spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Babes in blue spam

Babes in blue spam

From: mdunlap <mdunlap_at_nospam>
Date: Tue Oct 12 2010 - 20:09:51 GMT
To: <users@spamassassin.apache.org>

I've had problems sa-learning some particular emails that have some ASCII
escape characters, I've been getting this email that passes right through
the filter Subject: (¯`·._..babes_in_blue^(TM).._.·´¯) sa-learn won't
recognize it as an actual email message, I'm pretty sure these characters
"(¯`·._.." are escaping it some how. Any ideas? These spammers have found a
way to bypass spam detection because spam assassin wont even recognize it.
Can you guys make any sense of it?

HERE is the header and part of the message
Sorry for the long message

**** = PRIVATE

EMAIL MESSAGE FOLLOWING:
>From sentto-18285213-11044-1286902726-****=**********.com@returns.groups.y
ahoo.com Tue Oct 12 12:58:57 2010
Return-Path: <sentto-18285213-11044-1286902726-****=**********.com@returns
.groups.yahoo.com>
X-Original-To: ******@*********.com
Delivered-To: ****@************.com
Received: by ****.************.com (Postfix, from userid 1007)
        id 5E787148747; Tue, 12 Oct 2010 12:58:57 -0500 (CDT)
Received: from n11a.bullet.mail.re1.yahoo.com
(n11a.bullet.mail.re1.yahoo.com [6
9.147.103.202])
        by ****.*****************.com (Postfix) with SMTP id 862A8148738
        for <****@************.com>; Tue, 12 Oct 2010 12:58:56 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoogroups.com;
s=lima;
 t=1286906334; bh=Vx7jbclFmuTITqNxyo24HW7EE5V6YSRDsu0R60Mgifg=;
h=Received:X-YGr
oups-GS:Received:Received:X-Yahoo-Newman-Id:Received:Received:Received:DKIM-Sign
ature:Received:Received:Received:X-Sender:X-Apparently-To:X-Received:X-Received:
X-Received:X-Received:Message-ID:X-YMail-OSG:X-Received:X-Mailer:To:In-Reply-To:
X-Originating-IP:X-eGroups-Msg-Info:From:X-Yahoo-Profile:X-eGroups-Approved-By:S
ender:MIME-Version:Mailing-List:Delivered-To:List-Id:Precedence:List-Unsubscribe
:Date:Subject:X-Yahoo-Newman-Property:Content-Type;
b=UNixEqO/0hA7Kwx/7Ik4qIzL5V
HnIbmUT1tnIOHdUCMbycBwFLL2V7FzvU2gm8zwaNAyY6HwjAYU3JoJGnNQGyjUsqxT2zgtaYd2FpvS3V
LbqOCVyZ8j77cydz3hf4Z5
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=lima;
d=yahoogroups.com;
       
b=qFovTT1kWcL7xslU9dEYvO8rbYGrntbkEUpgkIuEeIsrdA+k3R3Dv3q0qdMSrutt0PJdXd
B81oMoMqr8VB08a4uw2JFOD56LrTJkQFRPAmQnhw+vK8F9T+C3RBh8ZSaX;
Received: from [67.195.134.226] by n11.bullet.mail.re1.yahoo.com with
NNFMP; 12
Oct 2010 17:58:54 -0000
X-YGroups-GS:
oSOdkYn4Ur6QPNcn9ojm4cHms2flyrhqf4eqWHem22jq8PZfdWCxuUS3.DWKEDddoU
tu2GWHuFUspxFLH9aEjDlF_VaxNe3bgTGUbExhYp_7m5egCXo5MhZtxk5BrOwKuFCcb8EeL.jy9b3PU8
1jBfukQkh8fi5qobpmYdraGaDhoxrDXoNAsEeEmAs-
Received: from [69.147.65.147] by s1.bullet.mail.sp2.yahoo.com with NNFMP;
12 Oc
t 2010 17:58:47 -0000
Received: from [66.196.94.60] by t10.bullet.mail.sp1.yahoo.com with NNFMP;
12 Oc
t 2010 17:58:43 -0000
X-Yahoo-Newman-Id: 18285213-m11044
Received: (qmail 89732 invoked from network); 12 Oct 2010 16:42:10 -0000
Received: from unknown (66.196.94.106)
  by m10.grp.re1.yahoo.com with QMQP; 12 Oct 2010 16:42:10 -0000
Received: from unknown (HELO n4-vm6.bullet.mail.sp2.yahoo.com)
(67.195.135.100)
  by mta2.grp.re1.yahoo.com with SMTP; 12 Oct 2010 16:42:08 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoogroups.com;
s=lima;
 t=1286901706; bh=Vx7jbclFmuTITqNxyo24HW7EE5V6YSRDsu0R60Mgifg=;
h=Received:Recei
ved:Received:X-Sender:X-Apparently-To:X-Received:X-Received:X-Received:X-Receive
d:Message-ID:X-YMail-OSG:X-Received:X-Mailer:Date:To:In-Reply-To:MIME-Version:Co
ntent-Type:X-Originating-IP:X-eGroups-Msg-Info:From:Subject:X-Yahoo-Group-Post:X
-Yahoo-Profile:X-YGroups-SubInfo:Sender:X-Yahoo-Newman-Property:X-eGroups-Approv
ed-By:X-eGroups-Auth;
b=VWOQmQnKgQFfz1wMRfKHUIKvaB+SYW5IJEUXWkTYRO2TFd+kdKJCGKg/
FRJhPzRqwXpeu1y9URkjyBgH+mqfVIWLOZHaEOwnQc1tJPkR26rd7qiCrx4VMywpD8qMp2kZ

