First, thanks to everyone on the list how has given me a hand over the
past couple of weeks as I get my "sea legs" with spamassassin. It's
working well for me now but I obviously still have more to learn.
For one, I'm still uncertain on the best way to fine tune SA to beat
back some tricky spam. Like this one that comes from a gmail account but
spoofs a fake, expensive order on amazon to try to phish the user.
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from email.dondley.com
by email.dondley.com with LMTP
id Ev9rGkyheWBeegAAB604Gw
(envelope-from <[email protected]>)
for <[email protected]>; Fri, 16 Apr 2021 10:38:04 -0400
Received: by email.dondley.com (Postfix, from userid 115)
id 5EFD521516; Fri, 16 Apr 2021 10:38:04 -0400 (EDT)
Authentication-Results: email.dondley.com;
dkim=pass (2048-bit key; unprotected) header.d=gmail.com
[email protected] header.b="Fi/GiyLT";
dkim-atps=neutral
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
email.dondley.com
X-Spam-Level:
X-Spam-Status: No, score=0.9 required=5.0 tests=BAYES_20,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,GB_FROM_NAME_FREEMAIL,
HTML_MESSAGE,MIME_HTML_MOSTLY,NAME_EMAIL_DIFF,RCVD_IN_DNSWL_NONE,
RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS
shortcircuit=no autolearn=no autolearn_force=no version=3.4.2
X-Spam-Language: en
Received-SPF: Pass (mailfrom) identity=mailfrom;
client-ip=209.85.216.54; helo=mail-pj1-f54.google.com;
[email protected]; receiver=<UNKNOWN>
Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com
[209.85.216.54])
by email.dondley.com (Postfix) with ESMTPS id 9DFB9210C1
for <[email protected]>; Fri, 16 Apr 2021 10:37:53 -0400 (EDT)
Received: by mail-pj1-f54.google.com with SMTP id
kb13-20020a17090ae7cdb02901503d67f0beso3185770pjb.0
for <[email protected]>; Fri, 16 Apr 2021 07:37:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20161025;
h=message-id:date:from:mime-version:subject:to;
bh=tbWgclEtavQLHj3b2u0ycLuH4u7X12CkOv+d/W8zWrs=;
b=Fi/GiyLThBU+Sf1M8Thsh4lWYqGeC2mX1d6uL+5grFufl8EA68jtMePxe1TsIetKPj
oCRdmdkjvxAGFA0Uny2lttK9Xhpmoa38zO0rLmFLN+tzKTHYuKKoiQx6ugByfCpk6A82
QDyDgRp7HpEkA34ztYXqR9Q0MH8eTPPaK7iNTbdq2Sb78PYR+XNX9UVDnWarVSmlQm6N
EwrQKnzaaT4WKuUrmXS8tkGJMLLfWxLQAu0oCxbKwDkjW7yLMVYGl1Zhk7tNjoi2Hk2r
xywZ0v6AyAbSTawCrUN052ps4xjKR/o0CLHrkk+FLbu9wENYbhrDNb/HMRu20aTzEgHn
AvZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:message-id:date:from:mime-version:subject:to;
bh=tbWgclEtavQLHj3b2u0ycLuH4u7X12CkOv+d/W8zWrs=;
b=D4cfDeHF3n8JokVklJNHvyFD04InVRxq/DLHtB+xrMenRQZDQPHMqH5KdJBAgs4hAD
hc1YTl90K8wFUUAicyyzwhAzBTJqqCtmOZJczjjoXj9WXxEBqiJvgB5m2H+UvTejEX/0
AA/Exf6uvfuGP5hsrp7o4i22DBc/FlZDVArJt7wN+u+zjO1+rRFgrfbW6fdWzgYkb6Y2
jV/JTQywhNxSY6XaOSd4AA1i9ZC8LOaqkOLabUy1WI7uEWDOvzaO4MZuBzHi23vmdHlA
weh507+u6rXpN6BarAXZEZxnC+yev86JRqtQjJZL5qTpbjhb2s/1g6wSeRNF1Ri7qIXs
zbfA==
X-Gm-Message-State:
AOAM5322u+9pAxfsMRqYaM8FgbXE+0nBCEZeqd286+mfRDrabuuIhCVe
CLSzPPcNsg+v2Px14I1WF9r5vuoVLtg=
X-Google-Smtp-Source:
ABdhPJw1ixhEhS6bCqFtjizgrTxFo6mCL1fEQPBSzQxIDGkIqIwR7np7Mgjy6ap0Lx6VHje5LfeKwQ==
X-Received: by 2002:a17:90a:5407:: with SMTP id
z7mr10416174pjh.228.1618583872037;
Fri, 16 Apr 2021 07:37:52 -0700 (PDT)
Received: from
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
([104.143.92.92])
by smtp.gmail.com with ESMTPSA id
t15sm5203451pgh.33.2021.04.16.07.37.49
for <[email protected]>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 16 Apr 2021 07:37:51 -0700 (PDT)
Message-ID: <[email protected]>
Date: Fri, 16 Apr 2021 07:37:51 -0700 (PDT)
From: "[email protected]" <[email protected]>
X-Google-Original-From: "[email protected]" <[email protected]>
