Content analysis details: (9.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.0 FROM_NO_LOWER 'From' has no lower-case characters
2.5 BAYES_70 BODY: Bayesian spam probability is 70 to 80%
[score: 0.7724]
0.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.6 HEADER_COUNT_CTYPE Multiple Content-Type headers found
1.2 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
1.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
1.1 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
Steve Dimoff wrote:
We keep getting these emails in.... and everyday the URL changes, so even if I create a rule to look for this, the next day or even a couple hours, it's something new.
Does anyone have a rule set that will work for checking stuff like this? Or do I just need to turn up the HTML /BIZ top level domain?
Thanks,
Steve
Subject: Local G spot hangout
Date: Wed, 31 Mar 2004 07:25:19 -0800
Message-ID: <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0020_CCA733DF.CF34DE01"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081
X-AntiVirus: Checked by Dr.Web (http://www.drweb.net)
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on usn-mx1
X-Spam-Status: No, hits=2.7 required=3.0 tests=BIZ_TLD,FROM_ENDS_IN_NUMS,
HTML_30_40,HTML_FONT_FACE_BAD,HTML_MESSAGE autolearn=no version=2.63
X-Spam-Report:
* 0.9 FROM_ENDS_IN_NUMS From: ends in numbers
* 0.8 HTML_30_40 BODY: Message is 30% to 40% HTML
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.2 HTML_FONT_FACE_BAD BODY: HTML font face is not a word
* 0.8 BIZ_TLD URI: Contains a URL in the BIZ top-level domain
This is a multi-part message in MIME format.
------=_NextPart_000_0020_CCA733DF.CF34DE01
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
------=_NextPart_000_0020_CCA733DF.CF34DE01
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
------=_NextPart_000_0020_CCA733DF.CF34DE01--
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="MSHTML 6.00.2800.1276" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN class=093192920-17022004>
<center>
<a href="http://www.lisahomepage.biz/w13/gsm/logs1/index.html";><img <http://www.lisahomepage.biz/w13/gsm/logs1/index.html%22%3E%3Cimg> src="http://www.lisahomepage.biz/w13/gsm/logs1/img/01.jpg"; width="668" height="506" border="0" alt=""></a>
</center>
<br>
<br>
<br>
<center><a href="http://www.lisahomepage.biz/rm/index.html";>Nothing <http://www.lisahomepage.biz/rm/index.html%22%3ENothing> else to this address</a></center>
<br><br><br><br>
the situation in The Political Logic of Economic Reform in China, <br>and the government had to reinstitute price controls. China's economy <br>be formally constituted on January 1, 1994. <br><a name="BgQRGgAIDgw0ARYADh0DGxcFGAAaF0sNBAQ=">
</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=093192920-17022004></SPAN></FONT> </DIV>
</body>
</html>
<BR>
<P><FONT SIZE=2>---<BR>
Incoming mail is certified Virus Free.<BR>
Checked by AVG anti-virus system (http://www.grisoft.com).<BR <http://www.grisoft.com%29.%3CBR>>
Version: 6.0.634 / Virus Database: 406 - Release Date: 3/18/2004<BR>
</FONT> </P>
![http://www.lisahomepage.biz/w13/gsm/logs1/img/01.jpg"](http://www.lisahomepage.biz/w13/gsm/logs1/img/01.jpg"){kind=link}