spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthew Newton <>
Subject Hotmail message scored high: bug?
Date Wed, 02 Feb 2005 15:00:11 GMT

I have been asked why this message got such a "high" score. It seems to
mainly be because of the

	3.9 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS Outlook

rule. On first inspection I thought that the message was forged (see the
phx.gbl domain), but after creating a test hotmail account myself,
messages I send from that have this strange domain, too.

My guess is that the message was sent using Outlook Express directly to
Hotmail (I think this can be done if you pay for your hotmail account?).
This would explain the Outlook headers while the mail actually came from

Have tried to obfuscate minimal details to hide original sender (data
protection and all that), but apart from that all headers as supplied to
me are below.

Any ideas? Is this a bug in SA?



Received: from ([]) by
  with Microsoft SMTPSVC(6.0.3790.211);
	 Tue, 1 Feb 2005 14:04:22 +0000
Received: from ([]
	by with esmtp (Exim 4.44)
	id 1Cvydg-00006G-HI
	for; Tue, 01 Feb 2005 14:04:22 +0000
Received: from mail pickup service by with Microsoft SMTPSVC;
	 Tue, 1 Feb 2005 06:03:00 -0800
Message-ID: <BAY24-DAV1127CAA5A8C67204BD458ABE7D0@phx.gbl>
Received: from xx.xx.xx.xx by BAY24-DAV11.phx.gbl with DAV;
	Tue, 01 Feb 2005 14:02:49 +0000
X-Originating-IP: [xx.xx.xx.xx]
X-Originating-Email: []
From: "removed" <>
To: <>
Subject: removed
Date: Sun, 24 Oct 2004 17:45:00 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-OriginalArrivalTime: 01 Feb 2005 14:03:00.0441 (UTC)
X-Spam-Score: (+++++) 5.4
X-Spam-Report: This e-mail has been scored by SpamAssassin 3.0.2
	Pts Rule name              Description
	---- ---------------------- ---------------------------------------
	-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
	1.4 DATE_IN_PAST_96_XX     Date: is 96 hours or more before Received: date
	0.0 HTML_30_40             BODY: Message is 30% to 40% HTML
	0.0 HTML_MESSAGE           BODY: HTML included in message
	0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60% [score: 0.5000]
	0.1 MSGID_FROM_MTA_HEADER  Message-Id was added by a relay
	3.9 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS Outlook

Matthew Newton <>

UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom

View raw message