You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2014/02/08 20:58:52 UTC

svn commit: r1566112 - in /spamassassin/trunk/rulesrc/sandbox/jhardin: 20_advance_fee_reevolved.cf 20_lotsa_money.cf

Author: jhardin
Date: Sat Feb  8 19:58:52 2014
New Revision: 1566112

URL: http://svn.apache.org/r1566112
Log:
Tweak fraud rules to reduce FP on legitimate charity emails

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_advance_fee_reevolved.cf
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_advance_fee_reevolved.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_advance_fee_reevolved.cf?rev=1566112&r1=1566111&r2=1566112&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_advance_fee_reevolved.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_advance_fee_reevolved.cf Sat Feb  8 19:58:52 2014
@@ -24,7 +24,7 @@
 # 
 
 meta      __ADVANCE_FEE_2_NEW  (__AFRICAN_STATE + __ATM_CARD + __BACK_SCRATCH +  __CONTACT_YOU + __COURIER + __DEAD_PARENT + __DEAL + DEAR_BENEFICIARY + DEAR_WINNER + __DECEASED + __DESTROY_ME + __DIPLOMATIC + __DORMANT_ACCT + __EARLY_DEMISE + __EX_CUSTOMER + __FOUND_YOU + __FRAUD_AON + __FRAUD_AUM + __FRAUD_AXF + __FRAUD_BEP + __FRAUD_BGP + __FRAUD_CKF + __FRAUD_DPR + __FRAUD_FVU + __FRAUD_GBW + __FRAUD_IPK + __FRAUD_IRT + __FRAUD_JNB + __FRAUD_JYG + __FRAUD_MCQ + __FRAUD_MLY + __FRAUD_MQO + __FRAUD_NEB + __FRAUD_QFY + __FRAUD_QXX + __FRAUD_SNT + __FRAUD_ULK + __FRAUD_UOQ + __FRAUD_VQE + __FRAUD_WDR + __FRAUD_WFC + __FRAUD_XJR + __FRAUD_XWW + __FRAUD_YPO + __FRAUD_YQV + __I_INHERIT + __INTL_BANK + __INVEST_MONEY + __IS_LEGAL + __I_WILL_YOU + __KAM_LOTTO2 + LOTTO_AGENT + LOTTO_AGENT_RPLY + __LOTTO_DEPT + __LOTTO_RELATED + LOTTO_URI + __LOTTO_WIN_01 + __LOTTO_WINNINGS + __LUCKY_WINNER + __NEXT_OF_KIN + __NOT_DEAD_YET + __PCT_OF_PMTS + __SCAM + __SHARE_IT + __THEY_INHERIT +  UNCLAIMED
 _MONEY + __WIDOW + __WILL_LEGAL + __XFER_MONEY + __YOU_ASSIST + __YOU_INHERIT + __YOUR_FUND + __YOUR_PERM + __YOU_WON > 1) && !__THREAD_INDEX_GOOD
-meta      T_ADVANCE_FEE_2_NEW  __ADVANCE_FEE_2_NEW && !__SUBSCRIPTION_INFO && !__DKIM_EXISTS && !__HAS_SENDER && !__DOS_HAS_LIST_UNSUB && !__TAG_EXISTS_STYLE && !__HTML_LINK_IMAGE && !__COMMENT_EXISTS && !__HAS_X_LOOP
+meta      T_ADVANCE_FEE_2_NEW  __ADVANCE_FEE_2_NEW && !__SUBSCRIPTION_INFO && !__DKIM_EXISTS && !__HAS_SENDER && !__DOS_HAS_LIST_UNSUB && !__TAG_EXISTS_STYLE && !__HTML_LINK_IMAGE && !__COMMENT_EXISTS && !__HAS_X_LOOP && !__TO_YOUR_ORG
 describe  T_ADVANCE_FEE_2_NEW  Appears to be advance fee fraud (Nigerian 419)
 score     T_ADVANCE_FEE_2_NEW  2.50	# limit
 

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf?rev=1566112&r1=1566111&r2=1566112&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf Sat Feb  8 19:58:52 2014
@@ -77,15 +77,17 @@ ifplugin Mail::SpamAssassin::Plugin::MIM
   describe   WON_NBDY_ATTACH    You won lots of money! See attachment.
 endif
 
+body     __TO_YOUR_ORG       /\b(?:to|for) your organi[sz]ation\b/i
+
 body     __LOTTO_AGENT_01 /\b(?:(?:(?:the|y?our)(?:\s\w{1,20})?|contact|accredited|listed)\sclaim(?:s|ing)?(?:\sprocessing)?|fiducia\w+|reimbursement|(?:prize|international|intl|foreign|win+ing)(?:[\s,.]+(?:rem+it+ance|settlement|payment|payout|award|transfer))+|payment|payout|immunity|(?<!memory\s)grants?)\s?(?:agent|manager|officer|secretary|director|mgr\b)/i
 body     __LOTTO_AGENT_02 /\blot+ery[^\.]{1,40} ticket agent/i
 meta     __LOTTO_AGENT    __LOTTO_AGENT_01 || __LOTTO_AGENT_02
-meta     LOTTO_AGENT      __LOTTO_AGENT && !__HAS_IN_REPLY_TO && !__THREADED
+meta     LOTTO_AGENT      __LOTTO_AGENT && !__HAS_IN_REPLY_TO && !__THREADED && !__TO_YOUR_ORG && !__DKIM_EXISTS 
 describe LOTTO_AGENT      Claims Agent
 score    LOTTO_AGENT      3.00		# limit
 
 body     __LOTTO_DEPT       /\b(?:claim(?:s|ing)?(?:\sprocessing)?|fiducia\w+|reimbursement|(?:international|foreign|win+ing)(?:\s(?:rem+it+ance|settlement|payment|award))+|payment|award|compensation|lot+ery)(?:\s\w+)?\s?(?:department|dept|unit|group|committee|bureau)/i
-meta     LOTTO_DEPT       __LOTTO_DEPT && !__COMMENT_EXISTS && !__HAS_IN_REPLY_TO && !__THREADED && !__VIA_ML
+meta     LOTTO_DEPT       __LOTTO_DEPT && !__COMMENT_EXISTS && !__HAS_IN_REPLY_TO && !__THREADED && !__VIA_ML && !__TO_YOUR_ORG
 describe LOTTO_DEPT       Claims Department
 score    LOTTO_DEPT       2.00		# limit
 
@@ -97,7 +99,8 @@ header   LOTTO_AGENT_FM   From =~ /(?:cl
 describe LOTTO_AGENT_FM   Claims Agent
 #score    LOTTO_AGENT_FM   0.50
 
-header   LOTTO_AGENT_RPLY Reply-To =~ /(?:claim(?:s|ing)?(?:[\s_.]processing)?|fiducia\w+|dispatch|reimbursement|payout|prize\stransfer|(?:international|foreign|win+ing)[\s_.]rem+it+ance)[\s_.]?(?:agent|manager|officer|secretary|director|department|dept)/i
+header   __LOTTO_AGENT_RPLY Reply-To =~ /(?:claim(?:s|ing)?(?:[\s_.]processing)?|fiducia\w+|dispatch|reimbursement|payout|prize\stransfer|(?:international|foreign|win+ing)[\s_.]rem+it+ance)[\s_.]?(?:agent|manager|officer|secretary|director|department|dept)/i
+meta     LOTTO_AGENT_RPLY __LOTTO_AGENT_RPLY && !__TO_YOUR_ORG
 describe LOTTO_AGENT_RPLY Claims Agent
 #score    LOTTO_AGENT_RPLY 0.50