> Could someone help me with a SA body rule that would
> catch the email below? These are the only ones
> consistently getting past SA, and they always have an
> email address with a .info domain. I’d like the rule to
> catch any message with an [EMAIL PROTECTED] domain since we have
> no one legitimate that we can think of that would use a
> .info domain or email address. I know there are some
> legit .info domains out there, but the vast majority are
> spammers.
>
> --------
>
> Hello! I am bored this evening. I am nice girl that would
> like to chat with you. Email me at
> [EMAIL PROTECTED] only, because I am writing not
> from my personal email. If you would like to see some of
> my pictures.
>
> Sincerely,
>
> Charles Lai
I copy & pasted that snippet (no headers, only data) to spamassassin, and this
is what I got:
Content analysis details: (10.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 0.9987]
0.0 MISSING_MID Missing Message-Id: header
0.0 MISSING_DATE Missing Date: header
-0.0 NO_RELAYS Informational: message was not relayed via SMTP
2.5 MISSING_HB_SEP Missing blank line between message header and body
1.3 MISSING_HEADERS Missing To: header
1.8 MISSING_SUBJECT Missing Subject: header
-0.0 NO_RECEIVED Informational: message has no Received headers
0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822 headers
Ok, most rules just because there was no headers. But the point is that
BAYES_99 was triggered!
If you trust your bayes training, just tune it up to 5.0.
