Re: Anyone else seem spam like this?

22 Apr 2005 23:35:56 -0000

Matthew Newton wrote: 
Hi,

Have had several spams over the last few days with the exact paragraph
below. Anyone else seen similar messages? Any rules available?

Can't yet think of how to write rules for this, as it's so non-spam it
obviously is (of that makes any sense). I'll have a think about it.

There is an HTML part, too, that is not included below. It doesn't seem
to say too much more than this paragraph though.

Also, looking at the subject line, looks like the spammers are using the
technique of muddling all the middle letters of words but leaving the
first and last letters as normal. ISTR that some research recently
showed that people could understand words muddled up like this very
easily. Maybe it needs a new SA rule or plugin (don't know how this
would be done; would a plugin be needed?).

Thanks

Matthew


----- Forwarded message from Lolita Mcintosh <[EMAIL PROTECTED]> -----

Subject: Re: Fuond a betetr suotloin
X-Spam-Score: (/) 0.4
X-Spam-Report: This e-mail has been scored by SpamAssassin 3.0.2
        Pts Rule name              Description
        ---- ---------------------- ---------------------------------------
        0.0 HTML_TEXT_AFTER_HTML   BODY: HTML contains text after HTML close tag
        0.1 HTML_TEXT_AFTER_BODY   BODY: HTML contains text after BODY close tag
        0.0 HTML_MESSAGE           BODY: HTML included in message
        0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60%
        [score: 0.5002]
        0.1 HTML_TAG_EXIST_TBODY   BODY: HTML has "tbody" tag
        0.1 HTML_FONT_BIG          BODY: HTML tag for a big font size
        0.1 RCVD_IN_NJABL_DUL      RBL: NJABL: dialup sender did non-local SMTP
        [24.220.150.223 listed in combined.njabl.org]


<snip>

0.0 BAYES_50 <-- indicates that bayes things this is neither ham nor spam. Training here will help.

the other few rules that did hit could be bumped up slightly, again, you would need to test this with your hams to make sure to not get any FP. Another thing to consider is how often do you or your clients use this phrase:
"Fuond a betetr suotloin"
or many of the other phrases in that mail? If it is nearly never, then you could make a rule to look for that subject and some key phrases in that mail (I'm not any good at regex, but if it is that bad, you could learn it :-D ) that could key other rules. A few points here/there do help.

HTH

--
Thanks,
JamesDR

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to