Recent trend junkmails

Martin.Hepworth martinh at solidstatelogic.com
Thu Oct 16 07:12:26 IST 2008 

Hi

If you post the full email (with these nice headers on a pastebin or web page) I can run it over my system which has lots of extra rules and see what hits for me.

-- 
martin

-----Original Message-----
From:  <asakawa at quickd.net>
Sent: 16 October 2008 02:12
To: MailScanner discussion <mailscanner at lists.mailscanner.info>
Subject: Recent trend junkmails

Recent tendency
The junk e-mail uses PHPMailer+phplist for the sending origin. 

------------------------------Header--------------------------
X-Spam-ASN:
    
X-Spam-Flag:
    YES
X-Spam-Checker-Version:
    SpamAssassin 3.2.5 (2008-06-10) on MY-HOSTNAME
X-Spam-Level:
    **************
X-Spam-Status:
    Yes, score=14.7 required=10.0 tests=ARIN,CONTENT_TYPE_PRESENT,
    HTML_IMAGE_ONLY_16,HTML_IMAGE_RATIO_02,HTML_MESSAGE,HTML_SHORT_LINK_IMG_2,
    MIME_HTML_ONLY,QENCPTR1,RCVD_NUMERIC_HELO2,RDNS_NONE,REVDNSUNKNOWN,
    X_MAILER_PRESENT autolearn=disabled version=3.2.5
X-Spam-Report:
    *  0.1 ARIN Mail from ARIN area (USA)
    *  1.5 RCVD_NUMERIC_HELO2 Received: contains bracketted IP address string
    *      used for HELO
    * -0.1 CONTENT_TYPE_PRESENT exists:Content-Type
    *  0.1 X_MAILER_PRESENT exists:X-Mailer
    *  0.2 REVDNSUNKNOWN some MTA doesn't tell result of reverse dns lookup
    *      failure.
    *  0.6 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area
    *  1.0 HTML_MESSAGE BODY: HTML included in message
    *  0.4 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
    *  2.5 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words
    *  0.2 QENCPTR1 FULL: Quoted-Printable mime pattern
    *  0.2 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image
    *  8.0 RDNS_NONE Delivered to trusted network by a host with no rDNS
Received:
    from [207.145.249.242] ([207.145.249.242])
    by MY-HOSTNAME (8.13.1/8.13.1) with ESMTP id m9FElnE0012007
    for <support at MY-MAIL-HOSTNAME>; Wed, 15 Oct 2008 23:47:50 +0900
Date:
    Wed, 15 Oct 2008 10:45:05 -0400
To:
    support at MY-MAIL-HOSTNAME
From:
    Best Home Pharmacy <noreply at MY-HOSTNAME>
Subject:
    [JUNK] [SUPER-SPAM] Get everything or nothing
Message-ID:
    <96d4c43ea6e45bc2eb7cc20c1ebb46be at newsletter.Lgcare.co.kr>
X-Priority:
    3
X-Mailer:
    PHPMailer [version 1.73]
X-Mailer:
    phplist v2.10.4
X-MessageID:
    6291
X-ListMember:
    support at MY-MAIL-HOSTNAME
Precedence:
    bulk
MIME-Version:
    1.0
Content-Transfer-Encoding:
    8bit
Content-Type:
    text/html; charset="iso-8859-1"
X--MailScanner-Information:
    Please contact the ISP for more information
X--MailScanner-ID:
    m9FElnE0012007
X--MailScanner:
    Found to be clean
X--MailScanner-SpamCheck:
    spam, SpamAssassin (not cached, score=21.187,
    required 6, autolearn=disabled, ARIN 0.10,
    CONTENT_TYPE_PRESENT -0.10, DK_POLICY_SIGNSOME 0.00,
    HTML_IMAGE_ONLY_16 2.50, HTML_IMAGE_RATIO_02 0.55, HTML_MESSAGE 1.00,
    HTML_SHORT_LINK_IMG_2 0.24, MIME_HTML_ONLY 0.40, QENCPTR1 0.20,
    RAZOR2_CF_RANGE_51_100 2.50, RAZOR2_CF_RANGE_E4_51_100 1.50,
    RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 1.00,
    RCVD_NUMERIC_HELO2 1.50, RDNS_NONE 8.00, REVDNSUNKNOWN 0.20,
    X_MAILER_PRESENT 0.10)
X--MailScanner-SpamScore:
    sssssssssssssssssssss
MailScanner-From:
    oettepeg1985 at lgcare.co.kr
X-Spam-Prev-Subject:
    [SUPER-SPAM] Get everything or nothing
    
------------------------------Header--------------------------

Takashi Asakawa


-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

More information about the MailScanner mailing list