As we learned in the past months the spam filters tests work in different application layers. In a single email sent from a sender to a recipient, we can analyze many possible spam engine alerting contexts:
- Sender Network
- Sender Address
- Email source (html)
- Email source (txt)
- Percentage Text on Images
A spam filter network can focus on a single context, for example SURBL lists each url contained in the email source. Many spam filtering networks are distributed and collaborative: Vipul’s Razor constantly updates a huge list of statistical signatures that can spot spam messages even though they are mutating in form and behaviour. This means that if your are spotted as a spam sender, of if your emails are signed as spam, every client in the Razor is seein your email as spam, until some one marks you as a clean sender again. Getting back from spammer status can be very hard.
For this reasons we should try to send emails as spam free as possible, and only to our mailing list subscriber. Now I analyze with Mailing Check (that incorporates SpamAssassin engine rules set, and incorporates Razor and SURBLS blocklists) the latest spam message that I received this morning:
This are the spam points scored by each single entry
Spam Score – Reason
- 3,6 – Contains a URL listed in the SC SURBL blocklist
- 3,4 – Contains a URL listed in the JP SURBL blocklist
- 3,3 – Contains a URL listed in the AB SURBL blocklist
- 2,6 – Contains a URL listed in the OB SURBL blocklist
- 2,5 – Listed in Razor2
- 1,5 – Razor2 gives engine 8 confidence level above 50%
- 1,5 – Razor2 gives engine 4 confidence level
- 1,5 – Contains a URL listed in the WS SURBL blocklist
- 0,5 – Razor2 gives confidence level above 50%
In this example we see how can be dangerous being listed in SURBL blocklists.
This email gets 20,4 spam points that means a very bad spam rating (it was in my spam folder). Now if we analyze each spam point source we notice that the spam points assigned for high confidence level are few, compared with points assigned for URLS contained into SURBL blocklist. The Razor confidence level means how likely the message is spam. This spam point source is assignerd depending on each email mime part and checked, then Razor gives a score.