Highest SpamAssassin Score Ever....

Discussion in 'Mail Chat' started by PushSend, Sep 24, 2012.

  1. PushSend

    PushSend VIP

    Joined:
    Apr 12, 2011
    Messages:
    1,927
    Likes Received:
    141
    Trophy Points:
    63
    Location:
    Paradise
    We all get the emails telling us that if we help this prince or that princess we'll get a big ol' chunk of some lost/found/confiscated fortune.....but I got one over the weekend with an outrageous score so I thought it'd be fun to see just how high on the SA scale these things can get. I'll start with this one:

    Content analysis details: (69.3 points, 8.0 required)

    pts rule name description
    ---- ---------------------- --------------------------------------------------
    0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
    [5.34.241.62 listed in zen.spamhaus.org]
    3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
    [score: 1.0000]
    0.3 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
    1.0 FSL_XM_419 Old OE version in X-Mailer only seen in 419 spam
    2.7 NSL_RCVD_FROM_USER Received from User
    0.0 FSL_RCVD_USER FSL_RCVD_USER
    1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
    [219.137.27.90 listed in bb.barracudacentral.org]
    2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
    [219.137.27.90 listed in psbl.surriel.com]
    1.0 MISSING_HEADERS Missing To: header
    3.2 MILLION_USD BODY: Talks about millions of dollars
    3.7 DEAR_BENEFICIARY BODY: Dear Beneficiary:
    0.0 HTML_MESSAGE BODY: HTML included in message
    0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
    0.6 FSL_UA FSL_UA
    0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
    3.7 HK_NAME_MR_MRS HK_NAME_MR_MRS
    0.0 LOTS_OF_MONEY Huge... sums of money
    1.6 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
    2.6 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
    0.5 FROM_MISSP_NO_TO From misspaced, To missing
    0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
    0.0 FSL_FREEMAIL_1 FSL_FREEMAIL_1
    0.0 FSL_NEW_HELO_USER FSL_NEW_HELO_USER
    1.7 AXB_XMAILER_MIMEOLE_OL_024C2 AXB_XMAILER_MIMEOLE_OL_024C2
    0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
    2.0 FSL_MISSP_REPLYTO Mis-spaced from and Reply-to
    3.9 FROM_MISSP_USER From misspaced, from "User"
    0.0 MONEY_ATM_CARD Lots of money on an ATM card
    2.0 FROM_MISSPACED From: missing whitespace
    2.6 MONEY_FROM_MISSP Lots of money and misspaced From
    2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
    0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
    0.9 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
    0.7 FROM_MISSP_EH_MATCH From misspaced, matches envelope
    0.9 FROM_MISSP_URI From misspaced, has URI
    2.9 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
    0.6 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)
    2.9 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419)
    1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
    3.1 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
    0.0 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
    1.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
    1.0 FILL_THIS_FORM_SHORT Fill in a short form with personal information
    0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
    0.5 MONEY_FRAUD_8 Lots of money and very many fraud phrases
    3.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money 0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
    0.0 MONEY_FRAUD_3 Lots of money and several fraud phrases
    1.0 MONEY_FORM_SHORT Lots of money if you fill out a short form
    0.5 FORM_FRAUD_5 Fill a form and many fraud phrases
    3.1 FORM_FRAUD_3 Fill a form and several fraud phrases
     
  2. roundabout

    roundabout VIP

    Joined:
    Feb 17, 2011
    Messages:
    2,713
    Likes Received:
    154
    Trophy Points:
    63
    Wow! I'm actually surprised you physically got the mail at all, don't many ISPs just blackhole stuff when the SA score is ridiculously high?
     
  3. DKPMO

    DKPMO VIP

    Joined:
    Mar 31, 2011
    Messages:
    1,452
    Likes Received:
    68
    Trophy Points:
    48
    Location:
    Elaborate Underground Base
    Can we see the creative?
     
