Re: KAM_Back rule
On 10/26/2018 3:13 PM, John wrote: > I just got an email from a mailing list of which i am a member (UK > academic geophysics) which was scored at 5, mainly from a 5.5 > contribution from KAM_BACK, described as background check SPAM. I have > not managed to work out what that rule is trying to do, but it is the > first detected oh-nasty from using the KAM rules. > > Clearly I can reduce the score but I am struggling to see what was > wrong with the message, attached. > ==John ffitch Hi John, thanks for the FP. I've tweaked the rules. -- Kevin A. McGrail VP Fundraising, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171
Re: KAM_Back rule
On Fri, 26 Oct 2018 17:29:24 -0400 Bill Cole wrote: > On 26 Oct 2018, at 15:13, John wrote: > > > I just got an email from a mailing list of which i am a member (UK > > academic geophysics) which was scored at 5, mainly from a 5.5 > > contribution from KAM_BACK, described as background check SPAM. I > > have > > not managed to work out what that rule is trying to do, but it is > > the first detected oh-nasty from using the KAM rules. > > > > Clearly I can reduce the score but I am struggling to see what was > > wrong with the message, attached. > > There's nothing wrong with the message, the rule is too aggressive. > > It consists of 5 sub-rules, 3 body and 2 header for From and Subject. > Hitting any three satisfies the meta-rule. And 'criminal' in the Subject implies a second hit on 'criminal' in the body.
Re: KAM_Back rule
On 26 Oct 2018, at 15:13, John wrote: I just got an email from a mailing list of which i am a member (UK academic geophysics) which was scored at 5, mainly from a 5.5 contribution from KAM_BACK, described as background check SPAM. I have not managed to work out what that rule is trying to do, but it is the first detected oh-nasty from using the KAM rules. Clearly I can reduce the score but I am struggling to see what was wrong with the message, attached. There's nothing wrong with the message, the rule is too aggressive. It consists of 5 sub-rules, 3 body and 2 header for From and Subject. Hitting any three satisfies the meta-rule. It seems to be targeted at spam selling criminal and/or financial background reports (which is a real market here in the US, where we have no serious privacy laws...) Unfortunately, it does not seem to be constructed with an appreciation for the fact that people discuss criminality in non-spam. Personally, I just zeroed the score for that on my personal system. Thanks for bringing it to light. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Available For Hire: https://linkedin.com/in/billcole