Received a mail in my inbox today that was definitely spam but scored as below. After running it through spamassassin -r and -t and removing the senders address from the autowhitelist I got it to score
X-spam-status: No, score=-0.1 required=5.0 tests=ADVANCE_FEE_2=1.234,
BAYES_50=1,DCC_CHECK_NEGATIVE=-0.0001,HABEAS_ACCREDITED_COI=-8,
SARE_FRAUD_X3=1.667,SARE_FRAUD_X4=1.667,SARE_FRAUD_X5=1.667,US_DOLLARS_3=0.63
Content analysis details: (7.0 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-8.0 HABEAS_ACCREDITED_COI RBL: Habeas Accredited Confirmed Opt-In or
Better
[208.82.16.109 listed in
sa-accredit.habeas.com]
5.0 BAYES_99 BODY: Bayesian spam probability is 99 to
100%
[score: 1.0000]
0.6 US_DOLLARS_3 BODY: Mentions millions of $
($NN,NNN,NNN.NN)
2.2 DCC_CHECK listed in DCC
(http://rhyolite.com/anti-spam/dcc/)
[localhost 1117; Body=1 Fuz1=many]
[Fuz2=many]
1.2 ADVANCE_FEE_2 Appears to be advance fee fraud (Nigerian
419)
1.7 SARE_FRAUD_X5 Matches 5+ phrases commonly used in fraud
spam
1.7 SARE_FRAUD_X3 Matches 3+ phrases commonly used in fraud
spam
1.7 SARE_FRAUD_X4 Matches 4+ phrases commonly used in fraud
spam
1.0 SAGREY Adds 1.0 to spam from first-time senders
I read the HABEAS score as meaning ReturnPath thinks its a good sender?
Is there any action that should be taken such as reporting this to them?
--
KeyID 0xE372A7DA98E6705C
signature.asc
Description: This is a digitally signed message part
