« Fired for Blogging | Main | Roads on the Move »
August 28, 2004
New Spam Record
My old email address, adam@proudlyserving.com, is hopelessly entrenched in the "please spam me" address lists (if you want to email me, you can still use it -- eventually I'll set up a new address and decommission that one). So I finally set up Spam Assassin to filter email.I could set it to be automatically deleted, but instead I have it forwarded on with a subject line that starts with "**SPAM*" and then has the Spam Assassin score included. This is so I can keep track of which email scores the highest (Spam Assassin assigns points to spam-y attributes of an email).
About a week ago I got the new champ, weighing in at a hefty 47.80 (5.0 is the default cutoff for being labelled spam). This is the list of miscreancy from the email:
pts rule name description
An impressive list, but I'm sure someone out there is cooking up an email that can top it.
Posted by AdamBa at August 28, 2004 11:54 AM
---- ---------------------- --------------------------------------------------
0.5 X_PRIORITY_HIGH Sent with 'X-Priority' set to high
4.2 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
2.1 SUBJECT_DRUG_GAP_X Subject contains a gappy version of 'xanax'
0.5 X_MSMAIL_PRIORITY_HIGH Sent with 'X-Msmail-Priority' set to high
2.8 SUBJ_VIAGRA Subject includes "viagra"
0.3 RCVD_NUMERIC_HELO Received: contains a numeric HELO
3.1 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
4.3 GENERIC_VIAGRA BODY: Mentions Generic Viagra
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 HTML_70_80 BODY: Message is 70% to 80% HTML
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
2.2 HTML_IMAGE_ONLY_02 BODY: HTML: images with 0-200 bytes of words
0.7 MIME_HTML_NO_CHARSET RAW: Message text in HTML without charset
0.2 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
3.0 FORGED_RCVD_NET_HELO Host HELO'd using the wrong IP network
0.5 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
1.2 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy
[211.200.141.22 listed in combined.njabl.org]
0.1 RCVD_IN_SORBS_MISC RBL: SORBS: sender is open proxy server
[211.200.141.22 listed in dnsbl.sorbs.net]
2.3 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[211.200.141.22 listed in sbl-xbl.spamhaus.org]
1.1 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[
2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
0.1 RCVD_IN_RFCI RBL: Sent via a relay in ipwhois.rfc-ignorant.org
[$ has inaccurate or missing WHOIS data at the] [RIR]
1.2 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
3.9 RCVD_DOUBLE_IP_SPAM Bulk email fingerprint (double IP) found
1.1 FORGED_MUA_IMS Forged mail pretending to be from IMS
4.3 FORGED_IMS_HTML IMS can't send HTML message only
1.1 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
4.3 FORGED_IMS_TAGS IMS mailers can't send HTML in this format
0.1 MISSING_OUTLOOK_NAME Message looks like Outlook, but isn't
Comments
