Educause Security Discussion mailing list archives
Re: Image SPAM Increase?
From: Dan Oachs <doachs () GAC EDU>
Date: Wed, 19 Apr 2006 11:30:00 -0500
We too have seen a large increase in these types of messages. Our spam filtering has been good enough lately that when users started to get a few of these per week, they started complaining to us about them. A couple of weeks ago we upgraded SpamAssassin to 3.1.1 from the previous release. At that time we also ran sa-update to get the latest rules for it. Since then I don't think any of those messages have made it past my SpamAssassin rules to my inbox. Here is what spamassassin has to say about the most recent one sent my way: Content analysis details: (26.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.1 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP) 1.1 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry 4.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr 1) 0.1 FORGED_RCVD_HELO Received: contains a forged HELO 2.8 TVD_FW_GRAPHIC_ID1 BODY: TVD_FW_GRAPHIC_ID1 0.1 HTML_90_100 BODY: Message is 90% to 100% HTML 1.1 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME 0.0 HTML_MESSAGE BODY: HTML included in message 3.1 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words 4.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level above 50% [cf: 100] 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [84.61.61.132 listed in dnsbl.sorbs.net] 1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [84.61.61.132 listed in combined.njabl.org] Thanks, Dan Oachs Gustavus Adolphus College
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: Image SPAM Increase? Joe St Sauver (Apr 19)
- <Possible follow-ups>
- Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Ken Connelly (Apr 19)
- Re: Image SPAM Increase? Dan Oachs (Apr 19)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Dave Koontz (Apr 19)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Bruggeman, John (Apr 19)
- Re: Image SPAM Increase? Dave Koontz (Apr 19)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Ken Connelly (Apr 19)
- Re: Image SPAM Increase? Dan Oachs (Apr 19)
- Re: Image SPAM Increase? Les LaCroix (Apr 19)
(Thread continues...)