Content-Type: multipart/alternative;
boundary="===============2707982310301423984=="
MIME-Version: 1.0
Subject: IVK-1250703-9254770 | Apple Watch Series 6 Order Now Confirmed
To: [email protected]
--===============2707982310301423984==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Hello there, S!
This is a test template...
--===============2707982310301423984==
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<!DOCTYPE html>
<html>
<head>
<p style="text-align: center;"><a
href="https://go.pardot.com/unsubscribe/u/272832/9445773a5f7e92b64a4b106d30d12be4ec08e6d19850125ed1a094fe7f00100f/734801457";
target="_blank">List-Unsubscribe</a></p>
</head>
<table class="container" style="margin: auto;" border="0"
cellspacing="0" cellpadding="0" align="center">
<tbody>
<tr>
<td align="center">
<table class="container" style="width: 700px; margin: auto; background:
#fff;" border="0" cellspacing="0" cellpadding="0" align="center">
<tbody>
<tr>
<td>
<table border="0" width="100%" cellspacing="1" cellpadding="20">
<tbody>
<tr>
<td style="text-align: right; margin: 0px; font-family:
Arial,Helvetica,sans-serif; font-size: 16px; color: #000;" valign="top">
<p style="padding: 5px 0 15px 0; margin: 0px;">Your Order | Your
Account | Amazon.com</p>
<p style="padding: 0px 0 10px 0; margin: 0px; font-weight: bold; color:
#d35400;">ORDER NUMBER</p>
<p style="padding: 0px; margin: 0px; font-weight: bold;">#
IVK-1250703-9254770</p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td>
<table border="0" width="100%" cellspacing="1" cellpadding="20">
<tbody>
<tr>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 16px;
color: #000;">
<p style="padding: 0px 0 20px 0; margin: 0px; font-weight: bold;">Dear
S</p>
<p style="padding: 0px 0 20px 0; margin: 0px;">Thank you for shopping
with us. You have ordered the <span style="color: #d35400; font-weight:
bold;">Apple Watch Series 6 Space Gray 44 mm GPS + Cellular</span></p>
<p style="padding: 0px 0 20px 0; margin: 0px;">In-case you require any
change in order or like to cancel we recommend giving us call
immediately at <strong><a style="color: #d35400; font-size: 25px;
text-decoration: none;"
href="tel:18006948073">1-800-694-8073</a></strong></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td>
<table style="background-color: #edecea;" border="0" width="100%"
cellspacing="1" cellpadding="20">
<tbody>
<tr>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 16px;
color: #000;" valign="top" width="70%">
<p style="padding: 0; margin: 0px; font-weight: bold;">Arriving:</p>
<p style="padding: 0; margin: 0px; color: #2ecc71; font-weight:
bold;">Friday, Apr 23</p>
<p style="padding: 0; margin: 0px;">signature is required at
delivery</p>
</td>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 16px;
color: #000;" valign="top">
<p style="padding: 0; margin: 0px; font-weight: bold;">Shipping
Address:</p>
<p style="padding: 0; margin: 0px; color: #2980b9; font-weight:
bold;">288, Star Route</p>
<p style="padding: 0; margin: 0px; color: #2980b9; font-weight:
bold;">Chicago, IL, 60626</p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td>
<table border="0" width="100%" cellspacing="0" cellpadding="20">
<tbody>
<tr>
<td>
<table style="width: 100%;">
<tbody>
<tr>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 14px;
color: #000;" width="50%">Brand</td>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 14px;
color: #000;" width="50%">Apple</td>
</tr>
<tr>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 14px;
color: #000;" width="50%">Color</td>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 14px;
color: #000;" width="50%">Black</td>
