I get a similar score now, when they first came in they didn't hit any of the SURBL or RAZOR rules so it scored very low. I was looking for a way to hit the scheme they are using before they make it into the various block lists. I had quite a few on several servers in just a few min.
I wrote a sequence of meta rules that seem to catch it well and they didn't get any FPs with mass-check, but they didn't get any hits either (using spam, spam_2 and hard_ham). I assume since they didn't get hits on the public corpus but hit every one I have actually recieved this is a fairly new trick. I guess I will just watch them for a while and see how they do in real life. Rick > -----Original Message----- > From: Kai Schaetzl [mailto:[EMAIL PROTECTED] > Sent: Sunday, November 20, 2005 12:31 PM > To: users@spamassassin.apache.org > Subject: Re: Clever Spammers, Anything to catch this? > > > Doesn't score that bad (I removed the hits on missing ehader stuff). > > * 2.1 BAYES_95 BODY: Bayesian spam probability is 95 to 99% > * [score: 0.9854] > * 1.7 SARE_SPEC_LEO_LINE04 RAW: common Leo body text > * 1.5 URIBL_SBL Contains an URL listed in the SBL blocklist > * [URIs: seltagook.com] > * 3.0 URIBL_JP_SURBL Contains an URL listed in the JP SURBL > blocklist > * [URIs: seltagook.com] > * 2.0 URIBL_XS_SURBL Has URI in XS - Testing > * [URIs: seltagook.com] > * 0.4 URIBL_AB_SURBL Contains an URL listed in the AB SURBL > blocklist > * [URIs: seltagook.com] > * 3.0 URIBL_SC2_SURBL Has URI in SC2 SURBL list > * [URIs: seltagook.com] > * 4.0 URIBL_SC_SURBL Contains an URL listed in the SC SURBL > blocklist > * [URIs: seltagook.com] > * 0.0 UPPERCASE_50_75 message body is 50-75% uppercase > > > Kai > > -- > Kai Schätzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > IE-Center: http://ie5.de & http://msie.winware.org > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