Received: from [67.195.134.48] by n4.bullet.mail.sp2.yahoo.com with NNFMP;
12 Oc
t 2010 16:41:45 -0000
Received: from [69.147.65.174] by t1.bullet.mail.sp2.yahoo.com with NNFMP;
12 Oc
t 2010 16:41:45 -0000
Received: from [98.137.34.184] by t12.bullet.mail.sp1.yahoo.com with
NNFMP; 12 O
ct 2010 16:41:45 -0000
X-Sender: samsung.sam123@yahoo.com
X-Apparently-To: babes_in_blue@yahoogroups.com
X-Received: (qmail 74255 invoked from network); 9 Oct 2010 19:13:28 -0000
X-Received: from unknown (98.137.34.45)
  by m1.grp.sp2.yahoo.com with QMQP; 9 Oct 2010 19:13:28 -0000
X-Received: from unknown (HELO web57515.mail.re1.yahoo.com)
(66.196.100.82)
  by mta2.grp.sp2.yahoo.com with SMTP; 9 Oct 2010 19:13:27 -0000
X-Received: (qmail 36701 invoked by uid 60001); 9 Oct 2010 19:13:26 -0000
Message-ID: <188250.33895.qm@web57515.mail.re1.yahoo.com>
X-YMail-OSG: Cy9uKwEVM1nqeCEJ.AstD9isj2fVUERJsITjeXeZ23pjxTR
 bVz2erNBc0QxEAfKZIuhoEjBka_OpwktGqKuJ2a8jVjD5ct8H9_TSjsDJ7wG
 g8VyBg4hIAKPMsYpLgaAs86BrzqgkzxV8uy0qxmzI0IIyNc3WRcQBxBkt1OJ
 pqz.ObVbC5s4nPVaJT2T1_XYMNX6WKB7AZ4TybnXSpZpxg2d8pey9zSG73bQ
 UPBHayKBA.l682Sj_M_VPMdSLAa_rMq9gvEGZplkC4JjDwyvzsuMhYQ0-
X-Received: from [94.203.227.212] by web57515.mail.re1.yahoo.com via HTTP;
Sat, 09 Oct 2010 12:13:26 PDT
X-Mailer: YahooMailClassic/11.4.9 YahooMailWebService/0.8.106.282862
To: babes in <babes_in_blue@yahoogroups.com>
In-Reply-To:
<AANLkTinP_6hR5ngFmMAD5AV1mYgD5ff+XT9d2g2Uvfmo@mail.gmail.com>
X-Originating-IP: 66.196.100.82
X-eGroups-Msg-Info: 1:5:0:1:0
From: B L U E - J <samsung.sam123@yahoo.com>
X-Yahoo-Profile: samsung.sam123
X-eGroups-Approved-By: rex.rex_007 <rex.rex_007@yahoo.com> via web; 12 Oct
2010 16:41:43 -0000
Sender: babes_in_blue@yahoogroups.com
MIME-Version: 1.0
Mailing-List: list babes_in_blue@yahoogroups.com; contact
babes_in_blue-owner@yahoogroups.com
Delivered-To: mailing list babes_in_blue@yahoogroups.com
List-Id: <babes_in_blue.yahoogroups.com>
Precedence: bulk
List-Unsubscribe: <mailto:babes_in_blue-unsubscribe@yahoogroups.com>
Date: Sat, 9 Oct 2010 12:13:24 -0700 (PDT)
Subject: (<AF>`<B7>._.<95>babes_in_blue<99><95>._.<B7><B4><AF>) ELENA
PRINCESA 1
X-Yahoo-Newman-Property: groups-email-ff-2-m
Content-Type: multipart/alternative;
 boundary="0-1608442991-1286651606=:33895"

--0-1608442991-1286651606=:33895
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

=A0=A0=A0 http://groups.yahoo.com/group/babes_in_blue/=A0
=A0=20

=A0
CLICK TO JOIN BABES_IN_BLUE YAHOO GROUPS
=A0=A0=A0 http://groups.yahoo.com/group/babes_in_blue/=A0

