I stopped sending email to
people at 2 a.m. when they started answering. People don't check on
their email anymore, their email checks on them.
With smart phones and tablets, people are always
connected. We can't help ourselves, the phone rings we answer,
email comes in we check it, human nature I guess.
Spamassassin traps about 25 unwanted emails a day for
each of my clients. That's 25 less false alarms.
We can usually tell by reading an email if it's bogus,
but how does Spamassassin figure it out so we don't have to read
it?
Spamassassin runs hundreds of tests on each email,
gives each result a score, adds them up and compares them to a
target number. Anything over the number gets the boot.
Spamassassin and I think the email below is bogus.
Read it for yourself and see if you agree. I've grayed out the
nerdy parts but wanted to leave them to show the points assigned
and number of rules violated.
On a scale of 1-10, with 1 being the boy you want your
daughter to date and 10 being the one she does, Spamassassin is set
at a lenient 3.0.
-----Original Message-----
Sent: Tuesday,
February 25, 2014 10:15 AM
Subject: * Marked as Spam * URGENT HELP NEEDED
Dear Friend, I am Mrs. Bin Jabber widow. I am moved to
write you this letter; this was in confidence considering my
present circumstance and situation, I have to escape two of
our sons Abdul Aziz and Al Ramis Jabber and my only daughter
4year old out of Syria. I have been raped and my Husband was
Murder and most of my Family members Killed in this war in Syria by
President Assad Regime. But I have one son Abu Al Ramis Jabber
in the Refugee camp Survived and my late Husband deposited
about $19,000,000. Nineteen Million United States Dollars cash
in our farm in Syria, and another $90,000,000 Dollars cash out
of Syria. I am now a woman fighter I have join the Free
Syria Army banner of the Al-Tawhid Brigade, a 13-strong unit
of the Free Syria Army in Syria's largest city just to protect
the life cash for my children...................
3.5 BAYES_99 BODY: Bayes spam
probability is 99 to 100%
1.9 FSL_CTYPE_WIN1251
Content-Type only seen in 419 spam
2.1 NSL_RCVD_HELO_USER
Received from HELO User
0.0 FREEMAIL_FROM Sender
email is commonly abused enduser mail
provider (mrsbin.jabber[at]outlook.com)
1.4 RCVD_IN_BRBL_LASTEXT RBL:
RCVD_IN_BRBL_LASTEXT
[168.187.145.210 listed in bb.barracudacentral.org]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL:
Received via a relay in bl.spamcop.net
2.7 RCVD_IN_PSBL RBL: Received
via a relay in PSBL
[168.187.145.210 listed in psbl.surriel.com]
0.7 SPF_SOFTFAIL SPF: sender
does not match SPF record (softfail)
1.5 SUBJ_ALL_CAPS Subject is all
capitals
1.0 MISSING_HEADERS Missing To:
header
3.2 MILLION_USD BODY: Talks about
millions of dollars
2.6 DEAR_FRIEND BODY: Dear
Friend? That's not very dear!
1.8 US_DOLLARS_3 BODY: Mentions
millions of $ ($NN,NNN,NNN.NN)
0.5 MISSING_MID Missing
Message-Id: header
3.5 HK_NAME_FM_MR_MRS
HK_NAME_FM_MR_MRS
0.0 LOTS_OF_MONEY Huge... sums of
money
1.6 REPLYTO_WITHOUT_TO_CC
REPLYTO_WITHOUT_TO_CC
4.4 FROM_MISSP_MSFT From
misspaced + supposed Microsoft tool
1.1 FROM_MISSP_NO_TO From
misspaced, To missing
0.8 RDNS_NONE Delivered to
internal network by a host with no
2.0 FSL_NEW_HELO_USER
FSL_NEW_HELO_USER
3.8
AXB_XMAILER_MIMEOLE_OL_024C2 AXB_XMAILER_MIMEOLE_OL_024C2
2.0 FSL_MISSP_REPLYTO
Mis-spaced from and Reply-to
0.1 DECEASED_NO_ML Dead not via
mailing list
4.3 MONEY_FROM_MISSP Lots of
money and misspaced From
1.0 FREEMAIL_REPLYTO
Reply-To/From or Reply-To/body contain different
1.1 FROM_MISSP_REPLYTO From
misspaced, has Reply-To
0.9 TO_NO_BRKTS_FROM_MSSP Multiple
formatting errors
1.3 FROM_MISSPACED From: missing
whitespace
0.5 FROM_MISSP_EH_MATCH From
misspaced, matches envelope
2.0 FROM_MISSP_URI From
misspaced, has URI
2.8 ADVANCE_FEE_4_NEW Appears to
be advance fee fraud (Nigerian 419)
1.9 FORGED_MUA_OUTLOOK Forged mail
pretending to be from MS Outlook
3.5 ADVANCE_FEE_3_NEW Appears to
be advance fee fraud (Nigerian 419)
3.5 TO_NO_BRKTS_MSFT To:
misformatted and supposed Microsoft tool
2.6 ADVANCE_FEE_4_NEW_MONEY
Advance Fee fraud and lots of money
3.8 MONEY_FRAUD_5 Lots of money
and many fraud phrases
2.3 FROM_MISSP_FREEMAIL From
misspaced + freemail provider
0.0 ADVANCE_FEE_3_NEW_MONEY
Advance Fee fraud and lots of money
3.7 MONEY_FRAUD_3 Lots of money
and several fraud phrases
4.4 ADVANCE_FEE_2_NEW_MONEY
Advance Fee fraud and lots of money
Content analysis details: (83.1 points, 3.0
required)
That's how Spamassassin and others like it work. They
read your email, run tests, and rank what they find. It's up to
you, or your email administrator, to set the threshold.
83.1 points is bordering on epic in the failure
department. I hope things work out for Mrs. Bin Jabber and the Free
Syria Army Al-Tawhid Brigade and that her son Abu gets out of
prison real soon to cash in on that $90,000,000 inheritance.
