I am writing some new local rules to my local.cf, so I am watching the headers
of emails I receive and I notice this rule that appears in an obvious spam
email:
* -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better
Subject: Value Product Offers from Admints and Zagabor
Otherwise this email would have been tagged as spam:
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on
xxxxx.xxxxx.com
X-Spam-Level: **
X-Spam-Status: No, score=2.5 required=5.0 tests=HABEAS_ACCREDITED_SOI,
HTML_IMAGE_RATIO_02,HTML_MESSAGE,LR_URI_NUMERIC_ENDING,MISSING_MID,
MPART_ALT_DIFF,MPART_ALT_DIFF_COUNT,SARE_UNSUB09 autolearn=no
version=3.2.1
X-Spam-Report:
* 0.0 MISSING_MID Missing Message-Id: header
* 1.3 SARE_UNSUB09 URI: SARE_UNSUB09
* 2.0 LR_URI_NUMERIC_ENDING URI: Ends in a number of at least 4 digits
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 1.9 MPART_ALT_DIFF_COUNT BODY: HTML and text parts are different
* 1.1 MPART_ALT_DIFF BODY: HTML and text parts are different
* 0.6 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image
area
* -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better
* [66.59.8.161 listed in sa-accredit.habeas.com]
I don't opt in for anything....opt in emails to me are nothing but plain bogus
spam. I don't want any of this kind of spam email and I absolutely do not ever
ask for it. This comes from 'mailengine.8lmediamail.com (66.59.8.161)'
and looks like an unsolicited bulk emailer to me by the email address.
How did this UBE spammer get a score of -4.3 in the SA-Update rule sets? It
makes me feel like the spamassassin rules have been infiltrated and
compromised...
If these guys are "legit" via sa-accredit.habeas.com, then I'm saying they are
scamming and abusing, as well as spamming.
Wes
