From: Craig Phillips <>

Sent: Friday, February 28, 2014 11:58 PM


Subject: Cocktail Talk - Abu, Spam Assassin.



Cocktail Talk


June 2014

Cocktail Talk


Welcome to CN Consulting's "Cocktail Talk".


Cocktail Talk is a casual monthly newsletter intended to arm you with amusing bits and bytes of information on whats happening in the computer world. Topics sure to break the ice and capture an audience at many a social or business event.


Cocktail Talk is archived on


Currently, on Cocktail Talk - Abu, Spam Assassin


I stopped sending email to people at 2 a.m. when they started answering. People don't check on their email anymore, their email checks on them.


With smart phones and tablets, people are always connected. We can't help ourselves, the phone rings we answer, email comes in we check it, human nature I guess. 


Spamassassin traps about 25 unwanted emails a day for each of my clients. That's 25 less false alarms.


We can usually tell by reading an email if it's bogus, but how does Spamassassin figure it out so we don't have to read it?


Spamassassin runs hundreds of tests on each email, gives each result a score, adds them up and compares them to a target number. Anything over the number gets the boot.


Spamassassin and I think the email below is bogus. Read it for yourself and see if you agree. I've grayed out the nerdy parts but wanted to leave them to show the points assigned and number of rules violated.


On a scale of 1-10, with 1 being the boy you want your daughter to date and 10 being the one she does, Spamassassin is set at a lenient 3.0.


-----Original Message----- 


Sent: Tuesday, February 25, 2014 10:15 AM 

Subject: * Marked as Spam * URGENT HELP NEEDED

Dear Friend, I am Mrs. Bin Jabber widow. I am moved to write you this letter; this was in confidence considering my present circumstance and situation, I have to escape two of our sons Abdul Aziz and Al Ramis Jabber and my only daughter 4year old out of Syria. I have been raped and my Husband was Murder and most of my Family members Killed in this war in Syria by President Assad Regime. But I have one son Abu Al Ramis Jabber in the Refugee camp Survived and my late Husband deposited about $19,000,000. Nineteen Million United States Dollars cash in our farm in Syria, and another $90,000,000 Dollars cash out of Syria. I am now a woman fighter I have join the Free Syria Army banner of the Al-Tawhid Brigade, a 13-strong unit of the Free Syria Army in Syria's largest city just to protect the life cash for my children................... 


Points  Rule                             Description

3.5       BAYES_99 BODY: Bayes spam probability is 99 to 100% 

[score: 1.0000] 

1.9        FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam 

2.1        NSL_RCVD_HELO_USER Received from HELO User 

0.0        FREEMAIL_FROM Sender email is commonly abused enduser mail 

            provider (mrsbin.jabber[at] 


           [ listed in] 

1.3       RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in 

           [Blocked - see  <>] 

2.7       RCVD_IN_PSBL RBL: Received via a relay in PSBL 

            [ listed in] 

0.7       SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 

1.5       SUBJ_ALL_CAPS Subject is all capitals 

1.0       MISSING_HEADERS Missing To: header 

3.2       MILLION_USD BODY: Talks about millions of dollars 

2.6       DEAR_FRIEND BODY: Dear Friend? That's not very dear! 

1.8       US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN) 

0.5       MISSING_MID Missing Message-Id: header 


0.0       LOTS_OF_MONEY Huge... sums of money 


4.4       FROM_MISSP_MSFT From misspaced + supposed Microsoft tool 

1.1       FROM_MISSP_NO_TO From misspaced, To missing 

0.8       RDNS_NONE Delivered to internal network by a host with no 



2.0       FSL_MISSP_REPLYTO Mis-spaced from and Reply-to 

0.1       DECEASED_NO_ML Dead not via mailing list 

4.3       MONEY_FROM_MISSP Lots of money and misspaced From 

1.0       FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different 


1.1      FROM_MISSP_REPLYTO From misspaced, has Reply-To 

0.9      TO_NO_BRKTS_FROM_MSSP Multiple formatting errors 

1.3      FROM_MISSPACED From: missing whitespace 

0.5      FROM_MISSP_EH_MATCH From misspaced, matches envelope 

2.0      FROM_MISSP_URI From misspaced, has URI 

2.8      ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419) 

1.9      FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook 

3.5      ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419) 

3.5      TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool 

2.6      ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money 

3.8      MONEY_FRAUD_5 Lots of money and many fraud phrases 

2.3      FROM_MISSP_FREEMAIL From misspaced + freemail provider 

0.0      ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money 

3.7      MONEY_FRAUD_3 Lots of money and several fraud phrases 

4.4      ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money


 Content analysis details: (83.1 points, 3.0 required)


That's how Spamassassin and others like it work. They read your email, run tests, and rank what they find. It's up to you, or your email administrator, to set the threshold.


83.1 points is bordering on epic in the failure department. I hope things work out for Mrs. Bin Jabber and the Free Syria Army Al-Tawhid Brigade and that her son Abu gets out of prison real soon to cash in on that $90,000,000 inheritance.



Abu, or not Abu, that's your call, and that's Cocktail Talk.




Thank you for reading,



Craig Phillips

CN Consulting, Inc.





CN Consulting, Inc -
Computer Consulting for Business!



CN Consulting Inc. (CNCI) is an independent consulting company formed in 1990 and located within easy reach of both Chicago and Milwaukee.


CNCI maintains a select client base providing consulting services concerning the use of information technology. We persistently look for advantage to our clients in added value and reduced cost made available by advancing technology.


CNCI does not have financial interest in any given product or product line. We evaluate current and emerging technologies solely based on their benefit to our clients. CNCI implements the solutions it recommends and readily partners with companies that offer products and services to the advantage of our clients. CNCI offers complete client support with singular accountability.


We maximize the benefit of our clients' existing technology, systems, and platforms while integrating the benefits provided by new technology.


Business Continuity and Business Development are our goals with Continuity being the foundation of Development.


Forward email

This email was sent to by |  

CN Consulting, Inc. | 23830 112th St | Salem | WI | 53179


This email was sent by the author for the sole purpose of testing a draft message. If you believe you have received the message in error, please contact the author by replying to this message. Constant Contact takes reports of abuse very seriously. If you wish to report abuse, please forward this message to

No virus found in this message.
Checked by AVG -
Version: 2014.0.4335 / Virus Database: 3705/7135 - Release Date: 02/28/14