We all get the emails telling us that if we help this prince or that princess we'll get a big ol' chunk of some lost/found/confiscated fortune.....but I got one over the weekend with an outrageous score so I thought it'd be fun to see just how high on the SA scale these things can get. I'll start with this one: Content analysis details: (69.3 points, 8.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL [5.34.241.62 listed in zen.spamhaus.org] 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% [score: 1.0000] 0.3 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam 1.0 FSL_XM_419 Old OE version in X-Mailer only seen in 419 spam 2.7 NSL_RCVD_FROM_USER Received from User 0.0 FSL_RCVD_USER FSL_RCVD_USER 1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [219.137.27.90 listed in bb.barracudacentral.org] 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL [219.137.27.90 listed in psbl.surriel.com] 1.0 MISSING_HEADERS Missing To: header 3.2 MILLION_USD BODY: Talks about millions of dollars 3.7 DEAR_BENEFICIARY BODY: Dear Beneficiary: 0.0 HTML_MESSAGE BODY: HTML included in message 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.6 FSL_UA FSL_UA 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format 3.7 HK_NAME_MR_MRS HK_NAME_MR_MRS 0.0 LOTS_OF_MONEY Huge... sums of money 1.6 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC 2.6 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool 0.5 FROM_MISSP_NO_TO From misspaced, To missing 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS 0.0 FSL_FREEMAIL_1 FSL_FREEMAIL_1 0.0 FSL_NEW_HELO_USER FSL_NEW_HELO_USER 1.7 AXB_XMAILER_MIMEOLE_OL_024C2 AXB_XMAILER_MIMEOLE_OL_024C2 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only 2.0 FSL_MISSP_REPLYTO Mis-spaced from and Reply-to 3.9 FROM_MISSP_USER From misspaced, from "User" 0.0 MONEY_ATM_CARD Lots of money on an ATM card 2.0 FROM_MISSPACED From: missing whitespace 2.6 MONEY_FROM_MISSP Lots of money and misspaced From 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To 0.9 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors 0.7 FROM_MISSP_EH_MATCH From misspaced, matches envelope 0.9 FROM_MISSP_URI From misspaced, has URI 2.9 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool 0.6 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419) 2.9 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419) 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook 3.1 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419) 0.0 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money 1.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money 1.0 FILL_THIS_FORM_SHORT Fill in a short form with personal information 0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases 0.5 MONEY_FRAUD_8 Lots of money and very many fraud phrases 3.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money 0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money 0.0 MONEY_FRAUD_3 Lots of money and several fraud phrases 1.0 MONEY_FORM_SHORT Lots of money if you fill out a short form 0.5 FORM_FRAUD_5 Fill a form and many fraud phrases 3.1 FORM_FRAUD_3 Fill a form and several fraud phrases
Wow! I'm actually surprised you physically got the mail at all, don't many ISPs just blackhole stuff when the SA score is ridiculously high?
and the bar has been raised!! Content analysis details: (92.7 points, 8.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <http://www.spamcop.net/bl.shtml?41.203.67.116>] 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL [41.203.67.116 listed in zen.spamhaus.org] 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% [score: 1.0000] 1.4 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam 2.7 NSL_RCVD_FROM_USER Received from User 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (abdulsyeid[at]yahoo.com) 1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [173.215.166.190 listed in bb.barracudacentral.org] 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL [173.215.166.190 listed in psbl.surriel.com] 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 1.6 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers 1.0 MISSING_HEADERS Missing To: header 3.2 MILLION_USD BODY: Talks about millions of dollars 3.4 HK_SCAM_S7 BODY: HK_SCAM_S7 2.8 FSL_FREEMAIL_2 FSL_FREEMAIL_2 0.0 LOTS_OF_MONEY Huge... sums of money 1.6 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC 3.2 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool 1.0 FROM_MISSP_NO_TO From misspaced, To missing 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS 0.0 FSL_FREEMAIL_1 FSL_FREEMAIL_1 0.0 FSL_NEW_HELO_USER FSL_NEW_HELO_USER 4.4 AXB_XMAILER_MIMEOLE_OL_024C2 AXB_XMAILER_MIMEOLE_OL_024C2 2.0 FSL_MISSP_REPLYTO Mis-spaced from and Reply-to 4.1 FROM_MISSP_USER From misspaced, from "User" 2.0 FROM_MISSPACED From: missing whitespace 1.9 MONEY_FROM_MISSP Lots of money and misspaced From 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different freemails 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To 0.3 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list 1.