Quoting Dan Karney <[EMAIL PROTECTED]>:
Someone at my company received an order inquiry from someone whose return address was at a yahoo account, but they must have sent it from another account. The message was tagged by several "Forged Yahoo" rules and Faked HELO rules. Viewable at: http://mail.photoresearchers.com/spam/false-neg20040722.txt
If it hadn't been for a custom positive score and a AWL score, the message would have gotten an 11.60. Why does this message look so spammy?
The answer is right there in the message itself:
Content analysis details: (6.60 points, 5 required)
RATWR8_MESSID (0.7 points) Message-ID has ratware pattern (excessive
dashes and dollars)
LOC_BADYAHOOMSGID1 (1.2 points) From Charles Gregory <[EMAIL PROTECTED]>
RCVD_FAKE_HELO_DOTCOM (3.4 points) Received contains a faked HELO hostname
USER_AGENT_APPLEMAIL (0.0 points) X-Mailer header indicates a non-spam MUA
(Apple Mail)
GOOD_PHOTOS (-2.5 points) BODY: decreases score because we get a lot of
mail about phot
os
RCVD_FAKE_HELO_DOTCOM_2 (2.8 points) Received contains a faked HELO hostname
(2)
FORGED_YAHOO_RCVD (2.7 points) 'From' yahoo.com does not match 'Received'
headers
RCVD_IN_NJABL (0.8 points) RBL: Received via a relay in dnsbl.njabl.org
[RBL check: found 18.100.101.67.dnsbl.njabl.org.,]
[type: 127.0.0.3]
AWL (-2.5 points) AWL: Auto-whitelist adjustment
When you ask "Why does this message look so spammy" i assume you mean "why did spamassassin mark this as spam".
Jim
