[SURBL-Discuss] Please test MailPolice Fraud list

Chris cpollock at earthlink.net
Tue Sep 28 03:27:42 CEST 2004


On Monday 20 September 2004 06:20 pm, Jeff Chan wrote:
> Please test the MailPolice Fraud list as Bill described earlier
> (copied below).  We would like to include this data in our
> PH anti-phishing list, but request your help in testing it
> first.
>
> We're particularly interested in any false positives.
>
> Jeff C.
> __

Jeff, I know you're interested in FP's but how about a fraud/phishing spam 
that wasn't tagged by MP?  The message mentions new servers and upgrading 
your account info.


Status: R 
Return-Path: <test at localhost.localdomain>
Received: from localhost.localdomain ([202.82.17.60])
	by tanager.mail.pas.earthlink.net (EarthLink SMTP Server) with ESMTP id 
1cc6Dr2lm3NZFmQ0
	for <cpollock at earthlink.net>; Mon, 27 Sep 2004 18:18:29 -0700 (PDT)
Received: from localhost.localdomain (httpserver [127.0.0.1])
	by localhost.localdomain (8.12.11/8.12.11) with ESMTP id i8S1ISC3018023
	for <cpollock at earthlink.net>; Tue, 28 Sep 2004 09:18:28 +0800
Received: (from test at localhost)
	by localhost.localdomain (8.12.11/8.12.11/Submit) id i8S1IS7M018022;
	Tue, 28 Sep 2004 09:18:28 +0800
Date: Tue, 28 Sep 2004 09:18:28 +0800
Message-Id: <200409280118.i8S1IS7M018022 at localhost.localdomain>
To: cpollock at earthlink.net
Subject: *****SPAM***** Ebay account update to new servers
From: eBay Online Community<support at ebay.com>
Content-Type: text/html
X-ELNK-AV: 0
X-Spam-DCC: sgs_public_dcc_server: cpollock 1199; Body=many Fuz1=many 
	Fuz2=many
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on cpollock
X-Spam-Level: **************************************************
X-Spam-Status: Yes, hits=119.9 required=5.0 tests=AM_BODY_PLING,
	ASKS_BILLING_ADDRESS,BAYES_70,DCC_CHECK,HTML_FONTCOLOR_BLUE,
	HTML_FONTCOLOR_RED,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,
	MIME_HEADER_CTYPE_ONLY,MIME_HTML_NO_CHARSET,MIME_HTML_ONLY,
	NORMAL_HTTP_TO_IP,RM_uwd_affiliate,SARE_FORGED_EBAY,SARE_HTML_FSIZE6 
	autolearn=no version=2.63
X-Spam-Pyzor: Reported 0 times.
X-Spam-Report: 
	*  1.0 AM_BODY_PLING BODY: Body has lots of exclamation points
	*  0.4 ASKS_BILLING_ADDRESS BODY: Asks for a billing address
	*  2.6 BAYES_70 BODY: Bayesian spam probability is 70 to 80%
	*      [score: 0.7408]
	*  0.1 HTML_FONTCOLOR_BLUE BODY: HTML font color is blue
	*  0.1 HTML_MESSAGE BODY: HTML included in message
	*  0.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
	*  0.1 HTML_FONTCOLOR_RED BODY: HTML font color is red
	*  0.2 SARE_HTML_FSIZE6 BODY: Message uses suspicious font size and/or 
color
	*  1.4 MIME_HTML_NO_CHARSET RAW: Message text in HTML without charset
	*  2.4 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
	*  1.3 RM_uwd_affiliate URI: text references affiliate program
	*  2.7 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
	*  1.2 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
	*  2.2 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME 
headers
	*  104 SARE_FORGED_EBAY Message appears to be forged, (ebay.com)
X-Status: N


-- 
Chris
Registered Linux User 283774 http://counter.li.org
8:24pm up 3 days, 54 min, 1 user, load average: 0.78, 0.63, 0.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Avec!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Live - From Virgin Radio UK Canned Heat - On the road again




More information about the Discuss mailing list