[Mimedefang] Missed Spam

Will McCorkle WMcCorkle at dgsystems.com
Thu Aug 14 13:24:00 EDT 2003 

James,

I have received another of the same type of Spam and SA did not even see it.
That seems to be the problem. If you notice in the last email, the Spam was
not even tested. Any clues why? Dave was kind enough to respond with a body
test, but the test did not catch the Spam even though it looks the same. It
may be in the header or how I have SA configured. Any suggestions.

Thanks 
Will

-----Original Message-----
From: James Ralston [mailto:qralston+ml.mimedefang at andrew.cmu.edu]
Sent: Wednesday, August 13, 2003 5:58 PM
To: mimedefang at lists.roaringpenguin.com
Subject: RE: [Mimedefang] Missed Spam


On 2003-08-12 at 08:14:13-0500 Will McCorkle <WMcCorkle at dgsystems.com>
wrote:

> > Remember that some spammers actively test their spam against SA,
> > in order to find ways to construct their spam so that SA won't
> > detect them.  It's a never-ending arms race.
> 
> By looking at the header and source from the previous email do you
> have any suggestions on how to stop this type of Spam.

In my experience, probably the most important thing is to keep
religiously up-to-date with SpamAssassin.  If you aren't running the
latest production version (currently 2.55), upgrade.

Remember, this is an arms race: not only do spammers know about
SpamAssassin, but they constantly try to find ways to design their
spam to evade it.  Meanwhile, the SpamAssassin developers are
constantly improving the rules to more effectively catch spam.

For example, here's what SpamAssassin 2.55 says about your message:

    X-Spam-Level: *****
    X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
    X-Spam-Report:   ---- Start SpamAssassin results
      5.60 points, 5 required;
      *  0.1 -- BODY: HTML font color is red
      *  0.2 -- BODY: HTML has unbalanced "body" tags
      *  0.6 -- BODY: HTML font color is unknown to us
      *  0.1 -- BODY: HTML included in message
      *  0.3 -- BODY: FONT Size +2 and up or 3 and up
      *  0.5 -- BODY: Message is 50% to 60% HTML
      *  0.2 -- RAW: MIME section missing boundary
      *  0.8 -- RAW: Message text in HTML without specified charset
      *  1.6 -- RAW: Message text disguised using base-64 encoding
      *  0.7 -- URI: Uses a dotted-decimal IP address in URL
      *  0.4 -- 'Message-Id' was added by a relay (2)
      *  0.1 -- Message only has text/html MIME parts
      ---- End of SpamAssassin results
    X-Spam-Flag: YES

James

_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

More information about the MIMEDefang mailing list