On Thu, 24 Aug 2023, Matus UHLAR - fantomas wrote:
On 23.08.23 15:24, Benny Pedersen wrote:
# test for empty src="" or empty href=""
rawbody __HREF_EMPTY /href=\"\"/
rawbody __SRC_EMPTY /src=\"\"/
meta LOCAL_BADLY_HTML (__HREF_EMPTY || __SRC_EMPTY)
describe LOCAL_BADLY_HTML Meta: __HREF_EMPTY || __SRC_EMPTY
score LOCAL_BADLY_HTML 3 3 3 3
too much spams in hotmail
not so good numbers here. Only spam that wasn't rejected here:
% grep -c '^From ' spam
9332
% grep -Fc 'src=""' spam
3
% grep -Fc 'href=""' spam
18
Not so great in masschecks, either:
SPAM% HAM% S/O RANK SCORE NAME
0.1225 0.2296 0.348 0.42 (n/a) __SRC_EMPTY
0.5682 1.8685 0.233 0.41 (n/a) __HREF_EMPTY
https://ruleqa.spamassassin.org/20230824-r1911889-n/__SRC_EMPTY/detail
https://ruleqa.spamassassin.org/20230824-r1911889-n/__HREF_EMPTY/detail
They might be useful in metas with other conditions, but not in isolation.
overlap spam: 81% of __HREF_EMPTY hits also hit T_FSL_RCVD_TR_1; 1% of
T_FSL_RCVD_TR_1 hits also hit __HREF_EMPTY (ham 1%)
overlap spam: 42% of __HREF_EMPTY hits also hit __HAS_X_AUTHED_SENDER;
19% of __HAS_X_AUTHED_SENDER hits also hit __HREF_EMPTY (ham 1%)
I'll add a few of those to see how they do.
F'ing legit emailers that generate crap HTML.... {fume}
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Once more, please; I missed it the last time: what's the difference
between "Quantitative Easing" and "Counterfeiting"?
-----------------------------------------------------------------------
4 days until Exercise Your Rights day