RE: New 419 Variation?

[Matthew Yette]

Title: Message



It 
still looks like it triggers your OFFSHORE_SCAM rule. Am I wrong in assuming 
that it should tag higher than 0.1 points for that rule? Does it FP often as to 
warrant such a low score?
 
 
--Matthew YetteSenior Engineer - NOC/OperationsMA 
Polce Consulting, Inc.[EMAIL PROTECTED]315-838-1644 (w)315-356-0597 
(f)AIM/Yahoo: MAPolceNOCMSN: [EMAIL PROTECTED] 

  
  -Original Message-From: Andy Jezierski 
  [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 13, 2005 4:17 
  PMTo: users@spamassassin.apache.orgSubject: New 419 
  Variation?Here's what 
  looks to be a new variation of the 419 scams.  Haven't seen one like this 
  before.  This one doesn't seem to mention any $ amount. 
  The headers are a little scrambled 
  because of Notes. (Yes, it's worse than Outlook when it comes to dealing with 
  headers). Received: 
   from python.stepan.com ([198.180.157.12])           by nf-nt2.stepan.com 
  (Lotus Domino Release 6.0.3)   
          with ESMTP id 2005071314542137-63132 ; 
            Wed, 13 
  Jul 2005 14:54:21 -0500 Received: 
   from mk-smarthost-2.mail.uk.tiscali.com 
  (mk-smarthost-2.mail.uk.tiscali.com [212.74.114.38])         by python.stepan.com 
  (8.13.3/8.13.3) with ESMTP id j6DJtlnf037603         for <[EMAIL PROTECTED]>; Wed, 13 
  Jul 2005 14:55:52 -0500 (CDT)   
        (envelope-from [EMAIL PROTECTED]) Received:  from mk-cpfront-3.mail.uk.tiscali.com 
  ([212.74.114.5]:50479 helo=mk-cpfrontend.uk.tiscali.com)         by 
  mk-smarthost-2.mail.uk.tiscali.com with esmtp (Exim 4.50)         id 1DsmY1-000FfC-Lz; Wed, 
  13 Jul 2005 20:05:35 +0100 Received: 
   from [81.136.36.125] by mk-cpfrontend.uk.tiscali.com with HTTP; Wed, 13 
  Jul 2005 20:05:30 +0100 PostedDate: 
   07/13/2005 02:05:30 PM $MessageID: 
   <[EMAIL PROTECTED]> 
  From:  [EMAIL PROTECTED] 
  Subject:  in good faith SendTo:  [EMAIL PROTECTED] MIME_Version:  1.0 X_Virus_Scanned:  ClamAV version 0.86.1, 
  clamav-milter version 0.86 on python.stepan.com X_Virus_Status:  Clean X_Spam_Flag:  NO X_Scanned_By:  milter-spamc/0.25.321 ( [198.180.157.12]); Wed, 13 
  Jul 2005 14:55:54 -0500 X_Spam_Status: 
   NO, hits=0.20 required=5.70 X_Spam_Level:   X_Spam_Report:  Content analysis details:   (0.2 points, 5.7 
  required)      pts rule 
  name              description 
     -- 
  --    0.0 NO_REAL_NAME       
      From: does not include a real name    0.1 OFFSHORE_SCAM       
     BODY: Off Shore Scams    0.0 BAYES_50             
    BODY: Bayesian spam probability is 40 to 60%       
                        
   [score: 0.5040]   
   X_Greylist:  Delayed for 
  00:49:51 by milter-greylist-2.0rc5 (python.stepan.com [198.180.157.12]); Wed, 
  13 Jul 2005 14:55:54 -0500 (CDT) $MIMETrack:  Itemize by SMTP Server on NF_NT2/Stepan/US(Release 
  6.0.3|September 26, 2003) at 07/13/2005 02:54:21 PM,MIME-CD by Notes Client on 
  Andy Jezierski/Stepan/US(Release 6.0.4|June 01, 2004) at 07/13/2005 02:57:50 
  PM,MIME-CD complete at 07/13/2005 02:57:51 PM SMTPOriginator:  [EMAIL PROTECTED] RoutingState:   $UpdatedBy:  CN=NF_NT2/O=Stepan/C=US $Orig:  AB11274DABD6565A8625703D006D58B9 
  Categories:   $Revisions:   RouteServers:  CN=NF_NT2/O=Stepan/C=US RouteTimes:  07/13/2005 02:54:21 PM-07/13/2005 
  02:54:21 PM $MsgTrackFlags: 
   0 DeliveredDate: 
   07/13/2005 02:54:21 PM ExpireDate:   Importance: 
    Dear C .e 
  .o/President, I am a registered 
  Financial Security Agent of the FSA (Financial Services Authority) in the UK, attached to the 
  department of Treasury. Arising from 
  the Continuous Admittance of New Countries/Member into the merging EU(European Community is a recent directive from the Bank of England 
  that all dormant account be redirected into Government archives. 
  I have been in charge 
  of a particular Dormant/Suspense account 
  which no one from my very professional 
  investigation using the extensive data protection database. 
  This bond has been in a dormant state 
  since 2000 and the department has been 
  changing custodian of the bonds for the past three (3)years. What is 
  needed at this stage is to find a very 
  reliable, confidential and responsible friend who 
  would assist me in the claims of these bonds without it reverting to the state. In this case, i would initiate a systematic transfer of 
  the said bonds into a Dedicated 
  Account opened in your name or company name, whichever you find most appropriate. I would therefore 
  need your response in order to grant you access to the detailed facts and 
  figures of the bond. I 
  have been able to contact you based on 
  information retrieved from the credit reference database 
  attached to my institution. I will be most willing to go into partnership with you to see this project completed in earnest. 
  I assure you that there would be no 
  issues to your name or person. All you 
  would be requi

New 419 Variation?

