« Thoughts on "Microsoft Goodness" | Main | The Open Data Format Initiative »
January 29, 2005
Spam Record Redux
After a long period as the champeen, my previous record-holder for highest Spam Assassin score has been dethroned by one that raked in a massive 55.7 points. The subject line was a fairly pedestrian "Re: Your Xanax refill is ready", but the tale of the tape tells the whole story:
pts rule name description
I especially like the ones that are "Obfuscated reference to an [erectile|anxiety control|pain relief|diet] drug" or "Refers to both an erectile and a sleep aid drug". Come to think of it referring to both an erectile and a sleep aid drug doesn't make much sense. I mean, what's the scenario here?
Posted by AdamBa at January 29, 2005 09:57 PM TrackBack URL for this entry:
---- ---------------------- --------------------------------------------------
0.7 MSGID_YAHOO_CAPS Message-ID has ALLCAPS@yahoo.com
0.1 X_PRIORITY_HIGH Sent with 'X-Priority' set to high
4.2 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
2.3 SUBJECT_DRUG_GAP_X Subject contains a gappy version of 'xanax'
0.3 X_MSMAIL_PRIORITY_HIGH Sent with 'X-Msmail-Priority' set to high
0.8 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2)
3.2 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
0.0 RCVD_BY_IP Received by mail server with no name
2.2 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
2.1 WHY_WAIT BODY: What are you waiting for
0.2 RISK_FREE BODY: Risk free. Suuurreeee....
0.0 MONEY_BACK BODY: Money back guarantee
0.7 HTML_OBFUSCATE_10_20 BODY: Message is 10% to 20% HTML obfuscation
0.0 HTML_MESSAGE BODY: HTML included in message
0.2 HTML_FONT_BIG BODY: HTML tag for a big font size
1.5 MPART_ALT_DIFF BODY: HTML and text parts are different
1.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.6 HTML_BACKHAIR_8 BODY: HTML tags used to obfuscate words
2.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org [
1.8 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
2.5 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [200.11.193.195 listed in sbl-xbl.spamhaus.org]
0.6 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: fast-rxmedicines.com]
0.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: fast-rxmedicines.com]
2.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: fast-rxmedicines.com]
3.9 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist [URIs: fast-rxmedicines.com]
0.8 DRUGS_ERECTILE_OBFU Obfuscated reference to an erectile drug
0.0 DRUGS_ERECTILE Refers to an erectile drug
4.0 DRUGS_ANXIETY_OBFU Obfuscated reference to an anxiety control drug
0.0 DRUGS_ANXIETY Refers to an anxiety control drug
4.1 RCVD_DOUBLE_IP_SPAM Bulk email fingerprint (double IP) found
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
2.4 DRUGS_PAIN_OBFU Obfuscated reference to a pain relief drug
0.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
0.8 DRUGS_DIET_OBFU Obfuscated reference to a diet drug
0.4 DRUGS_DIET Refers to a diet drug
0.1 DRUGS_SLEEP Refers to a sleep aid drug
0.0 DRUGS_PAIN Refers to a pain relief drug
3.0 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
2.7 DRUGS_SLEEP_EREC Refers to both an erectile and a sleep aid drug
0.0 DRUGS_ANXIETY_EREC Refers to both an erectile and an anxiety drug
2.7 DRUGS_MANYKINDS Refers to at least four kinds of drugs
Trackback Pings
http://proudlyserving.com/cgi-bin/mt-tb.cgi/144Comments
