ram wrote: > Now we have nigerian spam that actually refers to compensating > victims of scam > > https://ecm.netcore.co.in/tmp/nigerian.txt > > The spammer is insane. Does he thing a real victim would be foolish > enough to fall in his trap again > > OTOH > Unfortunately , this mail went clean thru all my SA-rules ( SA 3.2.3 > ) as well as custom scanners
I stripped your MS headerlines from the email and ran it through our SA-3.1.8: Content analysis details: (16.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.8 UNDISC_RECIPS Valid-looking To "undisclosed-recipients" 1.1 SPF_NEUTRAL SPF: sender does not match SPF record (neutral) [SPF failed: Please see http://www.openspf.org/why.html?sender=infolott8%40bellsouth.net&ip=202. 162.229.17&receiver=koekoek.dcyb.net] 1.0 SUBJ_ALL_CAPS Subject is all capitals 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 0.0 HTML_MESSAGE BODY: HTML included in message 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org 1.4 DNS_FROM_RFC_WHOIS RBL: Envelope sender in whois.rfc-ignorant.org 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <http://www.spamcop.net/bl.shtml?81.199.89.27>] 1.7 DNS_FROM_RFC_POST RBL: Envelope sender in postmaster.rfc-ignorant.org 3.3 ADVANCE_FEE_3 Appears to be advance fee fraud (Nigerian 419) 0.0 ADVANCE_FEE_1 Appears to be advance fee fraud (Nigerian 419) 0.3 MIME_BOUND_NEXTPART Spam tool pattern in MIME boundary 1.4 ADVANCE_FEE_2 Appears to be advance fee fraud (Nigerian 419) I suppose SA-3.2.3 should be able to give similar results.
