Re: The EmailBL test zone period has been extended to July 1st.

Fri, 22 May 2009 10:58:23 -0700 

On Fri, 2009-05-22 at 12:07 +0200, Yet Another Ninja wrote:
> FYI:
> 
> The EmailBL test zone period has been extended to July 1st.

Since it has been extended, I decided to go ahead and fire it up this
morning.

I'm mainly looking at overlap.  It seems to be relatively distinct from
other tests that are looking for 419 scams:
$ grep EMAILBL_TEST_LEM=  /var/log/mail/info | grep -P -o 'tests=.+?\]'
| grep -o -P '[\w_]+?=' | sort | uniq -c | sort -rn
     67 tests=
     67 EMAILBL_TEST_LEM=
     62 EMAILBL_TEST_LEM_REPLYTO=
     42 FORGED_MUA_OUTLOOK=
     41 ADVANCE_FEE_2=
     40 L_P0F_Linux=
     38 EMAILBL_TEST_LEM_BODY=
     33 MSOE_MID_WRONG_CASE=
     31 EMAILBL_TEST_LEM_FROM=
     29 RCVD_IN_BRBL_RELAY=
     28 SUBJ_ALL_CAPS=
     27 RAZOR2_CHECK=
     26 ADVANCE_FEE_3=
     24 UNOFFICIAL=
     23 RELAY_US=
     22 SARE_FRAUD_X3=
     22 MILLION_USD=
     22 JM_SOUGHT_FRAUD_3=
     21 RAZOR2_CF_RANGE_51_100=
     21 BOTNET_SOHO=
     20 RAZOR2_CF_RANGE_E4_51_100=
     20 HTML_MESSAGE=
     20 BOTNET_OTHER=
     18 RCVD_IN_BL_SPAMCOP_NET=
     18 JM_SOUGHT_FRAUD_2=
     17 L_UNVERIFIED_GMAIL=
     16 RCVD_IN_SORBS_WEB=
     16 ADVANCE_FEE_4=
     15 SPF_NEUTRAL=
     14 US_DOLLARS_3=
     13 SARE_FRAUD_X4=
     13 RELAY_CN=
     13 RDNS_NONE=
     12 SPF_SOFTFAIL=
     12 RELAY_NG=
     12 RAZOR2_CF_RANGE_E4_100=
     12 MIME_HTML_ONLY=
     11 RELAY_TW=
     11 RCVD_IN_INVLSIP_RELAY=
     11 L_P0F_W=
     10 UPPERCASE_75_100=
     10 SPF_PASS=
     10 L_P0F_Unix=
      9 FORGED_OUTLOOK_TAGS=
      9 FORGED_OUTLOOK_HTML=
      9 DEAR_FRIEND=
      8 RDNS_DYNAMIC=
      7 URG_BIZ=
      7 RCVD_IN_SBL=
      6 SARE_FRAUD_X5=
      6 L_P0F_UNKN=
      6 HTML_MIME_NO_HTML_TAG=
      5 XMAILER_MIMEOLE_OL_1ECD5=
      5 JM_SOUGHT_FRAUD_1=
      4 UNPARSEABLE_RELAY=
      4 NA_DOLLARS=
      4 L_UNVERIFIED_YAHOO=
      3 SARE_FRAUD_X6=
      3 MIME_QP_LONG_LINE=
      3 INVALID_MSGID=
      3 DEAR_SOMETHING=
      2 SPF_HELO_PASS=
      2 SPF_FAIL=
      2 SARE_SXLIFE=
      2 RELAY_KR=
      2 RELAY_BR=
      2 RCVD_IN_NJABL_PROXY=
      2 MSGID_FROM_MTA_HEADER=
      2 FREEMAIL_REPLYTO=
      2 FREEMAIL_FROM=
      2 FORGED_HOTMAIL_RCVD2=
      2 FAKE_REPLY_C=
      2 DKIM_VERIFIED=
      2 DKIM_SIGNED=
      2 DATE_IN_PAST_12_24=
      2 DATE_IN_PAST_03_06=
      2 DATE_IN_FUTURE_06_12=
      2 BOTNET_W=
      1 URIBL_RHS_DOB=
      1 URIBL_OB_SURBL=
      1 URIBL_INVL=
      1 UPPERCASE_50_75=
      1 SARE_UNSUB38=
      1 SARE_PROLOSTOCK_SYM3=
      1 SARE_LWOILCO=
      1 RELAY_RU=
      1 RCVD_IN_INVLSIP24_RELAY=
      1 RCVD_IN_DNSWL_MED=
      1 RCVD_DOUBLE_IP_LOOSE=
      1 RAZOR2_CF_RANGE_E8_51_100=
      1 RAZOR2_CF_RANGE_E8_100=
      1 MPART_ALT_DIFF=
      1 KAM_LOTTO1=
      1 HTML_FONT_SIZE_LARGE=
      1 FUZZY_AMBIEN=
      1 FORGED_YAHOO_RCVD=
      1 FIN_FREE=
      1 FB_WORD1_END_DOLLAR=
      1 DATE_IN_FUTURE_12_24=
      1 CHARSET_FARAWAY_HEADER=

-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
www.austinenergy.com

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to