I cheat. I have a couple personal rules guaranteed to hit spam and no
ham whatsoever. They hit 100. "MOM Agent" is guaranteed spam. It seems
to hit 200. So it's not fair. I have, however, seen over 100 with pure
SARE rule sets so many of them were hit.
{^_-}
----- Original Message -----
From: "Roman Serbski" <[EMAIL PROTECTED]>
Hi all,
What was the highest score you've ever seen? I received a message
yesterday that was scored with 51.9(!). =)
SA in action: ;-)
Sat, 30 Apr 2005 19:45:21 KGST:80593: SA: REPORT hits = 51.9/3.5
4.1 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
1.2 SUBJ_HAS_SPACES Subject contains lots of white space
3.5 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2)
3.8 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
0.1 RCVD_BY_IP Received by mail server with no name
0.0 FROM_ILLEGAL_CHARS From contains too many raw illegal characters
2.9 SUBJ_ILLEGAL_CHARS Subject contains too many raw illegal characters
2.1 HEAD_ILLEGAL_CHARS Header contains too many raw illegal characters
0.5 HTTP_ESCAPED_HOST URI: Uses %-escapes inside a URL's hostname
0.2 HTTP_EXCESSIVE_ESCAPES URI: Completely unnecessary %-escapes inside a
URL
2.0 HTML_TAG_EXIST_MARQUEE BODY: HTML has "marquee" tag
0.0 HTML_TEXT_AFTER_HTML BODY: HTML contains text after HTML close tag
0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close tag
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_FACE_BAD BODY: HTML font face is not a word
0.1 HTML_FONT_BIG BODY: HTML tag for a big font size
0.8 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar to background
0.1 MPART_ALT_DIFF BODY: HTML and text parts are different
0.0 HTML_SHOUTING3 BODY: HTML has very strong "shouting" markup
0.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above
50% [cf: 100]
0.0 HTML_NONELEMENT_00_10 BODY: 0% to 10% of HTML elements are non-standard
1.9 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000]
0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.5 HTML_EVENT_UNSAFE BODY: HTML contains unsafe auto-executing code
0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars
1.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.0 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP proxy server
[200.89.154.29 listed in dnsbl.sorbs.net]
0.4 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy
[200.89.154.29 listed in combined.njabl.org]
3.1 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[200.89.154.29 listed in sbl-xbl.spamhaus.org]
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address [200.89.154.29 listed in dnsbl.sorbs.net]
3.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?200.89.154.29>]
0.1 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[200.89.154.29 listed in combined.njabl.org]
1.0 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: ourk2.com]
1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: ourk2.com]
3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: ourk2.com]
4.1 RCVD_DOUBLE_IP_SPAM Bulk email fingerprint (double IP) found
0.6 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
2.4 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
0.0 UPPERCASE_25_50 message body is 25-50% uppercase
0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
3.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
Sat, 30 Apr 2005 19:45:21 KGST:80593: SA: yup, this smells like SPAM -
hits=51.9 - rejecting message...
