You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Scheidell <sc...@secnap.net> on 2007/01/17 16:10:52 UTC
phoney habeas signature?
if this is phoney habeas, I propose a signature to detect it (the web
link does not exist!, isn't it phoney?)
(ymmv)
Accreditor: Habeas
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>.
Postfix, pcre: header_checks:
/^X-Habeas-SWE-9: mark in spam to <http:\/\/www\.habeas\.com\/report\/>/
REJECT Forged Habeas
SA, (local rules? local.cf?)
header FORGED_HABEAS_RPT X-Habeas-SWE-9 =~ m'http://www.habeas.com/report/`
describe FORGED_HABEAS_RPT Forged to look like Habeas, 'report' site
doesn't exist
score FORGED_HABEAS_RPT 7
--
Michael Scheidell, CTO
SECNAP Network Security / www.secnap.com
scheidell@secnap.net / 1+561-999-5000, x 1131
-----------------------------------------------------------------
This email has been scanned and certified safe by SpammerTrap(tm)
For Information please see http://www.spammertrap.com
Re: phoney habeas signature?
Posted by Theo Van Dinter <fe...@apache.org>.
On Wed, Jan 17, 2007 at 10:36:25AM -0500, Michael Scheidell wrote:
> > However, SWE is *DEAD*. Habeas does not support SWE at ALL anymore.
> > They're now on a more Bonded-Sender like system.
> >> X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>.
> >
> so, that signature denotes someone who doesn't know this? and as such is
> a spam sign?
I guess it depends on how you define "spam sign". I have 0 spam hits with
this in it, but still some ham which includes it. So IMO, it's definitely
not a spam sign, and if you've only received one or two spams that tried using
it, I'd ignore it as not worth dealing with.
--
Randomly Selected Tagline:
"When experiment and theory conflict, experiment wins." - Tim Smith
Re: phoney habeas signature?
Posted by Michael Scheidell <sc...@secnap.net>.
Matt Kettler wrote:
> Michael Scheidell wrote:
>
>> if this is phoney habeas, I propose a signature to detect it (the web
>> link does not exist!, isn't it phoney?)
>>
>>
> Well, that's technically a valid part of the Habeas SWE mark.
>
> However, SWE is *DEAD*. Habeas does not support SWE at ALL anymore.
> They're now on a more Bonded-Sender like system.
>
>
>> X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>.
>>
>
>
>
so, that signature denotes someone who doesn't know this? and as such is
a spam sign?
--
Michael Scheidell, CTO
SECNAP Network Security / www.secnap.com
scheidell@secnap.net / 1+561-999-5000, x 1131
-----------------------------------------------------------------
This email has been scanned and certified safe by SpammerTrap(tm)
For Information please see http://www.spammertrap.com
Re: phoney habeas signature?
Posted by Matt Kettler <mk...@verizon.net>.
Michael Scheidell wrote:
> if this is phoney habeas, I propose a signature to detect it (the web
> link does not exist!, isn't it phoney?)
>
Well, that's technically a valid part of the Habeas SWE mark.
However, SWE is *DEAD*. Habeas does not support SWE at ALL anymore.
They're now on a more Bonded-Sender like system.
> X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>.