You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Andreas Kotowicz <ko...@mynetix.de> on 2005/11/20 17:23:43 UTC
why doesn't this email get detected as spam?
attached email doesn't get any score. why is that?
cheers,
andreas
Re: why doesn't this email get detected as spam?
Posted by Chris <cp...@earthlink.net>.
On Sunday 20 November 2005 10:23 am, Andreas Kotowicz wrote:
> attached email doesn't get any score. why is that?
>
> cheers,
> andreas
It scored as shown here:
Content analysis details: (12.1 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 OPTING_OUT_CAPS BODY: Talks about opting out (capitalized
version)
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5000]
3.7 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: thrillhand.com]
3.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: thrillhand.com]
1.0 SAGREY Adds 1.0 to spam from first-time senders
--
Chris
Registered Linux User 283774 http://counter.li.org
17:49:25 up 10 days, 21:20, 2 users, load average: 0.74, 0.55, 0.42
Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk
Re: why doesn't this email get detected as spam?
Posted by Evan Platt <ev...@espphotography.com>.
Is your question why doesn't it get detected as spam, or why doesn't
it get any score?
Scored a 1.9 on my system:
X-Spam-Status: No, score=1.9 required=6.0 tests=BAYES_00,EXCUSE_3,
MANY_EXCLAMATIONS,NO_REAL_NAME,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,
REMOVE_PAGE,SARE_EN_A_2XX_1,YOU_WON autolearn=no version=3.0.4
And hit the Razor warning.
At 08:23 AM 11/20/2005, you wrote:
>attached email doesn't get any score. why is that?
Re: why doesn't this email get detected as spam?
Posted by "saurabh.bhasin" <sa...@bhasin.in>.
Magnus Holmgren wrote:
> saurabh.bhasin wrote:
>
>>Scores 9.1 here. To give you an idea, details are mentioned below:
>>
>
> You have weak bayes! I get this: :-)
>
Ture. Bayes is a derivative of the direct relationship between duration
of operation of SA and volume of messages handled ;) It's been two
months sinces I initiated bayes and with little under 300 mailboxes, it
might take a bit. :)
Re: why doesn't this email get detected as spam?
Posted by Magnus Holmgren <ho...@lysator.liu.se>.
saurabh.bhasin wrote:
> Scores 9.1 here. To give you an idea, details are mentioned below:
>
You have weak bayes! I get this: :-)
X-Spam-Report:
* 0.0 NO_REAL_NAME From: does not include a real name
* 0.6 YOU_WON BODY: Who really wins?
* 0.1 EXCUSE_3 BODY: Claims you can be removed from the list
* 1.0 OPTING_OUT_CAPS BODY: Talks about opting out (capitalized
version)
* 0.2 REMOVE_PAGE URI: URL of page called "remove"
* 6.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
* [Blocked - see
<http://www.spamcop.net/bl.shtml?66.154.124.4>]
* 3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL
blocklist
* [URIs: thrillhand.com]
* 0.0 MANY_EXCLAMATIONS Subject has many exclamations
--
Magnus Holmgren
Re: why doesn't this email get detected as spam?
Posted by Spamassassin List <sp...@gmail.com>.
>> 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
>> 0.1 OPTING_OUT_CAPS BODY: Talks about opting out (capitalized
>> version)
>> -0.7 BAYES_20 BODY: Bayesian spam probability is 5 to 20%
>> [score: 0.1239]
>> 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
>> above 50%
>> [cf: 100]
>> 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
>> 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
>> [cf: 100]
>> 4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL
>> blocklist
>> [URIs: thrillhand.com]
>> 3.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL
>> blocklist
>> [URIs: thrillhand.com]
I have RAZOR, RBL and PYZOR running. But none hit in my case. Why?
pts rule name description
---- ---------------------- --------------------------------------------------
3.2 HEADER_SPAM Bulk email fingerprint (header-based) found
2.0 SARE_EN_A_2XX_1 BODY: Phone number or address pulled from spam
0.8 MANY_EXCLAMATIONS Subject has many exclamations
-0.0 AWL AWL: From: address is in the auto white-list
RE: why doesn't this email get detected as spam?
Posted by Rick Cooper <rc...@dwford.com>.
My apologies to all for accidentally replying to the wrong thread in my
previous post on this thread
Rick
> -----Original Message-----
> From: saurabh.bhasin [mailto:saurabh@bhasin.in]
> Sent: Sunday, November 20, 2005 12:40 PM
> To: Andreas Kotowicz
> Cc: users@spamassassin.apache.org
> Subject: Re: why doesn't this email get detected as spam?
>
>
> Scores 9.1 here. To give you an idea, details are mentioned below:
>
> >
> > Content analysis details: (9.1 points, 1.0 required)
> >
> > pts rule name description
> > ---- ----------------------
> --------------------------------------------------
> > 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
> > 0.1 OPTING_OUT_CAPS BODY: Talks about opting out
> (capitalized version)
> > -0.7 BAYES_20 BODY: Bayesian spam probability is 5 to 20%
> > [score: 0.1239]
> > 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
> > above 50%
> > [cf: 100]
> > 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
> > 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
> > [cf: 100]
> > 4.1 URIBL_JP_SURBL Contains an URL listed in the JP
> SURBL blocklist
> > [URIs: thrillhand.com]
> > 3.0 URIBL_OB_SURBL Contains an URL listed in the OB
> SURBL blocklist
> > [URIs: thrillhand.com]
> >
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
RE: why doesn't this email get detected as spam?
