***SPAM***? [was Re: [SGVLUG] Miss Bobblehead 2.0 (?)]

[Christopher Smith]

matti wrote:
> Spam detection software, running on the system "postman", has
> identified this incoming email as possible spam.  The original message
> has been attached to this so you can view it (if it isn't spam) or label
> similar future email.  If you have any questions, see
> the administrator of that system for details.
>
> Content preview:  hmmmm... so tom, are you gonna get a free copy of ms dev studio?
>    that would be cool! lol, remember folks, I think you can still code open
>   source projects with MS dev studio. [...] 
>
> Content analysis details:   (5.4 points, 5.0 required)
>
>  pts rule name              description
> ---- ---------------------- --------------------------------------------------
>  0.1 RDNS_NONE              Delivered to trusted network by a host with no rDNS
>  0.3 SARE_SUB_OBFU_V        FVGT - subject contains odd letter combination
>  5.0 BOTNET                 Relay might be a spambot or virusbot
> [botnet0.8,ip=67.43.162.226,rdns=mail.realtybrokeroffice.com,maildomain=sgvlug.net,baddns]
>  0.0 BOTNET_BADDNS          Relay doesn't have full circle DNS
>              [botnet_baddns,ip=67.43.162.226,rdns=mail.realtybrokeroffice.com]
>  0.0 BOTNET_SERVERWORDS     Hostname contains server-like substrings
>         [botnet_serverwords,ip=67.43.162.226,rdns=mail.realtybrokeroffice.com]
> -2.6 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
>                             [score: 0.0000]
>  2.6 REPTO_QUOTE_YAHOO      Yahoo! doesn't do quoting like this
>   
Interesting eh? When I first saw that this message was tagged as spam, I
assumed it was the "free " and "MS dev studio" bits that were triggering
it, but the bayesian filter bits of Spam Assassin was the one part
saying "this isn't spam". Any ideas about the rest folks? The
"REPTO_QUOTE_YAHOO" one in particular is amusing.

--Chris