  4. mrlucky123

    mrlucky123 Member

    Joined:
    May 4, 2012
    Messages:
    182
    Likes Received:
    7
    Trophy Points:
    18
    Is that even possible?
     
  5. noobking

    noobking Member

    Joined:
    Nov 28, 2011
    Messages:
    209
    Likes Received:
    5
    Trophy Points:
    18
    also curious about the creative
     
  6. PushSend

    PushSend VIP

    Joined:
    Apr 12, 2011
    Messages:
    1,927
    Likes Received:
    141
    Trophy Points:
    63
    Location:
    Paradise
    and the bar has been raised!!

    Content analysis details: (92.7 points, 8.0 required)

    pts rule name description
    ---- ---------------------- --------------------------------------------------
    1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
    [Blocked - see <http://www.spamcop.net/bl.shtml?41.203.67.116>]
    0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
    [41.203.67.116 listed in zen.spamhaus.org]
    3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
    [score: 1.0000]
    1.4 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
    2.7 NSL_RCVD_FROM_USER Received from User
    0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
    (abdulsyeid[at]yahoo.com)
    1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
    [173.215.166.190 listed in bb.barracudacentral.org]
    2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
    [173.215.166.190 listed in psbl.surriel.com]
    0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is
    CUSTOM_MED
    1.6 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
    1.0 MISSING_HEADERS Missing To: header
    3.2 MILLION_USD BODY: Talks about millions of dollars
    3.4 HK_SCAM_S7 BODY: HK_SCAM_S7
    2.8 FSL_FREEMAIL_2 FSL_FREEMAIL_2
    0.0 LOTS_OF_MONEY Huge... sums of money
    1.6 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
    3.2 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
    1.0 FROM_MISSP_NO_TO From misspaced, To missing
    0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
    0.0 FSL_FREEMAIL_1 FSL_FREEMAIL_1
    0.0 FSL_NEW_HELO_USER FSL_NEW_HELO_USER
    4.4 AXB_XMAILER_MIMEOLE_OL_024C2 AXB_XMAILER_MIMEOLE_OL_024C2
    2.0 FSL_MISSP_REPLYTO Mis-spaced from and Reply-to
    4.1 FROM_MISSP_USER From misspaced, from "User"
    2.0 FROM_MISSPACED From: missing whitespace
    1.9 MONEY_FROM_MISSP Lots of money and misspaced From
    1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
    freemails
    0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
    0.3 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
    0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
    1.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope
    1.7 FROM_MISSP_URI From misspaced, has URI
    3.0 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
    4.0 MONEY_FROM_41 Lots of money from Africa
    1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
    1.7 FROM_MISSP_FREEMAIL From misspaced + freemail provider
    31 AWL AWL: From: address is in the auto white-list
     
  7. PushSend

    PushSend VIP

    Joined:
    Apr 12, 2011
    Messages:
    1,927
    Likes Received:
    141
    Trophy Points:
    63
    Location:
    Paradise
    latest 2 broke 100

    Content preview: ROBERT MUELLER III EXECUTIVE DIRECTOR FBI FEDERAL BUREAU OF
    INVESTIGATION FBI. WASHINGTON DC. FBI SEEKING TO WIRETAP INTERNET. FEDERAL
    BUREAU OF INVESTIGATION SEEKING TO WIRETAP THE INTERNET. ATTN:BENEFICIARY.
    [...]

