Zone38 Presents...
Letters to the World

26-Jan-2004

♪ Spam, spam, wonderful spam… ♪

Filed under: Spam — codeman38 @ 12:46 am

Some spammers just don’t have a clue.

Here, in its entirety, is SpamAssassin‘s analysis of a spam that I just received tonight. Note that it got 52.5 spam points– I think that this might be a record for me…

Subject: FOLLOWING IS A NOTE FROM THE ORIGINATOR OF THIS PROGRAM dl o


Content preview:  DO NOT DELETE THIS - READ FIRST - IT WILL CHANGE YOUR
  LIFE! [...] 

Content analysis details:   (52.5 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 4.4 DATE_SPAMWARE_Y2K      Date header uses unusual Y2K formatting
 4.3 RATWARE_EGROUPS        Bulk email fingerprint (eGroups) found
 1.9 AS_SEEN_ON             BODY: As seen on national TV!
 2.2 MLM                    BODY: Multi Level Marketing mentioned
 1.1 EARN_MONEY             BODY: Message talks about earning money
 0.5 ONE_TIME               BODY: One Time Rip Off
 2.8 JODY                   BODY: Contains "My wife, Jody" testimonial
 0.9 BANG_MONEY             BODY: Talks about money with an exclamation!
 2.8 ORDER_REPORT           BODY: Order a report from someone
 0.5 REMOVE_REMOVAL_2WORD   BODY: List removal information
 2.8 SENT_IN_COMPLIANCE     BODY: Claims compliance with spam regulations
 2.1 FINANCIAL              BODY: Financial Freedom
 0.5 SECTION_301            BODY: Claims compliance with spam regulations
 0.1 EXCUSE_3               BODY: Claims you can be removed from the list
 2.8 INVALUABLE_MARKETING   BODY: Invaluable marketing information
 0.8 DONT_DELETE            BODY: Don't delete me!  Nooooo!!!!
 0.7 RISK_FREE              BODY: Risk free.  Suuurreeee....
 2.8 COPY_ACCURATELY        BODY: Common pyramid scheme phrase (1)
 2.8 INITIAL_INVEST         BODY: Requires Initial Investment
 0.8 HTML_30_40             BODY: Message is 30% to 40% HTML
 0.1 HTML_FONTCOLOR_RED     BODY: HTML font color is red
 0.1 LINES_OF_YELLING_2     BODY: 2 WHOLE LINES OF YELLING DETECTED
 0.1 HTML_FONTCOLOR_BLUE    BODY: HTML font color is blue
 0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.1 HTML_FONT_BIG          BODY: HTML has a big font
 0.0 LINES_OF_YELLING       BODY: A WHOLE LINE OF YELLING DETECTED
 1.8 HTML_SHOUTING5         BODY: HTML has very strong "shouting" markup
 0.2 NORMAL_HTTP_TO_IP      URI: Uses a dotted-decimal IP address in URL
 0.8 REMOVE_PAGE            URI: URL of page called "remove"
 0.3 PYZOR_CHECK            Listed in Pyzor (http://pyzor.sf.net/)
 2.8 DATE_IN_FUTURE_03_06   Date: is 3 to 6 hours after Received: date
 0.1 RCVD_IN_SORBS          RBL: SORBS: sender is listed in SORBS
                            [24.3.42.33 listed in dnsbl.sorbs.net]
 1.1 RCVD_IN_DSBL           RBL: Received via a relay in list.dsbl.org
                            [<http://dsbl.org/listing?ip=24.3.42.33>]
 0.1 RCVD_IN_RFCI           RBL: Sent via a relay in ipwhois.rfc-ignorant.org
                            [Inaccurate or missing WHOIS data]
 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
                  [Blocked - see <http://www.spamcop.net/bl.shtml?24.3.42.33>]
 2.5 RCVD_IN_DYNABLOCK      RBL: Sent directly from dynamic IP address
                            [24.3.42.33 listed in dnsbl.sorbs.net]
 0.0 CASHCASHCASH           Contains at least 3 dollar signs in a row
 1.2 MISSING_MIMEOLE        Message has X-MSMail-Priority, but no X-MimeOLE
 1.1 MIME_HTML_ONLY_MULTI   Multipart message only has text/html MIME parts
 0.1 MISSING_OUTLOOK_NAME   Message looks like Outlook, but isn't

No Comments »

No comments yet.

RSS feed for comments on this post.

Leave a comment

You can use these HTML tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

© 2001-2025 codeman38. Powered by WordPress.