I've been using the "forged wrote" test with deadly efficiency on
all the stock scams. I just cranked that badboy to 5 and not a single
stock scam, save one has made it through. The odd thing about the one that
made it through was that it had a zero score like SA ignored it for some
jacked up reason, but it didn't ignore the others, so I don't know what's
up with that. But the forged wrote rule has really been effective on
emails that otherwise wouldn't get nailed.
At 06:55 PM 11/16/2006 -0600, Chris wrote:
On Thursday 16 November 2006 7:20 am, John Tice wrote:
> I'm seeing stock scams slipping slipping through. Six during the
> night scoring from 3.5-5.0 (threshold at 5.5). Funny thing is that
> they don't have all addresses that usually get hit. The only test
> they're triggering is bayes_95 on the standard tests.
>
> On Nov 15, 2006, at 8:38 PM, Chris wrote:
> > Has anyone besides me noticed a huge increase in spam in the past 3
> > or 4
> > days? My 80 -100/day has gone to over 400/day since Monday.
What rulesets are you running? My setup is even catching the new variation
out that alternates the placement of the letters in the words.
Content analysis details: (6.9 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
4.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
1)
1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
1.2 TVD_FW_GRAPHIC_NAME_MID BODY: TVD_FW_GRAPHIC_NAME_MID
0.0 HTML_MESSAGE BODY: HTML included in message
1.4 HTML_10_20 BODY: Message is 10% to 20% HTML
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
-3.1 BAYES_20 BODY: Bayesian spam probability is 5 to 20%
[score: 0.1939]
0.8 SARE_GIF_ATTACH FULL: Email has a inline gif
1.0 SAGREY Adds 1.0 to spam from first-time senders
--
Chris
Steven Lake
Owner/Technical Writer
Raiden's Realm
www.raiden.net
A friendly web community
