« Fired for Blogging | Main | Roads on the Move »

August 28, 2004

New Spam Record

My old email address, adam@proudlyserving.com, is hopelessly entrenched in the "please spam me" address lists (if you want to email me, you can still use it -- eventually I'll set up a new address and decommission that one). So I finally set up Spam Assassin to filter email.

I could set it to be automatically deleted, but instead I have it forwarded on with a subject line that starts with "**SPAM*" and then has the Spam Assassin score included. This is so I can keep track of which email scores the highest (Spam Assassin assigns points to spam-y attributes of an email).

About a week ago I got the new champ, weighing in at a hefty 47.80 (5.0 is the default cutoff for being labelled spam). This is the list of miscreancy from the email:

pts rule name description
---- ---------------------- --------------------------------------------------
0.5 X_PRIORITY_HIGH Sent with 'X-Priority' set to high
4.2 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
2.1 SUBJECT_DRUG_GAP_X Subject contains a gappy version of 'xanax'
0.5 X_MSMAIL_PRIORITY_HIGH Sent with 'X-Msmail-Priority' set to high
2.8 SUBJ_VIAGRA Subject includes "viagra"
0.3 RCVD_NUMERIC_HELO Received: contains a numeric HELO
3.1 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
4.3 GENERIC_VIAGRA BODY: Mentions Generic Viagra
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 HTML_70_80 BODY: Message is 70% to 80% HTML
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
2.2 HTML_IMAGE_ONLY_02 BODY: HTML: images with 0-200 bytes of words
0.7 MIME_HTML_NO_CHARSET RAW: Message text in HTML without charset
0.2 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
3.0 FORGED_RCVD_NET_HELO Host HELO'd using the wrong IP network
0.5 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
1.2 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy [ listed in combined.njabl.org]
0.1 RCVD_IN_SORBS_MISC RBL: SORBS: sender is open proxy server [ listed in dnsbl.sorbs.net]
2.3 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [ listed in sbl-xbl.spamhaus.org]
1.1 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org []
2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ]
0.1 RCVD_IN_RFCI RBL: Sent via a relay in ipwhois.rfc-ignorant.org [$ has inaccurate or missing WHOIS data at the] [RIR]
1.2 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
3.9 RCVD_DOUBLE_IP_SPAM Bulk email fingerprint (double IP) found
1.1 FORGED_MUA_IMS Forged mail pretending to be from IMS
4.3 FORGED_IMS_HTML IMS can't send HTML message only
1.1 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
4.3 FORGED_IMS_TAGS IMS mailers can't send HTML in this format
0.1 MISSING_OUTLOOK_NAME Message looks like Outlook, but isn't

An impressive list, but I'm sure someone out there is cooking up an email that can top it.

Posted by AdamBa at August 28, 2004 11:54 AM