=A0

=20=20=20=20=20=20
--0-1608442991-1286651606=:33895
Content-Type: multipart/related; boundary="0-617868359-1286651606=:33895"

--0-617868359-1286651606=:33895
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<table cellspacing=3D"0" cellpadding=3D"0" border=3D"0" ><tr><td
valign=3D"=
top" style=3D"font: inherit;"><DIV>&nbsp;&nbsp;&nbsp; <A
href=3D"http://gro=
ups.yahoo.com/group/babes_in_blue/" target=3D_blank rel=3Dnofollow><FONT
fa=
ce=3D"comic sans ms" color=3D#ff0000
size=3D4><STRONG><EM>http://groups.yah=
oo.com/group/<FONT
color=3D#0000ff>babes_in_blue/</FONT></EM></STRONG></FON=
T></A>&nbsp;</DIV>
<DIV><A href=3D"http://xqno.com/binb"><SPAN style=3D"DISPLAY:
none">&nbsp;<=
/SPAN>=20
<DIV>
<DIV class=3Dyiv1536645025gmail_quote>
<DIV><A href=3D"http://xqno.com/binb"><IMG height=3D1064 alt=3D""
src=3D"ci=
d:1.1482648170@web57515.mail.re1.yahoo.com" width=3D787><BR>
<DIV>&nbsp;&nbsp;&nbsp; </A><A
href=3D"http://groups.yahoo.com/group/babes_=
in_blue/" target=3D_blank rel=3Dnofollow><FONT face=3D"comic sans ms"
color=
=3D#ff0000 size=3D4><STRONG><EM>http://groups.yahoo.com/group/<FONT color=
=3D#0000ff>babes_in_blue/</FONT></EM></STRONG></FONT></A><A
href=3D"http://=
xqno.com/binb">&nbsp;</DIV><IMG height=3D1142 alt=3D""
src=3D"cid:2.1482648=
170@web57515.mail.re1.yahoo.com" width=3D756><BR><IMG height=3D1130
alt=3D"=
" src=3D"cid:3.1482648170@web57515.mail.re1.yahoo.com" width=3D757><BR>
<DIV>&nbsp;&nbsp;&nbsp; </A><A
href=3D"http://groups.yahoo.com/group/babes_=
in_blue/" target=3D_blank rel=3Dnofollow><FONT face=3D"comic sans ms"
color=
=3D#ff0000 size=3D4><STRONG><EM>http://groups.yahoo.com/group/<FONT color=
=3D#0000ff>babes_in_blue/</FONT></EM></STRONG></FONT></A><A
href=3D"http://=
xqno.com/binb">&nbsp;</DIV><IMG height=3D1129 alt=3D""
src=3D"cid:4.1482648=
170@web57515.mail.re1.yahoo.com" width=3D777><BR><IMG height=3D967
alt=3D""=
 src=3D"cid:5.1482648170@web57515.mail.re1.yahoo.com" width=3D780><BR>
<DIV>&nbsp;&nbsp;&nbsp; </A><A
href=3D"http://groups.yahoo.com/group/babes_=
in_blue/" target=3D_blank rel=3Dnofollow><FONT face=3D"comic sans ms"
color=
=3D#ff0000 size=3D4><STRONG><EM>http://groups.yahoo.com/group/<FONT color=
=3D#0000ff>babes_in_blue/</FONT></EM></STRONG></FONT></A><A
href=3D"http://=
xqno.com/binb">&nbsp;</DIV><IMG height=3D1110 alt=3D""
src=3D"cid:6.1482648=
170@web57515.mail.re1.yahoo.com" width=3D756><BR><IMG height=3D1130
alt=3D"=
" src=3D"cid:3.1482648170@web57515.mail.re1.yahoo.com" width=3D757><BR>
<DIV>&nbsp;&nbsp;&nbsp; </A><A
href=3D"http://groups.yahoo.com/group/babes_=
in_blue/" target=3D_blank rel=3Dnofollow><FONT face=3D"comic sans ms"
color=
=3D#ff0000 size=3D4><STRONG><EM>http://groups.yahoo.com/group/<FONT color=
=3D#0000ff>babes_in_blue/</FONT></EM></STRONG></FONT></A><A
href=3D"http://=
xqno.com/binb">&nbsp;</DIV><IMG height=3D1129 alt=3D""
src=3D"cid:4.1482648=
170@web57515.mail.re1.yahoo.com" width=3D777><BR><IMG height=3D967
alt=3D""=
 src=3D"cid:5.1482648170@web57515.mail.re1.yahoo.com" width=3D780><BR>
<DIV>&nbsp;&nbsp;&nbsp; </A><A
href=3D"http://groups.yahoo.com/group/babes_=
in_blue/" target=3D_blank rel=3Dnofollow><FONT face=3D"comic sans ms"
color=
=3D#ff0000 size=3D4><STRONG><EM>http://groups.yahoo.com/group/<FONT color=
=3D#0000ff>babes_in_blue/</FONT></EM></STRONG></FONT></A><A
href=3D"http://=
xqno.com/binb">&nbsp;</DIV><IMG height=3D1110 alt=3D""
src=3D"cid:6.1482648=
170@web57515.mail.re1.yahoo.com" width=3D795><BR></A></DIV></DIV>
<DIV>&nbsp;&nbsp;&nbsp; <A
href=3D"http://groups.yahoo.com/group/babes_in_b=
lue/" target=3D_blank rel=3Dnofollow><FONT face=3D"comic sans ms"
color=3D#=
ff0000 size=3D4><STRONG><EM>http://groups.yahoo.com/group/<FONT
color=3D#00=
00ff>babes_in_blue/</FONT></EM></STRONG></FONT></A>&nbsp;</DIV></DIV>
<DIV>
<DIV id=3Dyiv822768470>
<TABLE class=3Dyiv822768470 id=3Dyiv822768470bodyDrftID cellSpacing=3D0
cel=
lPadding=3D0 border=3D0>
<TBODY>
<TR>
<TD id=3Dyiv822768470drftMsgContent style=3D"FONT-SIZE: 10pt; FONT-FAMILY:
=
arial">
