On Mon, 2009-07-27 at 14:51 +0100, rich...@buzzhost.co.uk wrote: > http://pastebin.com/m2cbc0965 > > This is scoring way low. Coming in from Hotmail (I would love to > blacklist these but some people just insist on using it).
Scores a healthy 13 here. Mostly using custom rules.
X-Spam-Report:
* 1.8 MILLION_EURO BODY: Talks about millions of Euros
* 0.0 RELAY_US Relayed through United States
* 0.5 FREEMAIL_FROM From-address is freemail domain
* (laszlomezesesp68[at]msn.com)
* 2.0 FREEMAIL_REPLYTO Different freemail address found in Reply-To or
* Body than From (laszlomezesesp68[at]msn.com,
* urbanizacion70[at]aol.com)
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 3.0 JM_SOUGHT_FRAUD_3 Body contains frequently-spammed text patterns
* 0.5 FREEMAIL_REPLYFREE Sent from non-freemail address, replies go to
* freemail address
* 3.0 AE_DETAILS_WITH_MONEY Has form and mentions much money
* 2.5 AE_DETAILS_WITH_EMAIL Has form and gives handy email to send it
back
* to
Freemail.pm and the JM_SOUGHT rules should be easy enough for you to
find. I also used these local rules (some shamelessly copied off this
forum):
body MILLION_EURO
/\b(million|hundred.{0.40}\bthousand)\b.{0,40}\b(euro|pound)s?\b/i
describe MILLION_EURO Talks about millions of Euros
score MILLION_EURO 2.391 1.777 1.501 1.528
body __TRMB_YOUR_NAME
/(^|\W)(your(\s+|\s+\w+\s+)names?|last.name:|full.names?|surname|Prenom|fullname|names?
in full|with your.? Serial No|Confirmation Email
Serial|Names?(\s+:|:)|Receiver name)(_|\W)/i
body __TRMB_YOUR_ADDRESS
/(^|\W)((your|home|residential)(\s+|\s+\w+\s+)add(re|ere)ss|Adresse|Location|Country:|(contact|full)
address|Marital Status:|Occupation:|your current
telephone|(tel|phone):(|\s+)([^0-9\+])|Tel:|Phone:___|Telephone
(number|\#:)(|\s+)([^0-9\+]))(\W|_)/i
body __TRMB_YOUR_AGE /(^|\W)(Your age|age:|age.)(\W|_)/i
body __TRMB_YOUR_OCCUPATION /(^|\W)((Your
|)occupation|Profession)(\W|_)/i
body __TRMB_YOUR_BLOBBY_DETAILS /(^|\W)(FULL
NAMES?.*ADDRESS.*PHONE NUM|PHONE AND FAX NUMBER|your telephone.fax|your full
Contact Details|send us your fullnames? and address|your mobile numbers?|Please
reply if you are willing to help me save|send the following
informations?|Provide your email address.? Phone Number)/i
body __TRMB_OTHER_DETAILS /\W(with your Full Contact
informations?|contact the application desk)\W/i
meta __TRMB_YOUR_DETAILS ((__TRMB_YOUR_NAME ||
__TRMB_OTHER_DETAILS) && (__TRMB_YOUR_ADDRESS || __TRMB_YOUR_AGE ||
__TRMB_YOUR_OCCUPATION) || __TRMB_YOUR_BLOBBY_DETAILS )
meta AE_DETAILS_WITH_MONEY __TRMB_YOUR_DETAILS && (MILLION_EURO ||
MILLION_USD || US_DOLLARS_3 || NA_DOLLARS || FRT_DOLLAR || AE_GBP ||
__FRAUD_DBI)
describe AE_DETAILS_WITH_MONEY Has form and mentions much money
meta AE_DETAILS_WITH_EMAIL __TRMB_YOUR_DETAILS && __HAS_ANY_EMAIL
describe AE_DETAILS_WITH_EMAIL Has form and gives handy email to send it back
to
score AE_DETAILS_WITH_MONEY 3.0
score AE_DETAILS_WITH_EMAIL 2.5
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
www.austinenergy.com
signature.asc
Description: This is a digitally signed message part
