This list message just got marked up as spam on my system! Here are the
scores
0.0 SARE_TOCC_USER Spam sign: Addressed to generic user
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
1.5 T_RATWARE_OOPS_13 RAW: Has a possible RANDOM spammer goof in it.
2.0 SARE_RAND_1 SARE_RAND_1
2.0 SARE_RAND_8 SARE_RAND_8
3.3 AWL AWL: From: address is in the auto white-list
Why 3.3 AWL ?
Chris
On Wed, 2004-08-11 at 23:16, John Hardin wrote:
> On Wed, 2004-08-11 at 13:40, Daulton, Douglas wrote:
> > John,
> >
> > For those of us new to mail header issues, could you describe how this
> > works as a spammer's ploy.
>
> I don't see how it possibly *could* work to reduce the score of a
> message. I just thought it was funny.
>
> > -----Original Message-----
> > From: John Hardin [mailto:[EMAIL PROTECTED]
>
> > The interesting part for SA is the contents of the X-Mailer header and
> > the header immediately following it.
> >
> > Are the spammers getting a bit free with their %RANDOM% tags, perhaps?
> > :)
> >
> > On Wed, 2004-08-11 at 12:08, Procmail Security daemon wrote:
> > > Headers from message:
> > >
> > > > X-Mailer: moo airlift
> > > > eater-carabao: agee delusive tid
>
> "X-Mailer: [random words]" is a good indicator, the problem is how do
> you tell (in a program) the words are random? A person can pick it up
> pretty easily because it doesn't look like the name of a real program.
>
> And random-word all-lowercase headers (the "eater-carabao" header above)
> are also a good indicator, but again, how does a program recognize words
> are random and don't make sense in the context? The fact that it's all
> lowercase might be worth a few tenths of a point towards spam
> independent of the actual content.
>
> --
> John Hardin KA7OHZ <[EMAIL PROTECTED]>
> Internal Systems Administrator voice: (425) 672-1304
> Apropos Retail Management Systems, Inc. fax: (425) 672-0192
> -----------------------------------------------------------------------
> If you smash a computer to bits with a mallet, that appears to count
> as encryption in the state of Nevada.
> - CRYPTO-GRAM 12/2001
> -----------------------------------------------------------------------
>
>
> ______________________________________________________________________
> pts rule name description
> ---- ---------------------- --------------------------------------------------
> 0.0 SARE_TOCC_USER Spam sign: Addressed to generic user
> -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
> -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> [score: 0.0000]
> 1.5 T_RATWARE_OOPS_13 RAW: Has a possible RANDOM spammer goof in it.
> 2.0 SARE_RAND_1 SARE_RAND_1
> 2.0 SARE_RAND_8 SARE_RAND_8
> 3.3 AWL AWL: From: address is in the auto white-list
>
>