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope 1.7 FROM_MISSP_URI From misspaced, has URI 3.0 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool 4.0 MONEY_FROM_41 Lots of money from Africa 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook 1.7 FROM_MISSP_FREEMAIL From misspaced + freemail provider 31 AWL AWL: From: address is in the auto white-list
latest 2 broke 100 Content preview: ROBERT MUELLER III EXECUTIVE DIRECTOR FBI FEDERAL BUREAU OF INVESTIGATION FBI. WASHINGTON DC. FBI SEEKING TO WIRETAP INTERNET. FEDERAL BUREAU OF INVESTIGATION SEEKING TO WIRETAP THE INTERNET. ATTN:BENEFICIARY. [...] Content analysis details: (108.9 points, 8.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% [score: 1.0000] 2.6 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam 2.4 NSL_RCVD_FROM_USER Received from User 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (fbifbi72[at]rocketmail.com) 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <http://www.spamcop.net/bl.shtml?49.212.130.61>] 1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [49.212.130.61 listed in bb.barracudacentral.org] 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL [49.212.130.61 listed in psbl.surriel.com] 1.5 SUBJ_ALL_CAPS Subject is all capitals 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (fbifbi72[at]rocketmail.com) 1.0 MISSING_HEADERS Missing To: header 0.6 URG_BIZ BODY: Contains urgent matter 3.2 MILLION_USD BODY: Talks about millions of dollars 2.9 DEAR_BENEFICIARY BODY: Dear Beneficiary: 1.8 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN) 0.5 MISSING_MID Missing Message-Id: header 0.0 LOTS_OF_MONEY Huge... sums of money 1.6 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC 3.3 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool 1.4 FROM_MISSP_NO_TO From misspaced, To missing 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS 0.0 FSL_NEW_HELO_USER FSL_NEW_HELO_USER 4.4 AXB_XMAILER_MIMEOLE_OL_024C2 AXB_XMAILER_MIMEOLE_OL_024C2 1.8 FSL_MISSP_REPLYTO Mis-spaced from and Reply-to 2.2 FROM_MISSP_USER From misspaced, from "User" 2.0 FROM_MISSPACED From: missing whitespace 2.0 MONEY_FROM_MISSP Lots of money and misspaced From 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different freemails 0.2 FROM_MISSP_REPLYTO From misspaced, has Reply-To 1.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors 1.4 FROM_MISSP_EH_MATCH From misspaced, matches envelope 3.6 FROM_MISSP_URI From misspaced, has URI 2.8 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool 0.5 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419) 4.3 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419) 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook 3.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419) 0.0 FILL_THIS_FORM Fill in a form with personal information 3.4 FILL_THIS_FORM_LONG Fill in a form with personal information 2.7 ADVANCE_FEE_4_NEW_FRM_MNY Advance Fee fraud form and lots of money 3.2 ADVANCE_FEE_3_NEW_FORM Advance Fee fraud and a form 4.3 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money 0.0 ADVANCE_FEE_4_NEW_FORM Advance Fee fraud and a form 1.6 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money 1.8 ADVANCE_FEE_5_NEW_FORM Advance Fee fraud and a form 0.0 ADVANCE_FEE_2_NEW_FRM_MNY Advance Fee fraud form and lots of money 1.3 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of money 2.9 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of money 3.6 MONEY_FRAUD_5 Lots of money and many fraud phrases 1.7 FROM_MISSP_FREEMAIL From misspaced + freemail provider 0.5 MONEY_FORM Lots of money if you fill out a form 2.8 ADVANCE_FEE_2_NEW_FORM Advance Fee fraud and a form 3.7 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money 0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money 4.4 MONEY_FRAUD_3 Lots of money and several fraud phrases 0.5 FORM_FRAUD_5 Fill a form and many fraud phrases 4.3 FORM_FRAUD_3 Fill a form and several fraud phrases
I wrote something to spin content and test it against SA and razor... I thought it was broken because my content wasn't scoring at all.. so then I grabbed a bunch of spam and normal mail and it was scoring.. So maybe I'm just not spammy enough?
