> Thanks > > 1 scored like this: > > Content analysis details: (12.9 points, 5.0 required) > > pts rule name description > ---- ---------------------- -------------------------------------------------- > -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low > trust > [70.103.162.29 listed in list.dnswl.org] > 1.0 FREEMAIL_FROM From-address is freemail domain > 0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral) > 0.0 DK_SIGNED Domain Keys: message has a signature > 0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail) > [SPF failed: Please see > http://www.openspf.org/Why?id=mx1.riseup.net&ip=10.8.0.3&receiver=cpollock.localdomain] > 2.0 FREEMAIL_REPLYTO Different freemail address found in Reply-To or > Body > than From > 0.0 HTML_MESSAGE BODY: HTML included in message > 1.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% > [score: 0.5005] > 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) > 2.2 DCC_CHECK listed in DCC (http://rhyolite.com/anti-spam/dcc/) > [cpollock 1117; Body=1 Fuz1=many] > [Fuz2=many] > 0.0 DIGEST_MULTIPLE Message hits more than one network digest check > 0.1 RDNS_NONE Delivered to trusted network by a host with no > rDNS > 2.9 KAM_LOTTO1 Likely to be a e-Lotto Scam Email > 2.5 L_UNVERIFIED_GMAIL L_UNVERIFIED_GMAIL > 1.0 SAGREY Adds 1.0 to spam from first-time senders > > 2 scored: > > Content analysis details: (12.6 points, 5.0 required) > > pts rule name description > ---- ---------------------- -------------------------------------------------- > -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low > trust > [70.103.162.29 listed in list.dnswl.org]
The number of DNSWL_LOW and DNSWL_MED misfires have gone up especially in last two days. Even Marc's JMF_W misfires. What it means is these are "good" mailservers who normally relay ham and have some weak links ( weak password etc ) that just got exposed Also I notice a definite pattern. These are 419 scams and come up only in the weekends. Probably the spammers expect that action will be late since most systems guys will be away from work ?
