You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Paul Douglas Franklin of Yakima UGM <pd...@yugm.org> on 2008/02/06 20:20:22 UTC
Body vs headers
I have noticed that spammers are putting dead giveaways into some of the
headers which are not checked with the body rules. Specifically, I
received an email with a sender name that was obviously spam. I hit
reply so that the sender name was replicated in the body and then
changed the to: back to myself. When I sent it, SA flagged it as spam
based on the presence of that sender name in the body.
I know that it treats the subject as part of the body. Is there any way
to have it apply all body rules to the other headers as well?
--Paul
--
Paul Douglas Franklin
Computer Manager, Union Gospel Mission of Yakima, Washington
Husband of Danette
Father of Laurene, Miriam, Tycko, Timothy, Sarabeth, Marie, Dawnita, Anna Leah, Alexander, and Caleb
Re: Body vs headers
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Thu, 2008-02-07 at 20:15 +0100, Per Jessen wrote:
> Paul Douglas Franklin of Yakima UGM wrote:
>
> > I have noticed that spammers are putting dead giveaways into some of
> > the headers which are not checked with the body rules. Specifically,
> > I received an email with a sender name that was obviously spam.
>
> How did you determine that the sender name made the email "obviously
> spam" ?
Well, a few typical examples I've seen in the past couple hours (email
addresses munged):
Cilais <--...@example.net>
Ciails <-u...@example.net>
Amazing Watches <us...@example.net>
Most Trusted Replica <us...@example.net>
Cartier Replica <us...@example.net>
However, even though spammers seem to shift some "body" into the user
visible From header, as far as I am concerned, I don't really see a need
to make SA treat the real-name part as body. The Subject tends to hold
the same [1] info. As does the body.
All those examples are really big scorers anyway -- score of 16+, Bayes
confidentiality of 99%, and they hit at least one known-to-be-good
blacklist (IP and URI).
guenther
[1] Well, or similar. I have seen advertisement for Replica Watches
(Subject) with a From of Replica Purses. And vice versa. ;)
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Body vs headers
Posted by Per Jessen <pe...@computer.org>.
Paul Douglas Franklin of Yakima UGM wrote:
> I have noticed that spammers are putting dead giveaways into some of
> the headers which are not checked with the body rules. Specifically,
> I received an email with a sender name that was obviously spam.
How did you determine that the sender name made the email "obviously
spam" ?
/Per Jessen, Zürich