Dear maintainers, I've got a false positive with FRT_VALIUM1, FRT_VALIUM2 and FUZZY_VLIUM with a german announcement from Paypal about changing their general terms and conditions. Maybe those rules can be optimized?
Message is at http://zmi.at/x/frt_valium_fp.txt because I couldn't send it to the list directly: host mx1.eu.apache.org[192.87.106.230] said: 552 spam score (14.3) exceeded threshold (in reply to end of DATA command) Thanks, mfg zmi Analyse Details: (5.6 points, 5.0 required) Pkt Name der Regel Beschreibung ---- ---------------------- ------------------------------------------------- 1.1 URI_IN_SORBS_DNS_SPAM URI in spam.dnsbl.sorbs.net [URIs: salesforce.com] -0.3 L_P0F_D11 L_P0F_D11 -0.0 SPF_PASS SPF: Senderechner entspricht SPF-Datensatz 0.0 BOTNET_SERVERWORDS Hostname contains server-like substrings [botnet_serverwords,ip=206.165.243.121,rdns=email-121.paypal.com] 0.0 DKIM_SIGNED Domain Keys Identified Mail: message has a signature 1.6 FRT_VALIUM1 BODY: ReplaceTags: Valium 0.0 FUZZY_VLIUM BODY: Attempt to obfuscate words in spam 1.3 FRT_VALIUM2 BODY: ReplaceTags: Valium (2) 2.0 TRACKER_ID BODY: Beinhaltet eine Identitätsnummer zur Nutzerbeobachtung 1.2 FUZZY_CREDIT BODY: Attempt to obfuscate words in spam -3.6 BAYES_00 BODY: Spamwahrscheinlichkeit nach Bayes- Test: 0-1% [score: 0.0000] 0.0 HTML_MESSAGE BODY: Nachricht enthält HTML 0.7 MPART_ALT_DIFF BODY: Nachrichtentext im Text- und HTML- Format unterscheiden sich 1.4 MIME_QP_LONG_LINE RAW: "quoted-printable"-kodierte Zeile länger als 76 Zeichen 0.1 AWL AWL: From: address is in the auto white-list -- // Michael Monnerie, Ing.BSc ----- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import" // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4
signature.asc
Description: This is a digitally signed message part.
