Got this: https://pastebin.com/Gfz951dh
Spam report:
Content analysis details: (-2.3 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-2.5 RCVD_IN_HOSTKARMA_W RBL: Sender listed in HOSTKARMA-WHITE
[185.41.28.7 listed in
hostkarma.junkemailfilter.com]
-1.0 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily
valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature
from
author\'s domain
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
2.0 LOCAL_SPAM_TLD Domain originates a lot of spam
Looks like it's coming from some kind of bulk mail service which is
whitelisted. Even after training with bayes, it will still be a false
negative.
Any ideas on the best way to tackle these kinds of fake order spam?