Matt Kettler wrote:
Well YOUR message didn't trigger the minimum, but who knows what the spam would have scored.
Actually the Spam message looks a great deal like the Real McCoy. To the untrained eye, it is a Phisher used to Capture Account information.
OK so the message didn't trigger as SPAM. I need to figure out how to detect the Phisher, and ALWAYS trigger the SPAM sensor.
Remember, a nonspam message quoting spam is not the same thing as a spam itself.. The headers are different, and the changes to the body text both drop the bayes score considerably.
Perhaps it's not the SURBL Test. But as in the following example, the first half of this http reference is not even close to the displayed URL, thus the nature of the Phisher:
<a target="_blank"
href="http://211.202.3.208/event_1201/popup.files/.eBay/eBayISAPI.php?MfcISAPICommand=SignInFPP&UsingSSL=1&email=&userid=";>
http://scgi.ebay.com/verify_id=ebay&fraud alert id code=00937614</a>
Is this programmable in SPAM Assassin?
--
Albert E. Whale, CISSP - Sr. Security, Network, and Systems Consultant
--------------------------------------------------------------------------------
http://www.abs-comptech.com & http://www.No-JunkMail.com ABS Computer Technology, Inc. - ESM, Computer & Networking Specialists
SPAM ZapperTM - No-JunkMail.com - Spam-Zapper.com - SPAM Stops Here.
President of the Pittsburgh InfraGard
