♪ Spam, spam, wonderful spam… ♪
Some spammers just don’t have a clue.
Here, in its entirety, is SpamAssassin‘s analysis of a spam that I just received tonight. Note that it got 52.5 spam points– I think that this might be a record for me…
Subject: FOLLOWING IS A NOTE FROM THE ORIGINATOR OF THIS PROGRAM dl o Content preview: DO NOT DELETE THIS - READ FIRST - IT WILL CHANGE YOUR LIFE! [...] Content analysis details: (52.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
4.4 DATE_SPAMWARE_Y2K Date header uses unusual Y2K formatting
4.3 RATWARE_EGROUPS Bulk email fingerprint (eGroups) found
1.9 AS_SEEN_ON BODY: As seen on national TV!
2.2 MLM BODY: Multi Level Marketing mentioned
1.1 EARN_MONEY BODY: Message talks about earning money
0.5 ONE_TIME BODY: One Time Rip Off
2.8 JODY BODY: Contains "My wife, Jody" testimonial
0.9 BANG_MONEY BODY: Talks about money with an exclamation!
2.8 ORDER_REPORT BODY: Order a report from someone
0.5 REMOVE_REMOVAL_2WORD BODY: List removal information
2.8 SENT_IN_COMPLIANCE BODY: Claims compliance with spam regulations
2.1 FINANCIAL BODY: Financial Freedom
0.5 SECTION_301 BODY: Claims compliance with spam regulations
0.1 EXCUSE_3 BODY: Claims you can be removed from the list
2.8 INVALUABLE_MARKETING BODY: Invaluable marketing information
0.8 DONT_DELETE BODY: Don't delete me! Nooooo!!!!
0.7 RISK_FREE BODY: Risk free. Suuurreeee....
2.8 COPY_ACCURATELY BODY: Common pyramid scheme phrase (1)
2.8 INITIAL_INVEST BODY: Requires Initial Investment
0.8 HTML_30_40 BODY: Message is 30% to 40% HTML
0.1 HTML_FONTCOLOR_RED BODY: HTML font color is red
0.1 LINES_OF_YELLING_2 BODY: 2 WHOLE LINES OF YELLING DETECTED
0.1 HTML_FONTCOLOR_BLUE BODY: HTML font color is blue
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 HTML_FONT_BIG BODY: HTML has a big font
0.0 LINES_OF_YELLING BODY: A WHOLE LINE OF YELLING DETECTED
1.8 HTML_SHOUTING5 BODY: HTML has very strong "shouting" markup
0.2 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
0.8 REMOVE_PAGE URI: URL of page called "remove"
0.3 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
2.8 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[24.3.42.33 listed in dnsbl.sorbs.net]
1.1 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?ip=24.3.42.33>]
0.1 RCVD_IN_RFCI RBL: Sent via a relay in ipwhois.rfc-ignorant.org
[Inaccurate or missing WHOIS data]
2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?24.3.42.33>]
2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
[24.3.42.33 listed in dnsbl.sorbs.net]
0.0 CASHCASHCASH Contains at least 3 dollar signs in a row
1.2 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
1.1 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
0.1 MISSING_OUTLOOK_NAME Message looks like Outlook, but isn't
