KAM_Back rule

[John <jp...@codemist.co.uk>]

I just got an email from a mailing list of which i am a member (UK
academic geophysics) which was scored at 5, mainly from a 5.5
contribution from KAM_BACK, described as background check SPAM.  I have
not managed to work out what that rule is trying to do, but it is the
first detected oh-nasty from using the KAM rules.

Clearly I can reduce the score but I am struggling to see what was
wrong with the message, attached.
==John ffitch

Re: KAM_Back rule

[RW <rw...@googlemail.com>]

On Fri, 26 Oct 2018 17:29:24 -0400
Bill Cole wrote:

> On 26 Oct 2018, at 15:13, John wrote:
> 
> > I just got an email from a mailing list of which i am a member (UK
> > academic geophysics) which was scored at 5, mainly from a 5.5
> > contribution from KAM_BACK, described as background check SPAM.  I 
> > have
> > not managed to work out what that rule is trying to do, but it is
> > the first detected oh-nasty from using the KAM rules.
> >
> > Clearly I can reduce the score but I am struggling to see what was
> > wrong with the message, attached.  
> 
> There's nothing wrong with the message, the rule is too aggressive.
> 
> It consists of 5 sub-rules, 3 body and 2 header for From and Subject. 
> Hitting any three satisfies the meta-rule.

And 'criminal' in the Subject implies a second hit on 'criminal' in the
body.

Re: KAM_Back rule

[Bill Cole <sa...@billmail.scconsult.com>]

On 26 Oct 2018, at 15:13, John wrote:

> I just got an email from a mailing list of which i am a member (UK
> academic geophysics) which was scored at 5, mainly from a 5.5
> contribution from KAM_BACK, described as background check SPAM.  I 
> have
> not managed to work out what that rule is trying to do, but it is the
> first detected oh-nasty from using the KAM rules.
>
> Clearly I can reduce the score but I am struggling to see what was
> wrong with the message, attached.

There's nothing wrong with the message, the rule is too aggressive.

It consists of 5 sub-rules, 3 body and 2 header for From and Subject. 
Hitting any three satisfies the meta-rule. It seems to be targeted at 
spam selling criminal and/or financial background reports (which is a 
real market here in the US, where we have no serious privacy laws...) 
Unfortunately, it does not seem to be constructed with an appreciation 
for the fact that people discuss criminality in non-spam.

Personally, I just zeroed the score for that on my personal system. 
Thanks for bringing it to light.


-- 
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole

Re: KAM_Back rule

["Kevin A. McGrail" <km...@apache.org>]

On 10/26/2018 3:13 PM, John wrote:
> I just got an email from a mailing list of which i am a member (UK
> academic geophysics) which was scored at 5, mainly from a 5.5
> contribution from KAM_BACK, described as background check SPAM.  I have
> not managed to work out what that rule is trying to do, but it is the
> first detected oh-nasty from using the KAM rules.
>
> Clearly I can reduce the score but I am struggling to see what was
> wrong with the message, attached.
> ==John ffitch

Hi John, thanks for the FP.  I've tweaked the rules.

-- 
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171