Spam scoring

Every once in a while I love to look through my spam folder just to see what makes spamassassin mark something really high. Here is one that got 49 points:

*  4.5 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
*  4.4 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
*  0.1 FORGED_RCVD_HELO Received: contains a forged HELO
*  1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
*  0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
*      lines
*  2.0 HTML_MESSAGE BODY: HTML included in message
*  5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
*      [score: 1.0000]
*  4.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
*  3.7 PYZOR_CHECK Listed in Pyzor (
*  0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in
*  2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
*      [Blocked - see ]
*  3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
*      [ listed in]
*  2.5 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
*  2.7 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
*  4.5 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME
*      parts
*  2.6 FORGED_MSGID_HOTMAIL Message-ID is forged, (
*  1.6 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
*  4.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

A few of these I’ve cranked up, like MIME_HTML_ONLY, as I don’t get any useful mail that is only text/html formatted. I still like that SA detects things like MIME_BOUND_DD_DIGITS. 🙂

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s