Jump to content
Sign in to follow this  
ahnah

Spam Clues

Recommended Posts

Binary version is 0.81 (Sep 9 2003). No later version is available.

Got a incoming email and suspect is a spam, so I use this Outllok Addins SpamBayes to "Show spam clues for the current message" and guess what.

Here is the result

spam Score: 0% (4.33839e-005)

word                                spamprob      #ham  #spam

'*H*'                            0.999913            -      -

'*S*'                            7.56128e-012        -      -

'virus'                          0.00386818    1562      0

'latest'                            0.0110276      540      0

'password'                          0.0288344      199      0

'protection'                        0.0377793      149      0

'traffic'                        0.0410937      136      0

'distributed'                    0.0416559      134      0

'email,'                            0.0416559      134      0

'actually'                          0.0434389      128      0

'url:exe'                        0.050668          108      0

'download'                          0.0712583      426      1

'x-mailer:microsoft outlook express 6.00.2800.1106' 0.0723368          72      0

'colleagues'                        0.0732065          71      0

'sample'                            0.0778885          66      0

'board'                          0.0788977          65      0

'page.'                          0.0820886          62      0

'quotation'                      0.0867674          58      0

'blank'                          0.0948793          52      0

'you.'                              0.114184          671      3

'alone'                          0.121351        38      0

'subject:Welcome'                0.126389        36      0

'months.'                        0.131863        34      0

'file'                              0.133993          558      3

'corporate'                      0.134318          382      2

'exhibition'                        0.134781        33      0

'discussed'                      0.137832        32      0

'use'                            0.140669      2511  15

'include:'                          0.141024        31      0

'url:htm'                        0.150424          334      2

'+44'                            0.155073          322      2

'browse'                            0.155422        27      0

'page,'                          0.155422        27      0

'(0)'                            0.155875          320      2

'response'                          0.165562          161      1

'existing'                          0.167232          159      1

'tourist'                        0.173095        23      0

'viewer'                            0.173095        23      0

'point'                          0.180921          144      1

'happy'                          0.185675          258      2

'pages'                          0.185997          139      1

'unable'                            0.189181          136      1

'they'                              0.18966          1870  16

'url:downloads'                  0.190266          135      1

'image'                          0.192476          133      1

'subject.'                          0.195302        19      0

'along'                          0.197052          129      1

'internal'                          0.203087          124      1

'look'                              0.205981          539      5

'publications'                      0.208689        17      0

'sales'                          0.209132          631      6

'when'                              0.210104      1136  11

'thank'                          0.210256          830      8

'website.'                          0.210837          118      1

'web'                            0.211979          922      9

'navigation.'                    0.216095        16      0

'protection.'                    0.224046        15      0

'able'                              0.236268          451      5

'contents.'                      0.241842        13      0

'prompted'                          0.241842        13      0

'sizes'                          0.241842        13      0

'function'                          0.248814        94      1

'effective'                      0.260329          165      2

'back'                              0.26084        548      7

'(just'                          0.26271            11      0

'brochure'                          0.26271            11      0

'demonstrate'                    0.26271            11      0

'url:welcome'                    0.274555        10      0

'information'                    0.275469      1220  17

'customers'                      0.279183          359      5

'brochures'                      0.287519            9      0

'present'                        0.287693          143      2

'viral'                          0.301768            8      0

'welcome'                        0.307841          251      4

'regular'                        0.309902          128      2

'received'                          0.313607      1725  29

'that'                              0.316202      3343  57

'book).'                            0.317503            7      0

'sample.'                        0.317503            7      0

'last'                              0.322531          632  11

'hope'                              0.326952          285      5

'some'                              0.327395          896  16

'forward'                        0.329387          392      7

'any'                            0.334393      2484  46

'download,'                      0.334969            6      0

'generates'                      0.334969            6      0

'with'                              0.335756      3379  63

