I did a casual search of my emails and didn't find any (spam or nonspam) with both, so this rule might not be useful unless spam of this type becomes more popular. Still might be worth having in the ruleset as it's highly unlikely to FP on any valid email.
Another aspect of this flaw is the heavy positive weights posessed by some mailers. This is easily added to a spam mail for bonus points, so I tend to view any USER_AGENT rule with a score less than -2 as being highly questionable, making an easy target for spam white listing.
At 12:37 PM 10/30/2002 -0500, Tim Helton wrote:
I got a spam today, that hit many rules, and still only got a 0.6 -Spam-Status: No, hits=0.6 required=5.0tests=BASE64_ENC_TEXT,CUSTOM_FREE_HD,CUSTOM_GET_FREE DATE_MISSING,FORGED_AOL_RCVD,IN_REP_TO,MISSING_MIMEOLE REMOVE_PAGE,SPAM_PHRASE_01_02,SUBJECT_HAS_DATE SUB_FREE_OFFER,USER_AGENT,USER_AGENT_MUTT,USER_AGENT_OE WEB_BUG version=2.41 It looks like it was abusing the "USER_AGENT" negative scoring to gain -5.5 points score USER_AGENT_OE -0.3 score USER_AGENT_MUTT -4.109 score USER_AGENT -1.143 Maybe it would be beneficial to see if more than 1 user agent is detected, and give it a +2, instead of a -5
-------------------------------------------------------
This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
