Hello Chris, Wednesday, March 8, 2006, 2:37:47 AM, you wrote:
CP> The attached newsletter is triggering the following rules: CP> X-Spam-Report: CP> * 0.6 SARE_BAYES_5x7 BODY: Bayes poison 5x7 CP> * 0.8 SARE_BAYES_7x7 BODY: Bayes poison 7x7 CP> * 0.6 SARE_BAYES_6x7 BODY: Bayes poison 6x7 CP> * 1.4 HTML_OBFUSCATE_05_10 BODY: Message is 5% to 10% HTML obfuscation CP> * 0.3 HTML_BACKHAIR_8 BODY: HTML tags used to obfuscate words CP> * 1.7 SARE_HTML_USL_FONT RAW: Another spam attempt CP> I looked through the source and didn't see any obvious attempts at CP> obfuscation or trying to fool the Bayes filter. Are these rules CP> triggering properly? CP> I don't know what SARE_HTML_USL_FONT means either. Not necessarily obvious attempts at obfuscation -- really horrible HTML often looks that way. SARE_HTML_USL_xxx are USLess HTML tags. In this case there's a FONT tag with nothing in it, something like (using parens to make sure no mail reader tries to interpret this as HTML): > (FONT size=4)(/FONT) The Bayes poison rules are looking for rather stiff patterns of word length which are normally seen only in spam. SARE_BAYES_7x7 hit on > 2006Mar 2006Apr 2006May 2006Jun 2006Jul 2006Aug 2006Sep Here, the message hit: X-Spam-Status: Yes, score=8.6 required=5.0 tests=FB_SINGLE_0WORD, FU_DOM_END_NUM,FU_LONG_QUERY,HTML_BACKHAIR_8,HTML_MESSAGE, HTML_OBFUSCATE_05_10,HTML_TAG_EXIST_TBODY,SARE_BAYES_5x7, SARE_BAYES_6x7,SARE_BAYES_7x7,SARE_HTML_URI_SPACER,SARE_HTML_USL_FONT, SARE_MSGID_RATWARE1,SARE_OEM_S_PRICE,SARE_UNSUB18,UNPARSEABLE_RELAY autolearn=no version=3.1.0 Bob Menschel