    Content analysis details: (108.9 points, 8.0 required)

    pts rule name description
    ---- ---------------------- --------------------------------------------------
    3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
    [score: 1.0000]
    2.6 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
    2.4 NSL_RCVD_FROM_USER Received from User
    0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
    (fbifbi72[at]rocketmail.com)
    1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
    [Blocked - see <http://www.spamcop.net/bl.shtml?49.212.130.61>]
    1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
    [49.212.130.61 listed in bb.barracudacentral.org]
    2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
    [49.212.130.61 listed in psbl.surriel.com]
    1.5 SUBJ_ALL_CAPS Subject is all capitals
    0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
    digit (fbifbi72[at]rocketmail.com)
    1.0 MISSING_HEADERS Missing To: header
    0.6 URG_BIZ BODY: Contains urgent matter
    3.2 MILLION_USD BODY: Talks about millions of dollars
    2.9 DEAR_BENEFICIARY BODY: Dear Beneficiary:
    1.8 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
    0.5 MISSING_MID Missing Message-Id: header
    0.0 LOTS_OF_MONEY Huge... sums of money
    1.6 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
    3.3 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
    1.4 FROM_MISSP_NO_TO From misspaced, To missing
    0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
    0.0 FSL_NEW_HELO_USER FSL_NEW_HELO_USER
    4.4 AXB_XMAILER_MIMEOLE_OL_024C2 AXB_XMAILER_MIMEOLE_OL_024C2
    1.8 FSL_MISSP_REPLYTO Mis-spaced from and Reply-to
    2.2 FROM_MISSP_USER From misspaced, from "User"
    2.0 FROM_MISSPACED From: missing whitespace
    2.0 MONEY_FROM_MISSP Lots of money and misspaced From
    1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
    freemails
    0.2 FROM_MISSP_REPLYTO From misspaced, has Reply-To
    1.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
    1.4 FROM_MISSP_EH_MATCH From misspaced, matches envelope
    3.6 FROM_MISSP_URI From misspaced, has URI
    2.8 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
    0.5 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)
    4.3 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419)
    1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
    3.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
    0.0 FILL_THIS_FORM Fill in a form with personal information
    3.4 FILL_THIS_FORM_LONG Fill in a form with personal information
    2.7 ADVANCE_FEE_4_NEW_FRM_MNY Advance Fee fraud form and lots of money
    3.2 ADVANCE_FEE_3_NEW_FORM Advance Fee fraud and a form
    4.3 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money 0.0 ADVANCE_FEE_4_NEW_FORM Advance Fee fraud and a form
    1.6 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
    1.8 ADVANCE_FEE_5_NEW_FORM Advance Fee fraud and a form 0.0 ADVANCE_FEE_2_NEW_FRM_MNY Advance Fee fraud form and lots of money
    1.3 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of money
    2.9 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of money
    3.6 MONEY_FRAUD_5 Lots of money and many fraud phrases
    1.7 FROM_MISSP_FREEMAIL From misspaced + freemail provider
    0.5 MONEY_FORM Lots of money if you fill out a form
    2.8 ADVANCE_FEE_2_NEW_FORM Advance Fee fraud and a form
    3.7 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money 0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
    4.4 MONEY_FRAUD_3 Lots of money and several fraud phrases
    0.5 FORM_FRAUD_5 Fill a form and many fraud phrases
    4.3 FORM_FRAUD_3 Fill a form and several fraud phrases
     
  8. nickphx

    nickphx VIP

    Joined:
    Apr 2, 2011
    Messages:
    1,139
    Likes Received:
    363
    Trophy Points:
    83
    Gender:
    Male
    Location:
    guadalajara, chiuhuahua
    I wrote something to spin content and test it against SA and razor... I thought it was broken because my content wasn't scoring at all.. so then I grabbed a bunch of spam and normal mail and it was scoring.. So maybe I'm just not spammy enough? :(
     
  9. PushSend

    PushSend VIP

    Joined:
    Apr 12, 2011
    Messages:
    1,927
    Likes Received:
    141
    Trophy Points:
    63
    Location:
    Paradise
    apparently not even close!

    :top:
     
  10. DKPMO

    DKPMO VIP

    Joined:
    Mar 31, 2011
    Messages:
    1,452
    Likes Received:
    68
    Trophy Points:
    48
    Location:
    Elaborate Underground Base
    I think there should be a Guinness record for this or something...
     

Share This Page