>> handsome man" spams might be interested in this spam I got today:
>>
>> http://pastebin.com/SFegJAj1
BTW - your pastebin version is wracked - got the same (rejected,
milter-bcc) and that complete one (no missing headers) has even more score
Content analysis details: (31.4 points, 5.5 required)
pts rule name description
---- ----------------------
--------------------------------------------------
5.5 CUST_DNSBL_6 RBL: zen.spamhaus.org (xbl.spamhaus.org)
[94.23.222.100 listed in zen.spamhaus.org]
-0.1 CUST_DNSWL_5 RBL: list.dnswl.org (No Trust)
[94.23.222.100 listed in list.dnswl.org]
1.0 NIXSPAM_IXHASH DIGEST: ix.dnsbl.manitu.net
1.0 CUST_DNSBL_26 RBL: score.senderscore.com (senderscore.com
Medium)
[94.23.222.100 listed in score.senderscore.com]
1.5 CUST_DNSBL_19 RBL: score.senderscore.com (senderscore.com
High)
0.1 SPF_NONE SPF: sender does not publish an SPF Record
2.0 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
-2.0 USER_IN_MORE_SPAM_TO User is listed in 'more_spam_to'
0.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
5.5 BAYES_80 BODY: Bayes spam probability is 80 to 95%
[score: 0.9133]
0.0 HTML_MESSAGE BODY: HTML included in message
2.0 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
3.5 CUST_DNSBL_11 RBL: hostkarma.junkemailfilter.com
[94.23.222.100 listed in
hostkarma.junkemailfilter.com]
1.0 FSL_BULK_SIG Bulk signature with no Unsubscribe
1.5 IXHASH_CHECK Message hits one ore more IXHASH digest-sources
3.0 URI_WP_DIRINDEX URI for compromised WordPress site,
possible malware
2.5 DIGEST_MULTIPLE_LOCAL Message hits more than one network digest check
(razor, pyzor, ixhash)
2.0 URI_WP_HACKED_2 URI for compromised WordPress site,
possible malware
>
> Content analysis details: (16.4 points, 5.5 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 7.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
> [score: 0.9998]
> -0.0 NO_RELAYS Informational: message was not relayed via SMTP
> 2.0 MISSING_HEADERS Missing To: header
> 0.4 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
> [score: 0.9998]
> -0.0 NO_RECEIVED Informational: message has no Received headers
> 1.0 MISSING_FROM Missing From: header
> 3.0 MISSING_MID Missing Message-Id: header
> 2.5 MISSING_DATE Missing Date: header
> 0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822
> headers
net/signature.asc.what.htm
Re: Interesting spam
Posted by Reindl Harald <h....@thelounge.net>.
Am 07.05.2016 um 00:31 schrieb RW:
>
> Anyone playing whack-a-mole with those "pretty girl looking for
> handsome man" spams might be interested in this spam I got today:
>
> http://pastebin.com/SFegJAj1
Content analysis details: (16.4 points, 5.5 required)
pts rule name description
---- ----------------------
--------------------------------------------------
7.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 0.9998]
-0.0 NO_RELAYS Informational: message was not relayed via SMTP
2.0 MISSING_HEADERS Missing To: header
0.4 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 0.9998]
-0.0 NO_RECEIVED Informational: message has no Received headers
1.0 MISSING_FROM Missing From: header
3.0 MISSING_MID Missing Message-Id: header
2.5 MISSING_DATE Missing Date: header
0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822
headers