♪ Spam, spam, wonderful spam… ♪
Some spammers just don’t have a clue.
Here, in its entirety, is SpamAssassin‘s analysis of a spam that I just received tonight. Note that it got 52.5 spam points– I think that this might be a record for me…
Subject: FOLLOWING IS A NOTE FROM THE ORIGINATOR OF THIS PROGRAM dl o Content preview: DO NOT DELETE THIS - READ FIRST - IT WILL CHANGE YOUR LIFE! [...] Content analysis details: (52.5 points, 5.0 required)
pts rule name description ---- ---------------------- -------------------------------------------------- 4.4 DATE_SPAMWARE_Y2K Date header uses unusual Y2K formatting 4.3 RATWARE_EGROUPS Bulk email fingerprint (eGroups) found 1.9 AS_SEEN_ON BODY: As seen on national TV! 2.2 MLM BODY: Multi Level Marketing mentioned 1.1 EARN_MONEY BODY: Message talks about earning money 0.5 ONE_TIME BODY: One Time Rip Off 2.8 JODY BODY: Contains "My wife, Jody" testimonial 0.9 BANG_MONEY BODY: Talks about money with an exclamation! 2.8 ORDER_REPORT BODY: Order a report from someone 0.5 REMOVE_REMOVAL_2WORD BODY: List removal information 2.8 SENT_IN_COMPLIANCE BODY: Claims compliance with spam regulations 2.1 FINANCIAL BODY: Financial Freedom 0.5 SECTION_301 BODY: Claims compliance with spam regulations 0.1 EXCUSE_3 BODY: Claims you can be removed from the list 2.8 INVALUABLE_MARKETING BODY: Invaluable marketing information 0.8 DONT_DELETE BODY: Don't delete me! Nooooo!!!! 0.7 RISK_FREE BODY: Risk free. Suuurreeee.... 2.8 COPY_ACCURATELY BODY: Common pyramid scheme phrase (1) 2.8 INITIAL_INVEST BODY: Requires Initial Investment 0.8 HTML_30_40 BODY: Message is 30% to 40% HTML 0.1 HTML_FONTCOLOR_RED BODY: HTML font color is red 0.1 LINES_OF_YELLING_2 BODY: 2 WHOLE LINES OF YELLING DETECTED 0.1 HTML_FONTCOLOR_BLUE BODY: HTML font color is blue 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 HTML_FONT_BIG BODY: HTML has a big font 0.0 LINES_OF_YELLING BODY: A WHOLE LINE OF YELLING DETECTED 1.8 HTML_SHOUTING5 BODY: HTML has very strong "shouting" markup 0.2 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL 0.8 REMOVE_PAGE URI: URL of page called "remove" 0.3 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 2.8 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS [24.3.42.33 listed in dnsbl.sorbs.net] 1.1 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org [<http://dsbl.org/listing?ip=24.3.42.33>] 0.1 RCVD_IN_RFCI RBL: Sent via a relay in ipwhois.rfc-ignorant.org [Inaccurate or missing WHOIS data] 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <http://www.spamcop.net/bl.shtml?24.3.42.33>] 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address [24.3.42.33 listed in dnsbl.sorbs.net] 0.0 CASHCASHCASH Contains at least 3 dollar signs in a row 1.2 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE 1.1 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts 0.1 MISSING_OUTLOOK_NAME Message looks like Outlook, but isn't