[Mimedefang] Missed Spam

[James Ralston]

On 2003-08-12 at 08:14:13-0500 Will McCorkle <WMcCorkle at dgsystems.com> wrote:

> > Remember that some spammers actively test their spam against SA,
> > in order to find ways to construct their spam so that SA won't
> > detect them.  It's a never-ending arms race.
> 
> By looking at the header and source from the previous email do you
> have any suggestions on how to stop this type of Spam.

In my experience, probably the most important thing is to keep
religiously up-to-date with SpamAssassin.  If you aren't running the
latest production version (currently 2.55), upgrade.

Remember, this is an arms race: not only do spammers know about
SpamAssassin, but they constantly try to find ways to design their
spam to evade it.  Meanwhile, the SpamAssassin developers are
constantly improving the rules to more effectively catch spam.

For example, here's what SpamAssassin 2.55 says about your message:

    X-Spam-Level: *****
    X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
    X-Spam-Report:   ---- Start SpamAssassin results
      5.60 points, 5 required;
      *  0.1 -- BODY: HTML font color is red
      *  0.2 -- BODY: HTML has unbalanced "body" tags
      *  0.6 -- BODY: HTML font color is unknown to us
      *  0.1 -- BODY: HTML included in message
      *  0.3 -- BODY: FONT Size +2 and up or 3 and up
      *  0.5 -- BODY: Message is 50% to 60% HTML
      *  0.2 -- RAW: MIME section missing boundary
      *  0.8 -- RAW: Message text in HTML without specified charset
      *  1.6 -- RAW: Message text disguised using base-64 encoding
      *  0.7 -- URI: Uses a dotted-decimal IP address in URL
      *  0.4 -- 'Message-Id' was added by a relay (2)
      *  0.1 -- Message only has text/html MIME parts
      ---- End of SpamAssassin results
    X-Spam-Flag: YES

James