Content analysis details: (5.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-2.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.8 DKIM_ADSP_ALL No valid author signature, domain signs all mail
-2.0 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.5 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length
greater than 79 characters
1.1 DCC_CHECK Detected as bulk mail by DCC
(dcc-servers.net<http://dcc-servers.net>)
1.0 KAM_HTMLNOISE Spam containing useless HTML padding
4.0 LOTS_OF_MONEY Huge... sums of money
0.0 T_REMOTE_IMAGE Message contains an external image
--
Jeremy McSpadden
Flux Labs | http://www.fluxlabs.net<http://www.fluxlabs.net/> | Endless
Solutions
Office : 850-250-5590x501<tel:850-250-5590;501> | Cell :
850-890-2543<tel:850-890-2543> | Fax : 850-254-2955<tel:850-254-2955>
On Feb 12, 2015, at 3:25 PM, Alex Regan
<mysqlstud...@gmail.com<mailto:mysqlstud...@gmail.com>> wrote:
Hi,
I was hoping someone could help me analyze this possible phishing scam:
http://pastebin.com/C0YTr3Wn
It hit bayes00 for me, which is obviously a problem, but the body looks to be
from an actual amazon email with the exception of a Word document attachment,
so is it all that unusual for it to hit bayes00?
I've added the IP range and sender to local blocklists. Can you suggest any
other possibilities for blocking these?
Any ideas greatly appreciated.
It's still not hitting any RBLs here for me.
Thanks,
Alex