'side'                              0.335827          113      2

'added'                          0.337711          112      2

'can'                            0.34522          2418  47

'not'                            0.346211      3174  62

'create'                            0.349584          257      5

'once'                              0.351283          355      7

'digital'                        0.352829          154      3

'cd.'                            0.354468            5      0

'enhances'                          0.354468            5      0

'multilingual'                      0.354468            5      0

'are'                            0.355944      3041  62

'two'                            0.360872          484  10

'bring'                          0.363646          194      4

'page'                              0.364999          287      6

'view'                              0.373421          322      7

'catalogue'                      0.376378            4      0

'malta'                          0.376378            4      0

'samples'                        0.376378            4      0

'for'                            0.376797      4122  92

'its'                            0.382383          572  13

'quick'                          0.382795        91      2

'email'                          0.384317      2605  60

'skip:w 20'                      0.390048          342      8

'obtain'                            0.393539        45      1

'see'                            0.393667          962  23

'have'                              0.394698      3033  73

'add'                            0.39777        208      5

'leads'                          0.398267        44      1

'traditional'                    0.616627        65      4

'to:no real name:2**0'              0.620196      3246    196

'header:Date:1'                  0.621144      3398    206

'header:From:1'                  0.621282      3396    206

'proto:http'                        0.625514      3157    195

'cover'                          0.626246        46      3

'url:com'                        0.636343      2905    188

'fast'                              0.643925          117      8

'driven'                            0.652355        26      2

'major'                          0.653987          126      9

'additional'                        0.654601          297  21

'to:addr:globaltravel.com.sg'    0.654651      2881    202

'potential'                      0.654781        97      7

'hearing'                        0.6595          25      2

'proud'                          0.6595          25      2

'great'                          0.679568          252  20

'subscribers'                    0.682919        47      4

'unsubscribe'                    0.699757          461  40

'obligation'                        0.701762            8      1

'phone'                          0.705938          143  13

'header:Received:5'              0.714683      1174    109

'receive'                        0.721599          487  47

'respond'                        0.722082        90      9

'here'                              0.75261        672  76

'rates'                          0.757119        74      9

'wish'                              0.759937          372  44

'questions,'                        0.78665        113  16

'order,'                            0.789145        10      2

'click'                          0.800417          650  97

'hours'                          0.821055          125  22

'instantly'                      0.838092        16      4

'cycle'                          0.844481            5      2

'differ'                            0.863406        12      4

'to:addr:pc'                        0.998431            2    190

someone advise pls ... :blink:

Share this post


Link to post
Share on other sites

here is the header message.

Received: from smtp.globaltravel.com.sg (192.168.1.3 [192.168.1.3]) by gtnt01.globaltravel.com.sg with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2656.59)

id 1XBMW50T; Wed, 11 Feb 2004 20:19:45 +0800

Received: from smtp.globaltravel.com.sg (localhost.localdomain [127.0.0.1])

by smtp.globaltravel.com.sg (8.12.8/8.12.8) with ESMTP id i1BCoNMj027399

for <x>; Wed, 11 Feb 2004 20:50:23 +0800

Received: from localhost.localdomain ([127.0.0.1])

by smtp.globaltravel.com.sg (MailMonitor for SMTP v1.2.2 ) ;

Wed, 11 Feb 2004 20:50:23 +0800 (SGT)

Received: from dswu28.btconnect.com (dswu28.btconnect.com [193.113.154.29])

by smtp.globaltravel.com.sg (8.12.8/8.12.8) with SMTP id i1BCoI3b027395

for <x>; Wed, 11 Feb 2004 20:50:20 +0800

Received: from Office1Computer (actually host 125.194.134.81.in-addr.arpa) by dswu28 with SMTP-CUST (XT-PP); Wed, 11 Feb 2004 12:18:09 +0000

Message-ID: <0458______________________8651[at]Office1Computer>

From: "Digital Web Brochures" <craigharris[at]digitalwebbrochures.com>

To: <x>

Subject: Welcome

Date: Fri, 9 Jan 2004 12:14:51 -0000

MIME-Version: 1.0

Content-Type: multipart/related;

type="multipart/alternative";

boundary="----=_NextPart_000_0452_01C3D6AA.2EF8AF60"

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2800.1106

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

Share this post


Link to post
Share on other sites

someone advise pls ...    :blink:

Advise what? You want to know what all that means?

The Bayes system is looking at every word and assigning a score to it. It does this by "training" on a bunch of email, both good (referred to as ham) and spam. So, a word like Viagra is almost only used in spam, so it gets a lot of points. A word like tomato is mostly used in non-spam, so it gets very few points. The Bayes system constantly adjusts these point values as you tell it what is spam and what is not.

