Folks, But I've got a question: what's the highest spam score anybody has seen spamassassin assign any particular email (without local fudging for "I never wanna hear from this guy again")? I only keep a month's worth of spam in my just-in-case-it-isn't-spam folders and so far, the highest score I've seen is 69.0. Can anybody top that, and if so, could you post the X-spam-* headers? In part, view111@xxxxxxxxx spammed: > From view111@xxxxxxxxx Tue Jan 30 09:39:55 2007 > Return-Path: <view111@xxxxxxxxx> > X-Spam-Flag: YES > X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on sos > X-Spam-Level: ************************************************** > X-Spam-Status: Yes, score=69.0 required=5.0 tests=BAYES_99,DIGEST_MULTIPLE, > DNS_FROM_SECURITYSAGE,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML, > FORGED_OUTLOOK_TAGS,FROM_ILLEGAL_CHARS,HEAD_ILLEGAL_CHARS,HTML_90_100, > HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG, > HTML_SHORT_LINK_IMG_1,KOREAN_UCE_SUBJECT,MIME_HTML_ONLY, > MIME_HTML_ONLY_MULTI,MSGID_RANDY,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100, > RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_DOUBLE_IP_SPAM, > RCVD_HELO_IP_MISMATCH,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_WHOIS_BOGONS, > RCVD_IN_XBL,RCVD_NUMERIC_HELO,SPF_FAIL,SUBJ_ILLEGAL_CHARS, > URIBL_AB_SURBL,URIBL_SC_SURBL autolearn=spam version=3.1.7 > X-Spam-Report: > * 3.1 KOREAN_UCE_SUBJECT Subject: contains Korean unsolicited email tag > * 4.1 FROM_ILLEGAL_CHARS From: has too many raw illegal characters > * 4.3 SUBJ_ILLEGAL_CHARS Subject: has too many raw illegal characters > * 4.0 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but > * should > * 1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO > * 1.1 SPF_FAIL SPF: sender does not match SPF record (fail) > * [SPF failed: Please see http://www.openspf.org/why.html?sender=view111%40empas.com&ip=211.222.236.197&receiver=sos] > * 1.6 HEAD_ILLEGAL_CHARS Headers have too many raw illegal characters > * 0.1 HTML_90_100 BODY: Message is 90% to 100% HTML > * 0.0 HTML_MESSAGE BODY: HTML included in message > * 3.1 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words > * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% > * [score: 1.0000] > * 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts > * 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level > * above 50% > * [cf: 100] > * 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) > * 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% > * [cf: 100] > * 3.7 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) > * 2.4 RCVD_IN_WHOIS_BOGONS RBL: CompleteWhois: sender on bogons IP block > * [185.197.134.152 listed in combined-HIB.dnsiplists.completewhois.com] > * 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > * [Blocked - see <http://www.spamcop.net/bl.shtml?211.222.236.197>] > * 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL > * [211.222.236.197 listed in sbl-xbl.spamhaus.org] > * 1.5 DNS_FROM_SECURITYSAGE RBL: Envelope sender in > * blackholes.securitysage.com > * 3.8 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist > * [URIs: mireene.com] > * 4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist > * [URIs: mireene.com] > * 2.9 MSGID_RANDY Message-Id has pattern used in spam > * 3.7 RCVD_DOUBLE_IP_SPAM Bulk email fingerprint (double IP) found > * 0.8 DIGEST_MULTIPLE Message hits more than one network digest check > * 2.7 FORGED_OUTLOOK_HTML Outlook can't send HTML message only > * 1.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag > * 2.5 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format > * 0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME > * parts > * 0.9 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image > * 4.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook Thanks, -S
