> /My dog is very promiscuous\./
>
> ...while enigmatic, this could very well hit quite a few porn spams!
>
LOL!!
I looked thru some corpus and I have a bunch of these spams. They score from
8.5-24 points :)
Common points among the spams:
Sent from differnt IP's (What a surprise!)
All have a tracking header, but name changed:
Kel-Tracking: <Y3NhbnRlcnJlQG1lcmNoYW50c292ZXJzZWFzLmNvbQ==>
The key is it they ALL ended with "==>"
X-Mailer: PHP (or PHP2) in header.
All tried to use the To: Me From: Me trick.
All have a workstation name in the forged received header (except one)
Received: from computer [66.1.188.160] by munged.com with eSMTP;
Mon, 3 Nov 2003 19:10:40 -0700
And that workstation name show up at the end of the message ID:
Message-ID: <[EMAIL PROTECTED]>
They all had HTML titles ;)
The latest ones had empty heads (pun intended!)
<head></head>
And more importantly they ALL had more numbers then letters in their OBFU.
Trying to get past a lot of OBFU rules. Looks like we need a little update
to those:
"4KO79TS427f64R6bc59687J81Sd6269Wx7TIo58wn3564V852B1y6996imIdec"
They all used period OBFU.
So we have even more we can tag them on. Like I said, these were caught, and
never delievered even without looking for these things.
--Chris
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
