|

»

SpamAssassin - Users

Low Score - {Brazillian Host} Lottery Spam

View: New views

5 Messages — Rating Filter: Alert me

	Low Score - {Brazillian Host} Lottery Spam by richard@buzzhost.co.uk :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Anyone else seeing these today? Or seen them recently? http://pastebin.com/m4e25954f score=0.1 Subject was real neat: Subject: =?ISO-8859-1?B?WW91IFdvbiCjMQ==?=,750,000.00 GBP You Won £750,000.00 GBP {surprised this did not bite} End of the message is missing on the five of them that I've had (not a paste error).
	Re: Low Score - {Brazillian Host} Lottery Spam by Adam Katz-10 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message richard@... wrote: > Anyone else seeing these today? Or seen them recently? > > http://pastebin.com/m4e25954f > > score=0.1 > > Subject was real neat: > Subject: =?ISO-8859-1?B?WW91IFdvbiCjMQ==?=,750,000.00 GBP > > You Won £750,000.00 GBP {surprised this did not bite} > > > End of the message is missing on the five of them that I've had > (not a paste error). Interesting. I'm also surprised that doesn't hit one of the many large-sum money checks. Scored 5.2 for me (bayes_99 plus a few custom rules of questionable utility). Content analysis details: (5.2 points, 5.0 required) pts rule name description ---- ------------------ ------------------------------------- 3.9 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 0.9998] 0.6 KHOP_SC_TOP_CIDR8 Relay listed in SpamCop top 4 IP/8 CIDRs -0.0 SPF_PASS SPF: sender matches SPF record 0.8 FROM_NOT_REPLY From: and Reply-To: have different domains 0.0 KHOP_NO_FULL_NAME Sender does not have both First and Last names 0.0 KHOP_NEW_TO_ME New sender in new thread Note that FROM_NOT_REPLY and KHOP_NEW_TO_ME are non-published rules. The former requires a plugin. KHOP_NO_FULL_NAME (now in khop-lists) is zeroed and KHOP_SC_TOP_CIDR8 (from khop-sc-neighbors) is arguably unfair given its broad range (though it certainly did its work here).
	Re: Low Score - {Brazillian Host} Lottery Spam by John Hardin :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Tue, 27 Oct 2009, richard@... wrote: > Anyone else seeing these today? Or seen them recently? > > http://pastebin.com/m4e25954f I get lots like them. I'm working on updating the Advance Fee rules, but they won't be released until 3.3.1 In my testbed with sandbox rules, that got: pts rule name description ---- ---------------------- -------------------------------------------------- 0.5 LOTTO_AGENT BODY: Claims Agent 1.0 FILL_THIS_FORM_LONG BODY: Fill in a form with personal information 1.0 LOTTO_YOU_WON You won! 0.0 LOTS_OF_MONEY Huge... sums of money 1.0 FILL_THIS_FORM Fill in a form with personal information 0.5 FILL_THIS_FORM_LOAN Answer loan question(s) 1.0 ADVANCE_FEE_2_NEW Appears to be advance fee fraud (Nigerian 419) 3.0 MONEY_FORM Lots of money if you fill out a form 1.0 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419) 1.5 MONEY_LOTTERY Lots of money from a lottery 0.2 MONEY_FRAUD Lots of money and any of the fraud rules 1.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money 1.0 ADVANCE_FEE_3_NEW_FORM Advance Fee fraud and a form 1.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money 1.0 ADVANCE_FEE_2_NEW_FORM Advance Fee fraud and a form 1.0 ADVANCE_FEE_2_NEW_FRM_MNY Advance Fee fraud and lots of money 1.0 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud and lots of money 0.2 FORM_FRAUD Fill a form and any of the fraud rules Yes, there's some overlap; these _are_ testing rules, after all... Contact me offlist if you want to install the sandbox rules for them, I'll give you instructions. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhardin@... FALaholic #11174 pgpk -a jhardin@... key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- ...the Fates notice those who buy chainsaws... -- www.darwinawards.com ----------------------------------------------------------------------- 4 days until Halloween
	Re: Low Score - {Brazillian Host} Lottery Spam by John Hardin :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Tue, 27 Oct 2009, Adam Katz wrote: > richard@... wrote: >> >> You Won £750,000.00 GBP {surprised this did not bite} > > Interesting. I'm also surprised that doesn't hit one of the many > large-sum money checks. The existing ones are weak w/r/t non-USD currencies. That's one reason I started on the lotsa_money stuff. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhardin@... FALaholic #11174 pgpk -a jhardin@... key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- ...the Fates notice those who buy chainsaws... -- www.darwinawards.com ----------------------------------------------------------------------- 4 days until Halloween
	Re: Low Score - {Brazillian Host} Lottery Spam by Benny Pedersen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On tir 27 okt 2009 18:27:24 CET, John Hardin wrote > Contact me offlist if you want to install the sandbox rules for > them, I'll give you instructions. undisclosed recipient with a freemail body hit if i won why would i not be in the to: :) -- xpoint