spamassassin rulesets and UK bank phishing
Randal, Phil
prandal at HEREFORDSHIRE.GOV.UK
Mon Apr 19 15:58:13 IST 2004
A current Lloyds Bank Phishing scam was detected (and blocked here)
5.40 BAYES_99 Bayesian spam probability is 99 to 100%
0.99 FROM_ENDS_IN_NUMS From: ends in numbers
0.10 HTML_FONTCOLOR_UNSAFE HTML font color not in safe 6x6x6 palette
1.00 HTML_IMAGE_ONLY_04 HTML: images with 200-400 bytes of words
0.10 HTML_MESSAGE HTML included in message
1.51 HTTP_ESCAPED_HOST Uses %-escapes inside a URL's hostname
0.78 HTTP_EXCESSIVE_ESCAPES Completely unnecessary %-escapes inside a
URL
0.05 LG_4C_2V_3C Gibberish found?
1.17 LOC_BADYAHOOMSGID1 From Charles Gregory
1.60 RCVD_IN_DSBL Received via a relay in list.dsbl.org
0.10 RCVD_IN_RFCI Sent via a relay in ipwhois.rfc-ignorant.org
0.10 RCVD_IN_SORBS SORBS: sender is listed in SORBS
I'd up the score for HTTP_ESCAPED_HOST if you're not scoring highly enough.
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Ray Gardener
> Sent: 19 April 2004 15:47
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: spamassassin rulesets and UK bank phishing
>
> Hi,
>
> I'm looking for ruleset additions to detect phishing attempts
> that refer to UK financial establishments. Does anyone know of any?
>
> Thanks,
>
> Ray Gardener,
> Sheffield Hallam University
> 0114 225 4926
>
More information about the MailScanner
mailing list