We're testing an incarnation of SpamAssassin on our network (with good results, I might add, following a bit of tweaking). Just today, the FYI Newsletter got hit by the spam filter.
For those that aren't familiar with SA, it assigns points to messages based on certain header properties, phrases, and combinations of those. If the total number of points is greater than some threshold (usually 5.0), it triggers a hit. It is also quite popular. I'm sure several resellers are using it. Hence, I'm sure several resellers had difficulty reading the report. Here is the report that SA generated for the message: SPAM: -------------------- Start SpamAssassin results ---------------------- SPAM: This mail is probably spam. The original message has been altered SPAM: so you can recognise or block similar unwanted mail in future. SPAM: See http://spamassassin.org/tag/ for more details. SPAM: SPAM: Content analysis details: (5.50 hits, 5 required) SPAM: NO_REAL_NAME (1.3 points) From: does not include a real name SPAM: MIME_BOUND_EQS_DASHES (1.0 points) Spam tool pattern in MIME boundary SPAM: TO_BE_REMOVED_REPLY (0.4 points) BODY: Says: "to be removed, reply via email" or similar SPAM: DOMAIN_BODY (0.3 points) BODY: Domain registration spam body SPAM: CLICK_BELOW (0.3 points) BODY: Asks you to click below SPAM: PRIVACY_STATEMENT (0.2 points) BODY: Contains a Privacy Statement SPAM: SPAM_PHRASE_05_08 (1.6 points) BODY: Spam phrases score is 05 to 08 (medium) SPAM: [score: 6] SPAM: HTML_COMMENT_UNIQUE_ID (0.1 points) BODY: Contains a comment with nothing but unique ID SPAM: CLICK_HERE_LINK (0.3 points) BODY: Tells you to click on a URL SPAM: MAILTO_LINK (0.2 points) BODY: Includes a URL link to send an email SPAM: SUPERLONG_LINE (0.0 points) BODY: Contains a line >=199 characters long SPAM: SUSPECT_LIST_HEADERS (-0.2 points) Mailing list headers are suspicious SPAM: SPAM: -------------------- End of SpamAssassin results --------------------- As mentioned, the default SpamAssassin triggers a hit at 5.0 or greater.. so this was a marginal failure. But, from the report, I see that the SA rating of the newsletters could be easily reduced. NO_REAL_NAME is trivial, and, alone would (in this case) save 1.3 points.. enough to knock the message under 5.0. As for DOMAIN_BODY... well... probably not much we can do about that. :-) Most of the CLICK_HERE and MAILTO_ cruft could be eliminated, too. This is just.. uhh.. FYI. :-) - Ryan -- Ryan Thompson <[EMAIL PROTECTED]> SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America
