re: Citibank phishing email

[Jim Race <caferace () well com>]

SA scored a lovely 16.4 on it for me. :)

X-Spam-Checker-Version: SpamAssassin 2.61-the_well_u
        (1.212.2.1-2003-12-09-exp) on user.well.com
X-Spam-Report:
        *  2.1 RCVD_FAKE_HELO_DOTCOM Received contains a faked HELO hostname
        *  1.0 FROM_ENDS_IN_NUMS From: ends in numbers
        *  0.9 HTML_FONT_INVISIBLE BODY: HTML font color is same as background
        *  0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
        *  0.2 HTML_MESSAGE BODY: HTML included in message
        *  0.9 HTML_40_50 BODY: Message is 40% to 50% HTML
        *  0.5 HTML_IMAGE_ONLY_08 BODY: HTML: images with 600-800 bytes of words
        *  1.1 MIME_BASE64_LATIN RAW: Latin alphabet text using base64 encoding
        *  0.2 MIME_BASE64_NO_NAME RAW: base64 attachment does not have a file name
        *  1.1 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
	*  0.2 HTTP_CTRL_CHARS_HOST URI: Uses control sequences inside a URL 
hostname
        *  0.4 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
        *  2.9 USERPASS URI: URL contains username and (optional) password
        *  4.3 FORGED_THEBAT_HTML The Bat! can't send HTML message only
X-Spam-Status: Yes, hits=16.4 required=5.0 tests=FORGED_THEBAT_HTML,
        FROM_ENDS_IN_NUMS,HTML_40_50,HTML_FONT_INVISIBLE,HTML_IMAGE_ONLY_08,
        HTML_MESSAGE,HTTP_CTRL_CHARS_HOST,MIME_BASE64_LATIN,
        MIME_BASE64_NO_NAME,MIME_BASE64_TEXT,MIME_HTML_ONLY,NORMAL_HTTP_TO_IP,
        RCVD_FAKE_HELO_DOTCOM,USERPASS autolearn=no version=2.61-the_well_u
X-Spam-Level: ****************

-jim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html