Spam getting VERY low scores

Mon Oct 2 15:02:02 UTC 2017

Sorry about that, that all makes sense.

Here are the headers, spam report, and body of 1 of the emails in question:
_________________________________________________________________________
Headers:
Received: from mail.cm-topsci.com (mail.cm-topsci.com [58.135.84.25])
     by mailscanner.snjlaw.local (Postfix) with ESMTP id 3AED34109D29
     for <bpeters at snj.ca>; Sun, 1 Oct 2017 15:46:31 -0500 (CDT)
Received: from mail.cm-topsci.com (localhost [127.0.0.1])
     by mail.cm-topsci.com (Postfix) with ESMTP id 353CAC0A13;
     Mon, 2 Oct 2017 04:24:55 +0800 (CST)
Received: from WIN-SK7OE0QJF48.interserver.net (unknown [104.37.191.76])
     by mail.cm-topsci.com (Postfix) with ESMTPA id E172CC09E4;
     Mon, 2 Oct 2017 04:24:49 +0800 (CST)
Content-Type: multipart/mixed; boundary="===============1927870099=="
MIME-Version: 1.0
Subject: Hey!!
To: Recipients <guest at evinkor.synology.me>
From: "Miss Vicky" <guest at evinkor.synology.me>
Date: Sun, 01 Oct 2017 16:24:54 -0400
Reply-To: missvicky607 at gmail.com
X-Virus-Scanned: ClamAV using ClamSMTP

Spam report:
-5.00BAYES_05Bayes spam probability is 1 to 5%
2.10FREEMAIL_FORGED_REPLYTOFreemail in Reply-To, but not From
0.25FREEMAIL_REPLYTO_END_DIGITReply-To freemail username ends in digit
0.50MISSING_MIDMissing Message-Id: header
0.01T_HK_NAME_MR_MRS

Text in the body was:
Hi, I am miss Vicky I would like to be your friend. It takes two to TANGLE
and make a trail of friendship. I would have to know more about you and i
am sending a picture of my self to you already. I would love to receive an
email from you, telling me more about yourself and some photos of you as
well. I am HONEST and PASSIONATE, NICE and FAITHFUL as well. Love hearing
from you. We can then pursue this further on through email:
missvicky607 at gmail.com.

_________________________________________________________________________

That is obviously spam content, what am I missing that SA or MS would miss that being spam?

Thanks!

-----Original Message-----
From: MailScanner [mailto:mailscanner-bounces+q=snj.ca at lists.mailscanner.info] On Behalf Of Antony Stone
Sent: Monday, October 2, 2017 9:57 AM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Subject: Re: Spam getting VERY low scores

On Monday 02 October 2017 at 16:01:06, Quintin S. Giesbrecht wrote:

> Why is this happening?  I've attached a few samples. Getting in the -
> scores for spam. These were caught because they also were in enough
> RBLs, but they never should have got these low scores.

1. Please don't paste spam samples directly to the list - upload them to pastebin or similar, and give us a link.

2. There's little point in just sending us the bodies of the emails with a comment "getting very low scores" - we need to see the headers too (sanitise them if you have confidential stuff there, but show us the external details).

3. Make sure you show us the headers giving the SA scores, or the log file entries if the scores aren't added to the headers, so we can see what tests you are running and what results you're getting - otherwise we have nothing to compare with.

Hope that helps,

Antony.

--
Why is "dylexia" so difficult to spell, and why can I never remember "aphasia"
when I want to?

                                                   Please reply to the list;
                                                         please *don't* CC me.

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

________________________________
This communication, including its attachments, if any, is confidential and intended only for the person(s) to whom it is addressed, and may contain proprietary and/or privileged material. Any unauthorized review, disclosure, copying, other distribution of this communication or taking of any action in reliance on its contents is strictly prohibited. If you have received this message in error, please notify SNJ immediately so that we may amend our records. Then, please delete this message, and its attachments, if any, without reading, copying or forwarding it to anyone.