104.5 points by spamassassin
Today I got an email that crossed the 100 point line in spamassassin. Note that I also run gray listing, which this message has already passed. These are the categories the message did hit:
Content analysis details: (104.5 points, 5.0 required)
| pts | rule name | description | | 3.5 | BAYES_99 | BODY: Bayes spam probability is 99 to 100% | | 1.6 | FSL_CTYPE_WIN1251 | Content-Type only seen in 419 spam | | 3.6 | NSL_RCVD_FROM_USER | Received from User | | 1.0 | MISSING_HEADERS | Missing To: header | | 3.2 | MILLION_USD | BODY: Talks about millions of dollars | | 3.7 | DEAR_BENEFICIARY | BODY: Dear Beneficiary: | | 1.8 | US_DOLLARS_3 | BODY: Mentions millions of $ ($NN,NNN,NNN.NN) | | 1.2 | MONEY_BACK | BODY: Money back guarantee | | 0.0 | HTML_MESSAGE | BODY: HTML included in message | | 0.0 | LOTS_OF_MONEY | Huge… sums of money | | 1.6 | REPLYTO_WITHOUT_TO_CC | REPLYTO_WITHOUT_TO_CC | | 2.6 | FROM_MISSP_MSFT | From misspaced + supposed Microsoft tool | | 1.5 | FROM_MISSP_NO_TO | From misspaced, To missing | | 0.4 | FSL_NEW_HELO_USER | FSL_NEW_HELO_USER | | 3.7 | AXB_XMAILER_MIMEOLE_OL_024C2 | AXB_XMAILER_MIMEOLE_OL_024C2 | | 0.0 | MSGID_FROM_MTA_HEADER | Message-Id was added by a relay | | 2.6 | MSOE_MID_WRONG_CASE | MSOE_MID_WRONG_CASE | | 2.0 | FSL_MISSP_REPLYTO | Mis-spaced from and Reply-to | | 1.6 | FROM_MISSP_USER | From misspaced, from “User” | | 2.0 | FBI_SPOOF | Claims to be FBI, but not from FBI domain | | 3.7 | MONEY_FROM_MISSP | Lots of money and misspaced From | | 2.1 | FREEMAIL_FORGED_REPLYTO | Freemail in Reply-To, but not From | | 0.9 | FROM_MISSP_REPLYTO | From misspaced, has Reply-To | | 1.1 | TO_NO_BRKTS_FROM_MSSP | Multiple formatting errors | | 1.3 | FROM_MISSPACED | From: missing whitespace | | 3.4 | FM_LOTTO_MONEY | Talks about lotto and large money! | | 0.0 | FBI_MONEY | The FBI wants to give you lots of money? | | 2.0 | FROM_MISSP_EH_MATCH | From misspaced, matches envelope | | 0.0 | FROM_MISSP_URI | From misspaced, has URI | | 2.2 | ADVANCE_FEE_4_NEW | Appears to be advance fee fraud (Nigerian 419) | | 3.6 | MONEY_ATM_CARD | Lots of money on an ATM card | | 3.3 | ADVANCE_FEE_5_NEW | Appears to be advance fee fraud (Nigerian 419) | | 1.9 | FORGED_MUA_OUTLOOK | Forged mail pretending to be from MS Outlook | | 3.5 | ADVANCE_FEE_3_NEW | Appears to be advance fee fraud (Nigerian 419) | | 0.0 | FILL_THIS_FORM | Fill in a form with personal information | | 3.4 | FILL_THIS_FORM_LONG | Fill in a form with personal information | | 3.5 | TO_NO_BRKTS_MSFT | To: misformatted and supposed Microsoft tool | | 0.0 | ADVANCE_FEE_4_NEW_FRM_MNY | Advance Fee fraud form and lots of money | | 0.0 | ADVANCE_FEE_4_NEW_MONEY | Advance Fee fraud and lots of money | | 0.0 | ADVANCE_FEE_4_NEW_FORM | Advance Fee fraud and a form | | 2.8 | ADVANCE_FEE_5_NEW_MONEY | Advance Fee fraud and lots of money | | 2.4 | ADVANCE_FEE_5_NEW_FORM | Advance Fee fraud and a form | | 3.4 | ADVANCE_FEE_5_NEW_FRM_MNY | Advance Fee fraud form and lots of money | | 2.4 | ADVANCE_FEE_3_NEW_FORM | Advance Fee fraud and a form | | 4.4 | MONEY_FRAUD_5 | Lots of money and many fraud phrases | | 4.0 | MONEY_FORM | Lots of money if you fill out a form | | 0.0 | ADVANCE_FEE_2_NEW_FRM_MNY | Advance Fee fraud form and lots of money | | 1.1 | ADVANCE_FEE_3_NEW_FRM_MNY | Advance Fee fraud form and lots of money | | 0.0 | ADVANCE_FEE_2_NEW_FORM | Advance Fee fraud and a form | | 2.5 | ADVANCE_FEE_3_NEW_MONEY | Advance Fee fraud and lots of money | | 0.0 | MONEY_FRAUD_3 | Lots of money and several fraud phrases | | 4.5 | ADVANCE_FEE_2_NEW_MONEY | Advance Fee fraud and lots of money | | 0.0 | FORM_FRAUD_5 | Fill a form and many fraud phrases | | 3.7 | FORM_FRAUD_3 | Fill a form and several fraud phrases |
Now, you probably ask yourself what message actually did hit all of those rules, and here is an excerpt:
Federal Bureau of Investigation (FBI) Counter-terrorism Division and Cyber Crime Division J. Edgar. Hoover Building Washington DC Dear Beneficiary, Series of meetings have been held over the past 7 months with the secretary general of the United Nations Organization. This ended 3 days ago. It is obvious that you have not received your fund which is to the tune of Eight Million and Five Hundred Thousand United State Dollars ($8,500,000.00) due to past corrupt Governmental Officials who almost held the fund to themselves for their selfish reason and some individuals who have taken advantage of your fund all in an attempt to swindle your fund which has led to so many losses from your end and unnecessary delay in the receipt of your fund. […]