Re: [Declude.JunkMail] Any suggestions on some tests ??

Tue, 16 Dec 2003 15:29:30 -0800

If you have Declude JunkMail Pro, then the custom filters shared on my site are all generally good at detecting this sort of thing. This one in particular would have been it by DYNAMIC, FOREIGN, TLD-WESTERNEUROPEAN, and TLD-MIDDLEEASTERN for a total of 9 points (or 90% of fail weight according to recommended scoring) between those filters alone.

http://www.mailpure.com/software/decludefilters/

The subject is also base64 encoded Latin-1 (normal text), and that can be filtered as well, though there are some rare occurrances where this can be used with foreign languages utilizing high-bit characters.

SUBJECT 8 CONTAINS iso-8859-1?b?

Matt



Alejandro Valenzuela wrote:

Is there any test on declude that will detect this ??
beside ipr4 tests ??

only failed one test, not enough to tag it as spam... (on WEIGHT=10)


Received: from worldonline.de [80.230.246.63] by mail.fanosa.com with ESMTP
(SMTPD32-8.04) id A910153400AA; Mon, 15 Dec 2003 23:24:48 -0500
To: [EMAIL PROTECTED]
MIME-Version: 1.0
User-Agent: Mozilla/5.001 (windows; U; NT4.0; en-us) Gecko/25250101
Subject:
=?iso-8859-1?b?VHJ5IFNvbWUgVmlhZ3JcYSEgSGFyZCBhcyBhIFBvbGUgaW4gMTUgbWludXRlc
w==?=
From: "Darrell Middleton" <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Date: Tue, 16 Dec 2003 05:29:24 +0000
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0889_494E5F41.4FA5DE8F"
X-RBL-Warning: SORBS_DUL: Dynamic IP Address See:
http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=80.230.246.63
X-Declude-Sender: [EMAIL PROTECTED] [80.230.246.63]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for
spam.
X-Spam-Tests-Failed: SORBS_DUL, IPNOTINMX, NOLEGITCONTENT [4]
X-Country-Chain: X-Date-Time: 12/15/2003 @ 23:24:51
X-Note: This E-mail was sent from cable-246-63.inter.net.il
([80.230.246.63]).
X-IMAIL-SPAM-URL-DBL: www.545dre2c.com
X-RCPT-TO: <DELETED>
Status: U
X-UIDL: 365550799

<html><body>
<center><!--4veh7o3diyt--><a href="http://www.545dre2c.com?rid=1097";>
<!--srq13mYftm2B-->
<img src="http://www.test57v6.com/a7.gif"; border=0></a></center>
</html></body>




---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Reply via email to