How do I beat this spam?

John Wilcock john at tradoc.fr
Thu Jun 24 15:32:10 IST 2010 

Le 23/06/2010 17:48, Peter Ong a écrit :
> Here's the original message with headers:
> http://pastebin.com/NpZnVU2T

That scores pretty high here (see below). Admittedly most of the points 
are from Bayes and network checks, but even if the sender wasn't 
blacklisted at the time you received the mail there should have been 
enough fodder to score as spam.

> Content analysis details:   (15.2 points, 5.0 required)
>
>  pts rule name              description
> ---- ---------------------- --------------------------------------------------
>  1.3 RCVD_IN_RP_RNBL        RBL: Relay in RNBL,
>                             https://senderscore.org/blacklistlookup/
>                             [208.92.232.69 listed in bl.score.senderscore.com]
>  1.4 RCVD_IN_BRBL_LASTEXT   RBL: RCVD_IN_BRBL_LASTEXT
>                             [208.92.232.69 listed in bb.barracudacentral.org]
>  1.7 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
>                             [URIs: netmagasap.com]
>  3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
>                             [score: 1.0000]
>  0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay lines
>  0.4 HTML_IMAGE_RATIO_02    BODY: HTML has a low ratio of text to image area
>  0.0 HTML_MESSAGE           BODY: HTML included in message
>  0.8 MPART_ALT_DIFF         BODY: HTML and text parts are different
>  0.5 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
>  0.0 MIME_BASE64_TEXT       RAW: Message text disguised using base64 encoding
>  1.5 DCC_CHECK              Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
>  0.9 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
>  1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
>                             above 50%
>                             [cf: 100]
>  0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
>                             [cf: 100]
>  0.3 DIGEST_MULTIPLE        Message hits more than one network digest check
>  0.4 HTML_MIME_NO_HTML_TAG  HTML-only message, but there is no HTML tag
>  0.0 MIME_HTML_ONLY_MULTI   Multipart message only has text/html MIME parts
>  0.0 T_REMOTE_IMAGE         Message contains an external image

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr

More information about the MailScanner mailing list