Descrepancies between spam scoring

K

keefe007

Verified User
Joined
Dec 25, 2004
Messages
276
I was tweaking my spamassassin rules and settings today and I noticed something strange. I was using spamassassin command-line to test out the spam scoring and I found that the command-line score was different than the score on the original email.

Here's an example from my mailbox:

Code: 
Content preview:  100mg x 10 pills US $ 69.95 buy now http://classyedguide.com.es
   [...] 

Content analysis details:   (6.6 points, 3.5 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 3.5 BAYES_99               BODY: Bayesian spam probability is 99 to 100%
                            [score: 1.0000]
 0.0 STOX_REPLY_TYPE        STOX_REPLY_TYPE
 1.2 DRUG_ED_SILD           BODY: Talks about an E.D. drug using its chemical name
 1.5 URIBL_SBL              Contains an URL listed in the SBL blocklist
                            [URIs: classyedguide.com.es]
 0.3 DRUGS_ERECTILE         Refers to an erectile drug
 0.1 RDNS_NONE              Delivered to trusted network by a host with no rDNS

Here's the command-line version:

Code: 
Content preview:  100mg x 10 pills US $ 69.95 buy now http://classyedguide.com.es
   [...] 

Content analysis details:   (7.9 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 2.0 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
                            [URIs: classyedguide.com.es]
 0.0 STOX_REPLY_TYPE        STOX_REPLY_TYPE
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP
 0.0 DRUG_ED_SILD           BODY: Talks about an E.D. drug using its chemical name
 2.5 URIBL_SBL              Contains an URL listed in the SBL blocklist
                            [URIs: classyedguide.com.es]
 0.6 DRUGS_ERECTILE         Refers to an erectile drug
-0.0 NO_RECEIVED            Informational: message has no Received headers
 2.8 RATWARE_MS_HASH        Bulk email fingerprint (msgid ms hash) found
 0.0 AWL                    AWL: From: address is in the auto white-list

The command-line is doing a better job of scoring. Why? How can i fix this?

Keefe
 
Here's another example, but in this case the server didn't mark it as spam but command-line does think its spam:

Code: 
X-Spam-Status: No, score=0.8 required=3.5 tests=BAYES_50,HTML_MESSAGE,
     MPART_ALT_DIFF,RDNS_NONE,SPF_PASS autolearn=no version=3.2.5

Code: 
Content analysis details:   (6.8 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 1.0 SPF_FAIL               SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom&id=dostopzoil%40terawideband.com&ip=64.18.136.39&r=astra.techwarepc.com]
 0.6 HTML_IMAGE_RATIO_02    BODY: HTML has a low ratio of text to image area
 0.0 HTML_MESSAGE           BODY: HTML included in message
 1.1 MPART_ALT_DIFF         BODY: HTML and text parts are different
 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
                            above 50%
                            [cf: 100]
 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
                            above 50%
                            [cf: 100]
 0.5 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                            [cf: 100]
 
You must log in or register to reply here.
Back
Top