Received: from nbc_cmg_srv1.xxxxxx [xxxxxx] by mx1.mailpure.com
(SMTPD32-7.15) id AE7913B02A8; Wed, 07 Jan 2004 09:58:01 -0500
Message-ID: <[EMAIL PROTECTED]> <newmsg.cgi?mbx=Main&[EMAIL PROTECTED]>
From: [EMAIL PROTECTED]
To: <xxxxxx> <newmsg.cgi?mbx=Main&[EMAIL PROTECTED]>
Subject: Daily Wake-Up Call
Date: Wed, 7 Jan 2004 08:51:56 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_01BC2B74.89D1CCC0"
X-MailPure: ==================================================================
X-MailPure: IPNOTINMX: Failed, IP is not listed in MX or A records (weight 0).
X-MailPure: NOLEGITCONTENT: Failed, no legitimate content detected (weight 0).
X-MailPure: HELOBOGUS: Failed, bogus connecting server name (weight 4).
X-MailPure: CMDSPACE: Failed, improperly formatted SMTP commands (weight 4).
X-MailPure: ATTACHMENT: Message failed ATTACHMENT test (line 8, weight -3) (weight capped at -3).
X-MailPure: ==================================================================
X-MailPure: Spam Score: 5
X-MailPure: Scan Time: 09:58:19 on 01/07/2004
X-MailPure: Spool File: D1e79013b02a878a3.SMD
X-MailPure: Server Name: nbc_cmg_srv1.xxxxxx
X-MailPure: SMTP Sender: [EMAIL PROTECTED]
X-MailPure: Received From: [xxxxxx]
X-MailPure: ==================================================================
X-MailPure: Spam and virus blocking services provided by MailPure.com
X-MailPure: ==================================================================
X-RCPT-TO: <xxxxxx> <newmsg.cgi?mbx=Main&[EMAIL PROTECTED]>
Status: U
X-UIDL: 373475499
R. Scott Perry wrote:
It took about 1 minute to figure out that this will be a very valuable test as I'm seeing similar hit rates. What matters most though is the type of thing that will FP, and what other tests will generally fail along with it. I'm guessing that an FP with CMDSPACE will probably also tend to FP with BADHEADERS, and I might need to balance that out.
Actually, that's one reason why this test should be so useful. An E-mail should only fail both CMDSPACE and BADHEADERS if [1] the MUA and MTA are the same, and *seriously* broken (as is the case with spamware), or [2] the MUA and MTA are separate, but both broken. #1 is the case with some web mailers, but time should tell whether or not E-mail is likely to fail both tests.
Could you describe that one FP that you found so that I know what to look out for? Was this an instance where some small-time newsletter sender was using the same bad software that the spammers use, or was it something else like some Web script? If it's really rare and tied to an X-Mailer, maybe we could counterbalance it with a filter???
It was sent with Lotus Notes, but connecting to the IP of their mailserver shows "220 SMTP Proxy Server Ready", so they are likely running a special proxy server. Interestingly, the only Google hits for "SMTP Proxy Server Ready" appear to be on servers run by spammers. :)
Regardless, it appears that the FP rate of this thing will far out perform any other technical tests as well as the hit rate. That's HUGE!
It does appear to be huge. Let's hope it really is, and that it lasts. :)
-Scott
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