</tr>
<tr>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 14px;
color: #000;" width="50%">Model Name</td>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 14px;
color: #000;" width="50%">Apple Watch Series 6 Space Gray 44 mm GPS +
Cellular</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style="padding: 20px;">
<table border="0" width="100%" cellspacing="1" cellpadding="0">
<tbody>
<tr>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 16px;
color: #000;" valign="top" width="50%">Item Sub Total</td>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 16px;
color: #000; font-weight: bold;" valign="top" width="50%">$589.0</td>
</tr>
<tr>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 16px;
color: #000;" valign="top" width="50%">Taxes</td>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 16px;
color: #000; font-weight: bold;" valign="top" width="50%">$47.12</td>
</tr>
<tr>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 16px;
color: #000;" valign="top" width="50%">Shipping & Handling
Charges</td>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 16px;
color: #000;" valign="top" width="50%">FREE</td>
</tr>
<tr>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 16px;
color: #d35400; font-weight: bold; padding-top: 15px;" valign="top"
width="50%">Order Total</td>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 16px;
color: #d35400; font-weight: bold; padding-top: 15px;" valign="top"
width="50%">$636.12</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td>
<table border="0" width="100%" cellspacing="1" cellpadding="20">
<tbody>
<tr>
<td style="font-family: Arial,Helvetica,sans-serif; font-size: 16px;
text-align: center;" valign="top">
<p style="padding: 0; margin: 0;">For any support call us at our
Toll-free Number: <a style="color: #d35400; font-size: 25px;
text-decoration: none; font-weight: bold;"
href="tel:18006948073">1-800-694-8073</a></p>
<p style="text-align: center; border-top: 1px solid #EDECEA; padding:
20px 0 0 0; margin: 0; font-size: 13px;">This email was sent from a
customer service address kindly write us back if you have any concern.
<a
href="https://go.pardot.com/unsubscribe/u/272832/9445773a5f7e92b64a4b106d30d12be4ec08e6d19850125ed1a094fe7f00100f/734801457";
target="_blank">Click here to Unsubscribe</a></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</body>
</html>
--===============2707982310301423984==--
My SA score:
Spam detection software, running on the system "email.dondley.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hello there, S! This is a test template...
List-Unsubscribe
Content analysis details: (1.1 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20%
[score: 0.1335]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at
https://www.dnswl.org/,
no trust
[209.85.216.54 listed in list.dnswl.org]
0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.216.54 listed in wl.mailspike.net]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit (gk5751735[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (gk5751735[at]gmail.com)
0.1 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html
MIME
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature
from
author\'s domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature
from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily
valid
0.9 NAME_EMAIL_DIFF Sender NAME is an unrelated email address
0.0 GB_FROM_NAME_FREEMAIL Freemail spear phish with free mail
0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
And how the hell is google letting this crap flow out of its email
service, anyway?