[Andy Jezierski]

Here's what looks to be a new variation
of the 419 scams.  Haven't seen one like this before.  This one
doesn't seem to mention any $ amount.

The headers are a little scrambled because
of Notes. (Yes, it's worse than Outlook when it comes to dealing with headers).



Received:  from python.stepan.com
([198.180.157.12])
          by
nf-nt2.stepan.com (Lotus Domino Release 6.0.3)
          with
ESMTP id 2005071314542137-63132 ;
          Wed,
13 Jul 2005 14:54:21 -0500
Received:  from mk-smarthost-2.mail.uk.tiscali.com
(mk-smarthost-2.mail.uk.tiscali.com [212.74.114.38])
        by
python.stepan.com (8.13.3/8.13.3) with ESMTP id j6DJtlnf037603
        for
<[EMAIL PROTECTED]>; Wed, 13 Jul 2005 14:55:52 -0500 (CDT)
        (envelope-from
[EMAIL PROTECTED])
Received:  from mk-cpfront-3.mail.uk.tiscali.com
([212.74.114.5]:50479 helo=mk-cpfrontend.uk.tiscali.com)
        by
mk-smarthost-2.mail.uk.tiscali.com with esmtp (Exim 4.50)
        id
1DsmY1-000FfC-Lz; Wed, 13 Jul 2005 20:05:35 +0100
Received:  from [81.136.36.125]
by mk-cpfrontend.uk.tiscali.com with HTTP; Wed, 13 Jul 2005 20:05:30 +0100
PostedDate:  07/13/2005 02:05:30
PM
$MessageID:  <[EMAIL PROTECTED]>
From:  [EMAIL PROTECTED]
Subject:  in good faith
SendTo:  [EMAIL PROTECTED]
MIME_Version:  1.0
X_Virus_Scanned:  ClamAV version
0.86.1, clamav-milter version 0.86 on python.stepan.com
X_Virus_Status:  Clean
X_Spam_Flag:  NO
X_Scanned_By:  milter-spamc/0.25.321
( [198.180.157.12]); Wed, 13 Jul 2005 14:55:54 -0500
X_Spam_Status:  NO, hits=0.20 required=5.70
X_Spam_Level:  
X_Spam_Report:  Content analysis
details:   (0.2 points, 5.7 required)
     pts rule name  
           description
   -- --
   0.0 NO_REAL_NAME  
        From: does not include a real name
   0.1 OFFSHORE_SCAM  
       BODY: Off Shore Scams
   0.0 BAYES_50    
          BODY: Bayesian spam probability is 40
to 60%                    
         [score: 0.5040]
  
X_Greylist:  Delayed for 00:49:51
by milter-greylist-2.0rc5 (python.stepan.com [198.180.157.12]); Wed, 13
Jul 2005 14:55:54 -0500 (CDT)
$MIMETrack:  Itemize by SMTP Server
on NF_NT2/Stepan/US(Release 6.0.3|September 26, 2003) at 07/13/2005 02:54:21
PM,MIME-CD by Notes Client on Andy Jezierski/Stepan/US(Release 6.0.4|June
01, 2004) at 07/13/2005 02:57:50 PM,MIME-CD complete at 07/13/2005 02:57:51
PM
SMTPOriginator:  [EMAIL PROTECTED]
RoutingState:  
$UpdatedBy:  CN=NF_NT2/O=Stepan/C=US
$Orig:  AB11274DABD6565A8625703D006D58B9
Categories:  
$Revisions:  
RouteServers:  CN=NF_NT2/O=Stepan/C=US
RouteTimes:  07/13/2005 02:54:21
PM-07/13/2005 02:54:21 PM
$MsgTrackFlags:  0
DeliveredDate:  07/13/2005 02:54:21
PM
ExpireDate:  
Importance:  

Dear C .e .o/President,

I am a registered Financial Security
Agent of the FSA (Financial
Services Authority) in the UK, attached
to the department of Treasury.
Arising from the Continuous Admittance
of New Countries/Member into the 
merging

EU(European Community is a recent directive
from the Bank of England that
all
dormant account be redirected into Government
archives. I have been in 
charge

of a particular Dormant/Suspense account
which no one from my very
professional investigation using the
extensive data protection database.

This bond has been in a dormant state
since 2000 and the department has
been changing custodian of the bonds
for the past three (3)years. What is

needed at this stage is to find a very
reliable, confidential and 
responsible

friend who would assist me in the claims
of these bonds without it 
reverting

to the state. In this case, i would
initiate a systematic transfer of the

said bonds into a Dedicated Account
opened in your name or company name,

whichever you find most appropriate.
I would therefore need your response
in
order to grant you access to the detailed
facts and figures of the bond.
I
have been able to contact you based
on information retrieved from the 
credit

reference database attached to my institution.
I will be most willing to
go into
partnership with you to see this project
completed in earnest.


I assure you that there would be no
issues to your name or person. All
you would be required to do is to open
an offshore account for this
purpose. I hope you understand why I
cannot disclose exclusive data to you
at
this stage. Do kindly respond to me
via my email address below or my fax

number. Upon this, I would be able to
send you more details regarding this

project. If I do not hear from you in
the next few days, I would assume you
are
not interested but if you are, do also
provide a phone/fax numbers you
could be reached on. I look forward
to an excellent business relationship

with you.

Yours Sincerely,

Mr. Walter Bentley.
Financial Service Authority (FSA).
Fax: + 448452801535
Email:[EMAIL PROTECTED]

participatory financial proposal



___

Book yourself something to look forward
to in 2005.
Cheap flights -