Hi all, What was the highest score you've ever seen? I received a message yesterday that was scored with 51.9(!). =)
SA in action: ;-) Sat, 30 Apr 2005 19:45:21 KGST:80593: SA: REPORT hits = 51.9/3.5 4.1 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary 1.2 SUBJ_HAS_SPACES Subject contains lots of white space 3.5 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2) 3.8 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant) 0.1 RCVD_BY_IP Received by mail server with no name 0.0 FROM_ILLEGAL_CHARS From contains too many raw illegal characters 2.9 SUBJ_ILLEGAL_CHARS Subject contains too many raw illegal characters 2.1 HEAD_ILLEGAL_CHARS Header contains too many raw illegal characters 0.5 HTTP_ESCAPED_HOST URI: Uses %-escapes inside a URL's hostname 0.2 HTTP_EXCESSIVE_ESCAPES URI: Completely unnecessary %-escapes inside a URL 2.0 HTML_TAG_EXIST_MARQUEE BODY: HTML has "marquee" tag 0.0 HTML_TEXT_AFTER_HTML BODY: HTML contains text after HTML close tag 0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close tag 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 HTML_FONT_FACE_BAD BODY: HTML font face is not a word 0.1 HTML_FONT_BIG BODY: HTML tag for a big font size 0.8 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar to background 0.1 MPART_ALT_DIFF BODY: HTML and text parts are different 0.0 HTML_SHOUTING3 BODY: HTML has very strong "shouting" markup 0.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50% [cf: 100] 0.0 HTML_NONELEMENT_00_10 BODY: 0% to 10% of HTML elements are non-standard 1.9 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.5 HTML_EVENT_UNSAFE BODY: HTML contains unsafe auto-executing code 0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars 1.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.0 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP proxy server [200.89.154.29 listed in dnsbl.sorbs.net] 0.4 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy [200.89.154.29 listed in combined.njabl.org] 3.1 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [200.89.154.29 listed in sbl-xbl.spamhaus.org] 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [200.89.154.29 listed in dnsbl.sorbs.net] 3.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org [<http://dsbl.org/listing?200.89.154.29>] 0.1 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [200.89.154.29 listed in combined.njabl.org] 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: ourk2.com] 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: ourk2.com] 3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: ourk2.com] 4.1 RCVD_DOUBLE_IP_SPAM Bulk email fingerprint (double IP) found 0.6 FORGED_OUTLOOK_HTML Outlook can't send HTML message only 2.4 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts 0.0 UPPERCASE_25_50 message body is 25-50% uppercase 0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE 3.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook Sat, 30 Apr 2005 19:45:21 KGST:80593: SA: yup, this smells like SPAM - hits=51.9 - rejecting message...
