Hi,
Does anyone know the details of the test "TRACKER_ID_BODY"? I recieved two nearly identical SPAM e-mails two minues apart.
The bogus "From:" line was different in each one. The subject and first line of body in the first e-mail was:
> Subject: Cable-TV Filter Lets You Get It ALL-FOR-NOTHING, ID: n498ix02 > ID: 1504zY20
The subject and first line of body in the second e-mail was:
> Subject: Cable-TV Filter Lets You Get It ALL-FOR-NOTHING, ID: r328Ib72 > ID: D524va50
The random gibberish at the end of each SPAM was different but I don't that's relevant to this question (is it)? The question
is, why does the second e-mail score 3.8 for the "TRACKER_IN_BODY" test but the first one does not?
* 3.8 TRACKER_ID BODY: Incorporates a tracking ID number
The tracker_id rule doesn't look for ID's like the one you quoted from the body. It requires at LEAST 24 characters of ID:
20_body_tests.cf:body TRACKER_ID /^[a-z0-9]{6,24}[-_a-z0-9]{12,36}[a-z0-9]{6,24}\s*\z/is
It matches things like this: KxLhORD0SKJpa3oulqJXbSd1tzJASO3ZhxET
