Received a mail in my inbox today that was definitely spam but scored as below. After running it through spamassassin -r and -t and removing the senders address from the autowhitelist I got it to score
X-spam-status: No, score=-0.1 required=5.0 tests=ADVANCE_FEE_2=1.234, BAYES_50=1,DCC_CHECK_NEGATIVE=-0.0001,HABEAS_ACCREDITED_COI=-8, SARE_FRAUD_X3=1.667,SARE_FRAUD_X4=1.667,SARE_FRAUD_X5=1.667,US_DOLLARS_3=0.63 Content analysis details: (7.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -8.0 HABEAS_ACCREDITED_COI RBL: Habeas Accredited Confirmed Opt-In or Better [208.82.16.109 listed in sa-accredit.habeas.com] 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 0.6 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN) 2.2 DCC_CHECK listed in DCC (http://rhyolite.com/anti-spam/dcc/) [localhost 1117; Body=1 Fuz1=many] [Fuz2=many] 1.2 ADVANCE_FEE_2 Appears to be advance fee fraud (Nigerian 419) 1.7 SARE_FRAUD_X5 Matches 5+ phrases commonly used in fraud spam 1.7 SARE_FRAUD_X3 Matches 3+ phrases commonly used in fraud spam 1.7 SARE_FRAUD_X4 Matches 4+ phrases commonly used in fraud spam 1.0 SAGREY Adds 1.0 to spam from first-time senders I read the HABEAS score as meaning ReturnPath thinks its a good sender? Is there any action that should be taken such as reporting this to them? -- KeyID 0xE372A7DA98E6705C
signature.asc
Description: This is a digitally signed message part