Recent trend junkmails

[asakawa at quickd.net]

Recent tendency
The junk e-mail uses PHPMailer+phplist for the sending origin. 

------------------------------Header--------------------------
X-Spam-ASN:
    
X-Spam-Flag:
    YES
X-Spam-Checker-Version:
    SpamAssassin 3.2.5 (2008-06-10) on MY-HOSTNAME
X-Spam-Level:
    **************
X-Spam-Status:
    Yes, score=14.7 required=10.0 tests=ARIN,CONTENT_TYPE_PRESENT,
    HTML_IMAGE_ONLY_16,HTML_IMAGE_RATIO_02,HTML_MESSAGE,HTML_SHORT_LINK_IMG_2,
    MIME_HTML_ONLY,QENCPTR1,RCVD_NUMERIC_HELO2,RDNS_NONE,REVDNSUNKNOWN,
    X_MAILER_PRESENT autolearn=disabled version=3.2.5
X-Spam-Report:
    *  0.1 ARIN Mail from ARIN area (USA)
    *  1.5 RCVD_NUMERIC_HELO2 Received: contains bracketted IP address string
    *      used for HELO
    * -0.1 CONTENT_TYPE_PRESENT exists:Content-Type
    *  0.1 X_MAILER_PRESENT exists:X-Mailer
    *  0.2 REVDNSUNKNOWN some MTA doesn't tell result of reverse dns lookup
    *      failure.
    *  0.6 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area
    *  1.0 HTML_MESSAGE BODY: HTML included in message
    *  0.4 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
    *  2.5 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words
    *  0.2 QENCPTR1 FULL: Quoted-Printable mime pattern
    *  0.2 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image
    *  8.0 RDNS_NONE Delivered to trusted network by a host with no rDNS
Received:
    from [207.145.249.242] ([207.145.249.242])
    by MY-HOSTNAME (8.13.1/8.13.1) with ESMTP id m9FElnE0012007
    for <support at MY-MAIL-HOSTNAME>; Wed, 15 Oct 2008 23:47:50 +0900
Date:
    Wed, 15 Oct 2008 10:45:05 -0400
To:
    support at MY-MAIL-HOSTNAME
From:
    Best Home Pharmacy <noreply at MY-HOSTNAME>
Subject:
    [JUNK] [SUPER-SPAM] Get everything or nothing
Message-ID:
    <96d4c43ea6e45bc2eb7cc20c1ebb46be at newsletter.Lgcare.co.kr>
X-Priority:
    3
X-Mailer:
    PHPMailer [version 1.73]
X-Mailer:
    phplist v2.10.4
X-MessageID:
    6291
X-ListMember:
    support at MY-MAIL-HOSTNAME
Precedence:
    bulk
MIME-Version:
    1.0
Content-Transfer-Encoding:
    8bit
Content-Type:
    text/html; charset="iso-8859-1"
X--MailScanner-Information:
    Please contact the ISP for more information
X--MailScanner-ID:
    m9FElnE0012007
X--MailScanner:
    Found to be clean
X--MailScanner-SpamCheck:
    spam, SpamAssassin (not cached, score=21.187,
    required 6, autolearn=disabled, ARIN 0.10,
    CONTENT_TYPE_PRESENT -0.10, DK_POLICY_SIGNSOME 0.00,
    HTML_IMAGE_ONLY_16 2.50, HTML_IMAGE_RATIO_02 0.55, HTML_MESSAGE 1.00,
    HTML_SHORT_LINK_IMG_2 0.24, MIME_HTML_ONLY 0.40, QENCPTR1 0.20,
    RAZOR2_CF_RANGE_51_100 2.50, RAZOR2_CF_RANGE_E4_51_100 1.50,
    RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 1.00,
    RCVD_NUMERIC_HELO2 1.50, RDNS_NONE 8.00, REVDNSUNKNOWN 0.20,
    X_MAILER_PRESENT 0.10)
X--MailScanner-SpamScore:
    sssssssssssssssssssss
MailScanner-From:
    oettepeg1985 at lgcare.co.kr
X-Spam-Prev-Subject:
    [SUPER-SPAM] Get everything or nothing
    
------------------------------Header--------------------------

Takashi Asakawa