You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Chris <cp...@earthlink.net> on 2006/06/07 02:09:28 UTC

Mis-tagged advance fee spam

I've got a spam message that I believe was mis-tagged with an advance fee 
tag. I've uploaded it here, if it can't be downloaded I'll send it direct.

http://www.verzend.be/v/9403665/mistagged.txt.html

If anyone knows of a better free upload site please let me know.

-- 
Chris
Registered Linux User 283774 http://counter.li.org
19:04:07 up 23 days, 7:04, 1 user, load average: 0.13, 0.23, 0.17
Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk

Re: Mis-tagged advance fee spam

Posted by Chris <cp...@earthlink.net>.

On Tuesday 06 June 2006 7:31 pm, David Goldsmith wrote:
> Chris wrote:
> > I've got a spam message that I believe was mis-tagged with an advance
> > fee tag. I've uploaded it here, if it can't be downloaded I'll send it
> > direct.
> >
> > http://www.verzend.be/v/9403665/mistagged.txt.html
> >
> > If anyone knows of a better free upload site please let me know.
>
> It's matching against:
>
> __FRAUD_IOU because of '100% safe'
> __FRAUD_DBI because of '$45.3008'
>
> ADVANCE_FEE_1 is a meta rule that gets set if any two of 50+ __FRAUD_###
> rules are triggered.
>
> Dave

Thanks Dave and Ben, previous ADVANCE_FEE(s) I've seen were actually the 419 
type, or I just haven't read down the complete message.

-- 
Chris
Registered Linux User 283774 http://counter.li.org
20:30:22 up 23 days, 8:30, 1 user, load average: 0.19, 0.24, 0.17
Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk

Re: Mis-tagged advance fee spam

Posted by David Goldsmith <dg...@sans.org>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris wrote:
> I've got a spam message that I believe was mis-tagged with an advance fee 
> tag. I've uploaded it here, if it can't be downloaded I'll send it direct.
> 
> http://www.verzend.be/v/9403665/mistagged.txt.html
> 
> If anyone knows of a better free upload site please let me know.

It's matching against:

__FRAUD_IOU because of '100% safe'
__FRAUD_DBI because of '$45.3008'

ADVANCE_FEE_1 is a meta rule that gets set if any two of 50+ __FRAUD_###
rules are triggered.

Dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3rc2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEhh5K417vU8/9QfkRApqQAJ4yUQ2fQfPQT1sdZc833cyGBvCGBACeP3NO
XihgNQS5o437anhh28knb5U=
=KV1l
-----END PGP SIGNATURE-----

RE: Mis-tagged advance fee spam

Posted by Ben Wylie <sa...@benwylie.co.uk>.

> I've got a spam message that I believe was mis-tagged with an advance fee 
> tag. I've uploaded it here

Your spam hit the following two subtests
[1464] dbg: rules: ran body rule __FRAUD_IOU ======> got hit: "100% Safe"
[1464] dbg: rules: ran body rule __FRAUD_DBI ======> got hit: "$45.3008"

With two of these subtests it hits: ADVANCE_FEE_1.

Ben