Re: new spam flood of broken messages

24 Mar 2004 15:11:53 -0000 

----- Original Message ----- 
From: "Brian Dial" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 24, 2004 6:30 AM
Subject: new spam flood of broken messages


> Has anyone else been getting flooded with spam that is hardly readable
> because it almost looks like a malformed e-mail. They're coming from a
> endless number of domains and all start with a string of random
> characters like [EMAIL PROTECTED]  There is no subject and the
> e-mail body contains all the headers with a random single digit number
> at the top.  Here is an example.  As you can see the headers that are
> put in the body of the e-mail are different from the actual headers.  No
> matter how much I seem to feed these to bayes-learn it doesn't seem to
> score them, probably because they're virtually unreadable.  Also in
> their "fake" headers they have things like X-Virus-Status: Scanned by
> norton.  We don't use norton here.  Is this an attempt to fool some mail
> clients by faking headers?  I'm using mozilla-mail.
>

I received a couple of these too. After I fed it to sa-learn, they've all
been marked as spam and put in my Spam folder. Mine are scoring
12+ points. Take away 1.8 for MLM (mlm being my login for 24
years now) and you still have a spam score.

This is what I get on the score.

Content analysis details:   (12.2 points, 5.0 required)

 pts rule name              description
---- ---------------------- ------------------------------------------------
--
 0.2 NO_REAL_NAME           From: does not include a real name
 1.8 MLM                    BODY: Multi Level Marketing mentioned
 0.0 HTML_IMAGE_ONLY_10     BODY: HTML: images with 800-1000 bytes of words
 2.1 BAYES_90               BODY: Bayesian spam probability is 90 to 99%
                            [score: 0.9839]
 0.1 HTML_MESSAGE           BODY: HTML included in message
 0.1 BIZ_TLD                URI: Contains a URL in the BIZ top-level domain
 3.0 MSGID_FROM_MTA_SHORT   Message-Id was added by a relay
 0.1 RCVD_IN_SORBS          RBL: SORBS: sender is listed in SORBS
                            [218.4.240.47 listed in dnsbl.sorbs.net]
 0.7 RCVD_IN_DSBL           RBL: Received via a relay in list.dsbl.org
                            [<http://dsbl.org/listing?ip=218.4.240.47>]
 1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
                [Blocked - see
<http://www.spamcop.net/bl.shtml?218.4.240.47>]
 2.6 RCVD_IN_DYNABLOCK      RBL: Sent directly from dynamic IP address
                            [218.4.240.47 listed in dnsbl.sorbs.net]


Mike

Reply via email to