You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Dan Barker <db...@visioncomm.net> on 2007/01/14 19:52:36 UTC
Bank Of A FP
I got a hit on SARE_FORGED_BANKOFA. It's a 3 pointer (using sa-update).
Seems they used to send from bankofamerica.com and now they send from
customercenter.net. How do I go about "influencing" someone to research the
corpus of names BofA might use, and update 70_SARD_spoof.cf to match?
Rule:
header __RCVD_BANKOFA Received =~ /\.bankofamerica\.com/i
header __FROM_BANKOFA From =~ /[\@\.]bankofamerica\.com/i
uri __URI_BANKOFA /\bbankofamerica\.com/i
meta SARE_FORGED_BANKOFA (__FROM_BANKOFA && __URI_BANKOFA &&
!__RCVD_BANKOFA)
score SARE_FORGED_BANKOFA 3.0
Header:
X-Envelope-From:<bi...@billpay.bankofamerica.com>
Received: from outbd-pstfx.customercenter.net [208.235.248.20] by
mail.visioncomm.net with ESMTP
(SMTPD32-8.15) id AAF222D00BC; Sat, 13 Jan 2007 21:52:34 -0500
Received: from localhost (localhost.localdomain [127.0.0.1])
by outbd-pstfx.customercenter.net (Postfix) with ESMTP id
803DC2FC24A
for <re...@kitepilot.net>; Sat, 13 Jan 2007 21:52:31 -0500 (EST)
X-Virus-Scanned: by amavisd-new at customercenter.net
Received: from prod-mail.nc.customercenter.net
(elpemh04.nc.customercenter.net [10.30.26.54])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by outbd-pstfx.customercenter.net (Postfix) with ESMTP id
1CCC32FC2AF
for <re...@kitepilot.net>; Sat, 13 Jan 2007 21:52:31 -0500 (EST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by prod-mail.nc.customercenter.net (Postfix) with ESMTP id
083C62680F0
for <re...@kitepilot.net>; Sat, 13 Jan 2007 21:52:31 -0500 (EST)
X-Virus-Scanned: by amavisd-new at customercenter.net
Received: from elpgts01.nc.checkfree.com (elpgts01.nc.checkfree.com
[10.30.44.141])
by prod-mail.nc.customercenter.net (Postfix) with ESMTP id
DEB03268132
for <re...@kitepilot.net>; Sat, 13 Jan 2007 21:52:30 -0500 (EST)
Message-ID: <nn...@ewaexe01.nc.checkfree.com>
Date: Sat, 13 Jan 2007 21:52:30 -0500 (EST)
From: billpay@billpay.bankofamerica.com
Reply-To: billpay.reply@billpay.bankofamerica.com
To: redacted@kitepilot.net
Subject: You have a new bill from Bank of America Credit Card
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-Priority: 2 (Normal)
X-Mailer: cdasend
X-MessageId:#nnnnnnnnnnnnnnnnnnnnnnnn_
Re: Bank Of A FP
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Dan Barker wrote:
> customercenter.net. How do I go about "influencing" someone to research the
> corpus of names BofA might use, and update 70_SARD_spoof.cf to match?
Emailing the current maintainer, Fred, would probably be effective. His
address is in the seventh line of the file.
Failing that, the sare-users list would probably work.
Daryl
Re: Bank Of A FP
Posted by Fred T <sp...@freddyt.com>.
Hello Dan,
Sunday, January 14, 2007, 1:52:36 PM, you wrote:
> I got a hit on SARE_FORGED_BANKOFA. It's a 3 pointer (using sa-update).
I updated this rule just now!
Thanks for the notice!
--
Best regards,
Fred mailto:spamassassin@freddyt.com