Please, do not paste a gigantic blob of multipart MIME messages. Put it
up somewhere, raw, and simply provide a link.

On Sat, 2008-02-16 at 18:44 -0800, Philip Prindeville wrote:
> Anyway, I have no idea why I'm seeing some of these scores. URL matches
> when there aren't even URL's in my message?

There are. Self-inflicted. The ones in square brackets with the leading
550 code, which you seem to keep sending back and forth.

> A 2.6 score on BAYES_00? URIBL_JP_SURBL and URIBL_OB_SURBL? And what
> the heck is DNS_FROM_OPENWHOIS???

Well, if you don't mind having a second look, that is MINUS 2.6 for
Bayes. What's wrong with that?

Regarding your SURBL questions... Yes. Wait, you where hoping for more?
Without any actually asked question? OK, good then. The domain is listed in these RBLs, as the results tell you. See for more.

Oh, and DNS_FROM_OPENWHOIS probably is, which
gives you a hint about what it actually is. The hit itself pretty much
mentions this...

> TVD_STOCK1? There's no mention of stock anywhere in the message.

>From a quick glimpse of the code, it appears to identify common words

used in stock (as in stock exchange, pump-n-dump penny stocks) spam. It
does not search for the word "stock". Just as pretty much no rule in SA
ever searches for single words only...

> Why am I seeing all of these bogus matches?

>From what I can tell, and what you sent us, they don't appear to be


> I looked on the wiki for some of these, but couldn't find descriptions.
> What should I do? Just block their domain? I don't want to deal with
> their misconfiguration issues.

Apparently you already exchanged messages? Try not sending the offensive
mail in question. Put it up somewhere as reference, if need be. Hmm,
sounds familiar...


char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a \x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}