> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> To: users@spamassassin.apache.org
> Subject: how to send spam?
> Hi there,
>
> I recently received some spam with XXXXX and xxxxxx in the
> body and peniss in the subject, but it just was below the
> threshold. So I tried to send it to the list, but in the
> meantime dns based tests caught up, and the list server
> refused to accept it because it was over limit (retesting the
> same message today resulted in 16 and some change)
>
> I am running stock 3.0.4 and a few SARE rules, but none of
> them fired. How can I send this spam so that developers can
> see how it escapes the checks?
The experts will give you perhaps more ideas but how about
this:
1) Post it on a web page -- send the link
(This is really best since it doesn't polute
everyone's corpus and will not be caught by
anyone's filters per se.)
2) If is just the filters AT YOUR site which
concern you, then write/use some Negative rules
(whitelist the list, add whitelist 'code words'
you can use, etc.)
Note, that #1 is better for passing our (other people's
filters) but we all pretty much have to arrange the
second one just to receive much of what originates on spam
discussion lists (spamassassin, spam-l, etc.)
And either use an attachment or put it in the body of
your list message -- don't use the original (offensive)
subject since subject rules are usually scored much
higher than body rules.
For my system, an obfuscated word for the male appendage
or performance enhancing supplements is actually WORSE
than the words themselves (some of my rules check for
the obfuscated version and NOT the clear version and
score MUCH higher in those cases.)
The theory is that if you wish to talk anatomy or
medical treatment then perhaps that is acceptable, but
if you are trying to hide the fact the message contains
those words, then that is a virtually certain spam sign.
(Except on lists like this. <Grin>)
--
Herb Martin
