Re: MISSING_SUBJECT
On 12.06.18 19:37, micah anderson wrote: 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no Subject: It did not have a subject, but it did have content (although only encrypted) it also hit: * 1.8 MISSING_SUBJECT Missing Subject: header which makes sense, because the mail did not have one, but have you looked in your Spam folder lately? All spam has a subject, pretty much always an informal survey of my trash heap showed 4 messages out of 400 did not have a Subject, and two of them were repeats. and what is your point? MISSING_SUBJECT is here because when message has no Subject:, it is highly probably spam. it's useless to count how many of spams hit the rule. there are many rules who hit only small percentage of spam, but all of them hit most of spam. what is important is: - how much of mails hitting MISSING_SUBJECT is spam - how much of mails hitting MISSING_SUBJECT is ham. if the percentage is very different in there two cases, the rule gets high positive (or negative) score. Some scores are tuned for safety reasons. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!
Re: MISSING_SUBJECT
Matus UHLAR - fantomas writes: > On 12.06.18 19:37, micah anderson wrote: >>2.3 EMPTY_MESSAGE Message appears to have no textual parts and no >>Subject: >> >>It did not have a subject, but it did have content (although only >>encrypted) it also hit: >> >>* 1.8 MISSING_SUBJECT Missing Subject: header >> >>which makes sense, because the mail did not have one, but have you >>looked in your Spam folder lately? All spam has a subject, pretty much >>always an informal survey of my trash heap showed 4 messages out of >>400 did not have a Subject, and two of them were repeats. > > and what is your point? The point is EMPTY_MESSAGE scores even though it did have content. But I guess the point is that it had no 'text' parts, because the content was only pgp/mime? -- micah
Re: MISSING_SUBJECT
On Wed, Jun 13, 2018 at 10:38, Matus UHLAR - fantomas wrote: > MISSING_SUBJECT is here because when message has no Subject:, it is highly > probably spam. Right. Well, my new accountant, being an external company of 16 people, insists in sending messages without a subject, "because we always did, and you are the only one complaining". These are the same people who cannot bother reading the bounched message that says "your e-mail was rejected because it does not contain a subject" and, when interrogated, they respond that "the e-mail was rejected". This reminds me of a common practice in both UK and CH where people anticipate by phone call that an e-mail is coming and then they call again to make sure it arrived, with some wanting a subject line that says "From to : ". The take-away is: if you manage a company, make sure your employees know their ABCs, and if you are a company, insist on best practices with both your clients and providers. To close, I think we need standard leaflets to pass around stubborn employees.
Re: MISSING_SUBJECT
On 12.06.18 19:37, micah anderson wrote: 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no Subject: It did not have a subject, but it did have content (although only encrypted) it also hit: * 1.8 MISSING_SUBJECT Missing Subject: header which makes sense, because the mail did not have one, but have you looked in your Spam folder lately? All spam has a subject, pretty much always an informal survey of my trash heap showed 4 messages out of 400 did not have a Subject, and two of them were repeats. Matus UHLAR - fantomas writes: and what is your point? On 13.06.18 07:55, micah anderson wrote: The point is EMPTY_MESSAGE scores even though it did have content. so, why did you complain about subjects? But I guess the point is that it had no 'text' parts, because the content was only pgp/mime? Most probably yes. spamassassin -D would show us. The MISSING_SUBJECT and EMPTY_MESSAGE are kind of redundant, since they both catch empty mail. meta MISSING_SUBJECT !__HAS_SUBJECT header __HAS_SUBJECTexists:Subject meta EMPTY_MESSAGE !__MIME_ATTACHMENT && !__NONEMPTY_BODY body __NONEMPTY_BODY/\S/ note that body rules check subject too. I can guess that the mail did NOT include an attachment since it was purely PGP-encrypted mail. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "The box said 'Requires Windows 95 or better', so I bought a Macintosh".
Compromised squareup/amazonses account phish
Hi, This phish appears to have been routed through Amazon but DKIM signed by squareup. Is this a compromised squareup.com account? https://pastebin.com/CxvULHF6 >From 01000163fa173c6b-7d47b00d-af5c-4755-b203-74392b57ec3d-000...@amazonses.com Wed Jun 13 13:00:20 2018 From: INVOICE# Reply-To: "Advanced Consulting & Treatment, LLC" Thanks, Alex
Re: MISSING_SUBJECT
On Tue, 12 Jun 2018, micah anderson wrote: I had a message marked with: 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no Subject: It did not have a subject, but it did have content (although only encrypted) It may not be considering an encrypted message part to be a text body part. What was the MIME type of that part? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- As a Turkish general once remarked, the trouble with having the Americans as friends is that you can never be sure when they will turn around and stab themselves in the back. -- Bernard Lewis --- 5 days until SWMBO's Birthday
Re: MISSING_SUBJECT
On Wed, 13 Jun 2018, Matus UHLAR - fantomas wrote: On 12.06.18 19:37, micah anderson wrote: 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no Subject: It did not have a subject, but it did have content (although only encrypted) it also hit: * 1.8 MISSING_SUBJECT Missing Subject: header which makes sense, because the mail did not have one, but have you looked in your Spam folder lately? All spam has a subject, pretty much always an informal survey of my trash heap showed 4 messages out of 400 did not have a Subject, and two of them were repeats. and what is your point? MISSING_SUBJECT is here because when message has no Subject:, it is highly probably spam. it's useless to count how many of spams hit the rule. there are many rules who hit only small percentage of spam, but all of them hit most of spam. what is important is: - how much of mails hitting MISSING_SUBJECT is spam - how much of mails hitting MISSING_SUBJECT is ham. if the percentage is very different in there two cases, the rule gets high positive (or negative) score. S/O = .826 http://ruleqa.spamassassin.org/20180613-r1833448-n/MISSING_SUBJECT/detail -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- As a Turkish general once remarked, the trouble with having the Americans as friends is that you can never be sure when they will turn around and stab themselves in the back. -- Bernard Lewis --- 5 days until SWMBO's Birthday
Re: Compromised squareup/amazonses account phish
On 13 Jun 2018, at 15:20 (-0400), Alex wrote: Hi, This phish appears to have been routed through Amazon but DKIM signed by squareup. Is this a compromised squareup.com account? For a loose definition of "compromised," yes. Possession of a Square account is not evidence of ethical integrity. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steadier Work: https://linkedin.com/in/billcole