So, that's a big list of words, their point values, and probably the number of times that word has been seen in a ham and in a spam. Bayes really only starts working well after it has been trained on hundreds of messages, both ham and spam.

JT

Share this post


Link to post
Share on other sites

someone advise pls ...    :blink:

Advise what? You want to know what all that means?

The Bayes system is looking at every word and assigning a score to it. It does this by "training" on a bunch of email, both good (referred to as ham) and spam. So, a word like Viagra is almost only used in spam, so it gets a lot of points. A word like tomato is mostly used in non-spam, so it gets very few points. The Bayes system constantly adjusts these point values as you tell it what is spam and what is not.

So, that's a big list of words, their point values, and probably the number of times that word has been seen in a ham and in a spam. Bayes really only starts working well after it has been trained on hundreds of messages, both ham and spam.

JT

Opss ... :P sorry for typo error ... What i mean is that why this email looks as a spam to me but then the score is 0%

and it scores

spam Score: 0% (4.33839e-005)

word spamprob #ham #spam

'*H*' 0.999913 - -

'*S*' 7.56128e-012 - -

'virus' 0.00386818 1562 0

'latest' 0.0110276 540 0

shouldn't it just be a number with decminal instead of alpha numeric ??

Share this post


Link to post
Share on other sites
spam Score: 0% (4.33839e-005)

...

shouldn't it just be a number with decminal instead of alpha numeric ??

That's scientific notation. It really means 0.0000433839 in decimal.

What makes you think the email is spam?

Share this post


Link to post
Share on other sites
spam Score: 0% (4.33839e-005)

...

shouldn't it just be a number with decminal instead of alpha numeric ??

That's scientific notation. It really means 0.0000433839 in decimal.

What makes you think the email is spam?

Unsolicited e-mail is any email message received where the recipient did not specifically ask for it. Here's some good information on unsolicited e-mail or try Network Abuse Clearinghouse or Spamcop.

Quote from http://www.spamcop.net/fom-serve/cache/125.html

Not all bulk/commercial email is spam.

Bulk email can be split into two categories: Opt-in and Opt-out. Opt-in is email that you requested (or at least agreed to receive), and this is what legitimate bulk emailers use (microsoft, deja.com, etc.) Opt-out is a system whereby the sender finds your address in some nefarious way (harvesting addresses from web-sites or public discussion forums), then asks you to request removal if you do not want to receive email. Most people find opt-out email to be offensive and classify it as spam.

First, my boss didn't request for this email, and since in the content of the email says "You have received this e-mail as one of our regular subscribers or we have collected your business card or details from a trade show or exhibition over the last 12 months."

He is sure that he didn't give any business card to this service provider over the last 12 months. This is Number One. ;)

"Legitimate" looking spam

In general, email from reputable companies, such as Microsoft and Amazon are opt-in, and if you receive email purporting to be from a company you would normally consider to be legitimate, you should consider carefully the possibility that you did agree to receive it sometime in the past. If you are sure you did not, then it may be someone attempting to appear to be a representative of the company in question, but who actually does not have the consent of the company. Once in a while, a large, otherwise reputable organization will "accidentally" send out some unsolicited email. The main domain-name registry, Network Solutions, is a noteable example of this. It has in the past sent outright spam and has been widely criticized for this action among spam-fighters. In any case, if you are sure that you did not request the email, then you are well within your rights to report it as spam.

And again, he is so sure that he didn't give business card to this type of business (b'cause internally we have our own digitial brochures. So .. we have the right to report it as spam right ?

Correct me if I am wrong. Thanks, have to go for lunch now. :P

Share this post


Link to post
Share on other sites

I guess you should report it then. :)

Share this post


Link to post
Share on other sites
I guess you should report it then.  :)

Thanks senior, I already reported but the average report time is getting longer and longer .... (I'm a newbie in Linux and SysAdmin).

Share this post


Link to post
Share on other sites
I guess you should report it then.  :)

Thanks senior, I already reported but the average report time is getting longer and longer .... (I'm a newbie in Linux and SysAdmin).

You're welcome. Don't worry about the average reporting time, it's just a way to help convince you to report quickly.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×