Posted by Rick Cooper <rc...@dwford.com>.
I get a similar score now, when they first came in they didn't hit any of
the SURBL or RAZOR rules so it scored very low. I was looking for a way to
hit the scheme they are using before they make it into the various block
lists. I had quite a few on several servers in just a few min.
I wrote a sequence of meta rules that seem to catch it well and they didn't
get any FPs with mass-check, but they didn't get any hits either (using
spam, spam_2 and hard_ham). I assume since they didn't get hits on the
public corpus but hit every one I have actually recieved this is a fairly
new trick. I guess I will just watch them for a while and see how they do in
real life.
Rick
> -----Original Message-----
> From: saurabh.bhasin [mailto:saurabh@bhasin.in]
> Sent: Sunday, November 20, 2005 12:40 PM
> To: Andreas Kotowicz
> Cc: users@spamassassin.apache.org
> Subject: Re: why doesn't this email get detected as spam?
>
>
> Scores 9.1 here. To give you an idea, details are mentioned below:
>
> >
> > Content analysis details: (9.1 points, 1.0 required)
> >
> > pts rule name description
> > ---- ----------------------
> --------------------------------------------------
> > 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
> > 0.1 OPTING_OUT_CAPS BODY: Talks about opting out
> (capitalized version)
> > -0.7 BAYES_20 BODY: Bayesian spam probability is 5 to 20%
> > [score: 0.1239]
> > 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
> > above 50%
> > [cf: 100]
> > 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
> > 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
> > [cf: 100]
> > 4.1 URIBL_JP_SURBL Contains an URL listed in the JP
> SURBL blocklist
> > [URIs: thrillhand.com]
> > 3.0 URIBL_OB_SURBL Contains an URL listed in the OB
> SURBL blocklist
> > [URIs: thrillhand.com]
> >
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: why doesn't this email get detected as spam?
Posted by "saurabh.bhasin" <sa...@bhasin.in>.
Scores 9.1 here. To give you an idea, details are mentioned below:
>
> Content analysis details: (9.1 points, 1.0 required)
>
> pts rule name description
> ---- ---------------------- --------------------------------------------------
> 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
> 0.1 OPTING_OUT_CAPS BODY: Talks about opting out (capitalized version)
> -0.7 BAYES_20 BODY: Bayesian spam probability is 5 to 20%
> [score: 0.1239]
> 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
> above 50%
> [cf: 100]
> 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
> 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
> [cf: 100]
> 4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
> [URIs: thrillhand.com]
> 3.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
> [URIs: thrillhand.com]
>
Re: why doesn't this email get detected as spam?
Posted by Kai Schaetzl <ma...@conactive.com>.
Andreas Kotowicz wrote on Sun, 20 Nov 2005 17:23:43 +0100:
> . why is that?
because it's Sunday?
Kai
Re:why doesn't this email get detected as spam?
Posted by James Lay <jl...@slave-tothe-box.net>.
On Sun, 20 Nov 2005 17:23:43 +0100
Andreas Kotowicz <ko...@mynetix.de> wrote:
> attached email doesn't get any score. why is that?
>
> cheers,
> andreas
Got tagged all over the place here:
X-Spam-Status: Yes, score=6.2 required=4.0 tests=AWL,RAZOR2_CF_RANGE_51_100,
RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,SARE_EN_A_2XX_1,SARE_UNSUB09,
SPF_PASS,URIBL_JP_SURBL,URIBL_OB_SURBL autolearn=no version=3.1.0
X-Spam-Report:
* -0.0 SPF_PASS SPF: sender matches SPF record
* 2.0 SARE_EN_A_2XX_1 BODY: Phone number or address pulled from spam
* 1.3 SARE_UNSUB09 URI: SARE_UNSUB09
* 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
* above 50%
* [cf: 100]
* 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
* 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
* [cf: 100]
* 3.4 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
* [URIs: thrillhand.com]
* 2.6 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
* [URIs: thrillhand.com]
* -5.5 AWL AWL: From: address is in the auto white-list
Re: why doesn't this email get detected as spam?
Posted by Steven Stern <su...@sterndata.com>.
Andreas Kotowicz wrote:
> attached email doesn't get any score. why is that?
>
> cheers,
> andreas
>
What rules are you using? This is what I got from your email. Seems
like a little bit of bayes training should catch it.
result:
X-Spam-Status: No, score=4.8 required=5.0 tests=BAYES_00,FORGED_RCVD_HELO,
OPTING_OUT_CAPS,SPF_PASS,URIBL_JP_SURBL,URIBL_OB_SURBL autolearn=no
version=3.1.0
--
Steve