On Wed, Mar 31, 2004 at 01:29:18PM -0500, Steve Dimoff wrote:
> We keep getting these emails in.... and everyday the URL changes, so even if
> I create a rule to look for this, the next day or even a couple hours, it's
> something new.
>
> Does anyone have a rule set that will work for checking stuff like this? Or
> do I just need to turn up the HTML /BIZ top level domain?
Here's how it scored for me at home on an almost standard 2.63 - the
Bigevil ruleset of spamvertised domains matched it, but it would have
been stopped anyway (at 5.6) even without that. How come yours let it
through in the first place - did your mail score very hammy on Bayes ?
Content analysis details: (8.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.0 FROM_NO_LOWER 'From' has no lower-case characters
0.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.1 HTML_MESSAGE BODY: HTML included in message
0.3 HTML_IMAGE_RATIO_10 BODY: HTML has a low ratio of text to image area
-0.0 BAYES_44 BODY: Bayesian spam probability is 44 to 50%
[score: 0.4742]
3.0 BigEvilList_62 URI: Generated BigEvilList_62
0.1 BIZ_TLD URI: Contains a URL in the BIZ top-level domain
1.6 HEADER_COUNT_CTYPE Multiple Content-Type headers found
1.1 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
Nick
