About this blog…

I am employed by Netnod as head of engineering, research and development and am among other things chair of the Security and Stability Advisory Committee at ICANN. You can find CV and photos of me at this page.

As I wear so many hats, I find it being necessary to somewhere express my personal view on things. This is the location where that happens. Postings on this blog, or at Facebook, Twitter etc, falls under this policy.

The views expressed on this post are mine and do not necessarily reflect the views of Netnod or any other of the organisations I have connections to.

104.5 points by spamassassin

Today I got an email that crossed the 100 point line in spamassassin. Note that I also run gray listing, which this message has already passed. These are the categories the message did hit:

Content analysis details:   (104.5 points, 5.0 required)

pts rule name description
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
1.6 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
3.6 NSL_RCVD_FROM_USER Received from User
1.0 MISSING_HEADERS Missing To: header
3.2 MILLION_USD BODY: Talks about millions of dollars
3.7 DEAR_BENEFICIARY BODY: Dear Beneficiary:
1.8 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
1.2 MONEY_BACK BODY: Money back guarantee
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge… sums of money
1.6 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
2.6 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
1.5 FROM_MISSP_NO_TO From misspaced, To missing
0.4 FSL_NEW_HELO_USER FSL_NEW_HELO_USER
3.7 AXB_XMAILER_MIMEOLE_OL_024C2 AXB_XMAILER_MIMEOLE_OL_024C2
0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay
2.6 MSOE_MID_WRONG_CASE MSOE_MID_WRONG_CASE
2.0 FSL_MISSP_REPLYTO Mis-spaced from and Reply-to
1.6 FROM_MISSP_USER From misspaced, from “User”
2.0 FBI_SPOOF Claims to be FBI, but not from FBI domain
3.7 MONEY_FROM_MISSP Lots of money and misspaced From
2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
0.9 FROM_MISSP_REPLYTO From misspaced, has Reply-To
1.1 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.3 FROM_MISSPACED From: missing whitespace
3.4 FM_LOTTO_MONEY Talks about lotto and large money!
0.0 FBI_MONEY The FBI wants to give you lots of money?
2.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope
0.0 FROM_MISSP_URI From misspaced, has URI
2.2 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)
3.6 MONEY_ATM_CARD Lots of money on an ATM card
3.3 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419)
1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
3.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
0.0 FILL_THIS_FORM Fill in a form with personal information
3.4 FILL_THIS_FORM_LONG Fill in a form with personal information
3.5 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
0.0 ADVANCE_FEE_4_NEW_FRM_MNY Advance Fee fraud form and lots of money
0.0 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
0.0 ADVANCE_FEE_4_NEW_FORM Advance Fee fraud and a form
2.8 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
2.4 ADVANCE_FEE_5_NEW_FORM Advance Fee fraud and a form
3.4 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of money
2.4 ADVANCE_FEE_3_NEW_FORM Advance Fee fraud and a form
4.4 MONEY_FRAUD_5 Lots of money and many fraud phrases
4.0 MONEY_FORM Lots of money if you fill out a form
0.0 ADVANCE_FEE_2_NEW_FRM_MNY Advance Fee fraud form and lots of money
1.1 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of money
0.0 ADVANCE_FEE_2_NEW_FORM Advance Fee fraud and a form
2.5 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
0.0 MONEY_FRAUD_3 Lots of money and several fraud phrases
4.5 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
0.0 FORM_FRAUD_5 Fill a form and many fraud phrases
3.7 FORM_FRAUD_3 Fill a form and several fraud phrases

Now, you probably ask yourself what message actually did hit all of those rules, and here is an excerpt:

Federal Bureau of Investigation (FBI) Counter-terrorism Division and Cyber Crime Division J. Edgar. Hoover Building Washington DC Dear Beneficiary, Series of meetings have been held over the past 7 months with the secretary general of the United Nations Organization. This ended 3 days ago. It is obvious that you have not received your fund which is to the tune of Eight Million and Five Hundred Thousand United State Dollars ($8,500,000.00) due to past corrupt Governmental Officials who almost held the fund to themselves for their selfish reason and some individuals who have taken advantage of your fund all in an attempt to swindle your fund which has led to so many losses from your end and unnecessary delay in the receipt of your fund. […]