Worst spam ever!
I just received what I believe to be the worst SPAM mail I have ever received.
Normally these goes directly to my SPAM folder, and then I delete them in batches once a day, but when I went to empty the SPAM folder this morning there were an email, that looked so different from the usual SPAM mails I get.
I’ve never seen a subject line like this:
¥þ·s^¤å§Ö³t°O¾Ðªk¤W¥«¡A·Q¤É¦n¾¦ì®³¦n¦¨ÁZ´N§Ö¨Ó§a~
And it was from ¼B§»°¶
Go figure….
Normally the subject line would be something like “Hello”, “About last night”, “The movie you was talking about” and all sorts of other subject lines crafted to make them look like they came from a friend - but not this one.
I’ve had problems in the past with getting my SpamAssassin score below 5.0 (which is the default threshold where SPAM Assassin tags an email as spam) simply because I write about earning money, success, health and so on.
This guy obviously didn’t have these concerns - he scored a whopping 60.7 
Not 5.1 or 5.2, but 60.7
Content analysis details: (60.7 points, 5.0 required)pts rule name description
---- ---------------------- --------------------------------------------------
0.4 X_PRIORITY_HIGH Sent with 'X-Priority' set to high
2.9 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters
4.5 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
4.4 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
4.3 SUBJ_ILLEGAL_CHARS Subject: has too many raw illegal characters
2.4 DATE_IN_FUTURE_96_XX Date: is 96 hours or more after Received: date
1.6 HEAD_ILLEGAL_CHARS Headers have too many raw illegal characters
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
0.2 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
1.6 HTTP_EXCESSIVE_ESCAPES URI: Completely unnecessary %-escapes inside
a URL
1.1 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.9 FRONTPAGE RAW: Frontpage used to create the message
2.4 RCVD_IN_WHOIS_BOGONS RBL: CompleteWhois: sender on bogons IP block
[180.132.252.132 listed in combined-HIB.dnsiplists.completewhois.com]
3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[85.104.43.249 listed in sbl-xbl.spamhaus.org]
1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[85.104.43.249 listed in combined.njabl.org]
1.6 URIBL_SBL Contains an URL listed in the SBL blocklist
[URIs: email104.com]
4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: email104.com]
2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: email104.com]
4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
[URIs: email104.com]
3.7 RCVD_DOUBLE_IP_SPAM Bulk email fingerprint (double IP) found
2.7 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
0.4 UPPERCASE_50_75 message body is 50-75% uppercase
1.6 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
4.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
SpamPal caught is as well:
X-RegEx-Score: 993.1
X-RegEx-Warning: spam (993.1 > 499.9)
X-RegEx: [220.0] SUBJ_FULL_OF_8BITS Subject is full of 8-bit characters
X-RegEx: [59.6] FROM_AND_RECEIVED_DO_NOT_MATCH FQDN in From and Received header do not match
X-RegEx: [150.0] PRONOUNCE_BODY This can nobody pronounce
X-RegEx: [10.0] MY_PLING_QUESTION 3 Ausrufezeichen oder 3 Fragezeichen (besonders wichtig o. besonders dumm)
X-RegEx: [100.0] Body: EMail ohne persönliche Anrede
X-RegEx: [137.2] BULK_EMAIL Talks about bulk email
X-RegEx: [50.1] FRONTPAGE Frontpage used to create the message
X-RegEx: [46.1] HTTP_WITH_EMAIL_IN_URL 'remove' URL contains an email address
X-RegEx: [110.0] HTTP_ESCAPED_HOST Uses %-escapes inside a URL's hostname
X-RegEx: [110.1] HTTP_EXCESSIVE_ESCAPES Completely unnecessary %-escapes inside a URL
Hmm, I guess this guy is one of the blind people in SPAM land - he’s certainly not a one-eyed king
Add comment February 24th, 2006