Re: [mailop] how to stop this spam

Thu, 20 Jun 2024 07:31:57 -0700 

Jeff Pang via mailop skrev den 2024-06-20 04:13:


Recently i got a lot of spams like this one:
https://cloud.hostcache.com/spam.eml



Content Domains: gmail.com google.com googlegroups.com

Content analysis details:   (13.6 points, 5.0 required)

 pts rule name              description

---- ---------------------- 
--------------------------------------------------
-5.0 RCVD_IN_DNSWL_HI       RBL: Sender listed at 
https://www.dnswl.org/, high

                            trust
                            [45.54.12.11 listed in list.dnswl.org]
 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

              [Blocked - see 
<https://www.spamcop.net/bl.shtml?199.10.31.238>]

 2.3 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record

 3.5 SPF_SOFTFAIL           SPF: sender does not match SPF record 
(softfail)

 0.0 ARC_SIGNED             Message has a ARC signature

 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not 
necessarily valid

 0.0 ARC_VALID              Message has a valid ARC signature
 3.0 DKIM_VALID_AU_FAIL     Meta: !DKIM_VALID_AU && SPF_SOFTFAIL
 3.0 DKIM_VALID_EF_FAIL     Meta: !DKIM_VALID_EF && SPF_SOFTFAIL

 0.0 KAM_DMARC_STATUS       Test Rule for DKIM or SPF Failure with 
Strict

                            Alignment

 0.1 DKIM_INVALID           DKIM or DK signature exists, but is not 
valid

 0.1 RELAYCOUNTRY_GREY      Relayed through at some point
 0.1 URL_FREEMAIL           Other untrustworthy TLDs
                            [URI: gmail.com]

-0.5 AUTHRES_DMARC_PASS     Authentication-Results: has "dmarc=pass" 
result
-0.5 AUTHRES_SPF_PASS       Authentication-Results: has "spf=pass" 
result
-0.5 AUTHRES_DKIM_PASS      Authentication-Results: has "dkim=pass" 
result

 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
                            domains are different
 0.1 URL_GOOGLE             Other untrustworthy Domains
                            [URI: gmail.com]

 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail 
provider

                            [aahad6707(at)gmail.com]

 2.8 UNWANTED_LANGUAGE_BODY BODY: Message written in an undesired 
language

                            [Languages detected: ar]
 0.0 HTML_MESSAGE           BODY: HTML included in message

 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted 
Colors

                            in HTML
-0.0 T_SCC_BODY_TEXT_LINE   No description available.

 0.4 KAM_NUMSUBJECT         Subject ends in numbers excluding current 
years
 0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay 
lines

 1.2 ITA_GMAIL_UNDISCLOSED  Undisclosed recipients from Gmail address

 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and 
EnvelopeFrom

                             freemail headers are different
 0.8 GB_FREEMAIL_NUM        Freemail spammy address
-0.1 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                            manager
 1.2 KAM_QUITE_BAD_DNSWL    Removing HostKarma and DNSWL HI Scoring for
                            Emails in various RBL

as seen with spamassassin
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop






















					Reply via email to