[Bug 6064] New: false positive: el-al e-ticket

Wed, 11 Feb 2009 06:10:34 -0800 

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6064

           Summary: false positive: el-al e-ticket
           Product: Spamassassin
           Version: 3.2.5
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Rules
        AssignedTo: [email protected]
        ReportedBy: [email protected]


Created an attachment (id=4433)
 --> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4433)
El-Al e-ticket

This airline e-ticket is particularly egregiously malformed, and at the same
time rather important for the recipient. It scores

score 10.7 from SpamAssassin-3.2.5-730418
* -4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
*      medium trust
*      [82.150.225.79 listed in list.dnswl.org]
*  1.2 LOW_PRICE BODY: Lowest Price
*  1.8 SUBJ_ALL_CAPS Subject is all capitals
*  0.8 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags
*  2.7 HTML_OBFUSCATE_20_30 BODY: Message is 20% to 30% HTML obfuscation
*  0.0 HTML_MESSAGE BODY: HTML included in message
*  2.8 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
*  2.0 ADVANCE_FEE_2 Appears to be advance fee fraud (Nigerian 419)
*  1.9 UPPERCASE_75_100 message body is 75-100% uppercase
*  1.4 ADVANCE_FEE_3 Appears to be advance fee fraud (Nigerian 419)

It seems that amadeus.net provide e-ticket services for more airlines than just
el-al and their messages' filthy encoding means they frequently score more than
5. From my logs...

HTML_MESSAGE,HTML_NONELEMENT_30_40,HTML_TAG_BALANCE_BODY,MIME_BASE64_TEXT,RCVD_IN_DNSWL_MED,SUBJ_ALL_CAPS,UPPERCASE_75_100
HTML_MESSAGE,HTML_OBFUSCATE_10_20,HTML_TAG_BALANCE_BODY,MIME_BASE64_TEXT,RCVD_IN_DNSWL_MED,SUBJ_ALL_CAPS,UPPERCASE_75_100
HTML_MESSAGE,HTML_TAG_BALANCE_BODY,MIME_BASE64_TEXT,RCVD_IN_DNSWL_LOW,SUBJ_ALL_CAPS,UPPERCASE_75_100
ADVANCE_FEE_2,ADVANCE_FEE_3,HTML_MESSAGE,HTML_OBFUSCATE_20_30,HTML_TAG_BALANCE_BODY,LOW_PRICE,MIME_BASE64_TEXT,SUBJ_ALL_CAPS,UPPERCASE_75_100

I'm not sure whether the best solution is to whitelist them or if the
collective wisdom of the SA developers and users has a better idea


-- 
Configure bugmail: 
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Reply via email to