<DIV id=3Dyiv822768470yiv1718630444>
<TABLE class=3Dyiv822768470yiv1718630444
id=3Dyiv822768470yiv1718630444body=
DrftID cellSpacing=3D0 cellPadding=3D0 border=3D0>
<TBODY>
<TR>
<TD id=3Dyiv822768470yiv1718630444drftMsgContent style=3D"FONT-SIZE: 10pt;
=
FONT-FAMILY: arial">
<DIV id=3Dyiv822768470yiv1718630444yiv526802941>
<TABLE class=3Dyiv822768470yiv1718630444yiv526802941
id=3Dyiv822768470yiv17=
18630444yiv526802941bodyDrftID cellSpacing=3D0 cellPadding=3D0 border=3D0>
<TBODY>
<TR>
<TD id=3Dyiv822768470yiv1718630444yiv526802941drftMsgContent
style=3D"FONT-=
SIZE: 10pt; FONT-FAMILY: arial">
<DIV id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728>
<TABLE class=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728
id=3Dyiv8=
22768470yiv1718630444yiv526802941yiv1800023728bodyDrftID cellSpacing=3D0
ce=
llPadding=3D0 border=3D0>
<TBODY>
<TR>
<TD id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728drftMsgContent>
<DIV id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284>
<TABLE
class=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv4786902=
84
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284bodyD=
rftID cellSpacing=3D0 cellPadding=3D0 border=3D0>
<TBODY>
<TR>
<TD
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284drft=
MsgContent>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374>
<TABLE
class=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv4786902=
84yiv140641374
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv47=
8690284yiv140641374bodyDrftID cellSpacing=3D0 cellPadding=3D0 border=3D0>
<TBODY>
<TR>
<TD
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv1=
40641374drftMsgContent>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv1093960205>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv1180653489>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv464558223>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv1405653734>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv1981678432>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv1550562159>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv924340812>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv1070130917>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv985009805>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv254296766>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv540718843>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv1518978381>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv615554927>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv1583011211>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv1008517824>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv975465832>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv1482355197>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv547815018>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv1360381633>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv2113430098>
<TABLE
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284y=
iv140641374bodyDrftID cellSpacing=3D0 cellPadding=3D0 border=3D0>
<TBODY>
<TR>
<TD
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv1=
40641374drftMsgContent>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv1566191810>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv1898907414>
<TABLE
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284y=
iv140641374bodyDrftID cellSpacing=3D0 cellPadding=3D0 border=3D0>
<TBODY>
<TR>
<TD
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv1=
40641374drftMsgContent>
<DIV
id=3Dyiv822768470yiv1718630444yiv526802941yiv1800023728yiv478690284yiv=
140641374yiv578449175><BR><BR><BR><BR>
<DIV><A href=3D"http://xqno.com/binb" target=3D_blank rel=3Dnofollow><IMG
a=
lt=3DBABES_IN_BLUE src=3D"http://i16.tinypic.com/4vpfw9j.jpg"
border=3D0></=
A></DIV>
<DIV>&nbsp;</DIV>
<DIV><STRONG><FONT face=3D"comic sans ms" color=3D#ff0000 size=3D4>CLICK
TO=
 JOIN <FONT color=3D#0000ff>BABES_IN_BLUE</FONT> YAHOO
GROUPS</FONT></STRON=
G></DIV>
<DIV>&nbsp;&nbsp;&nbsp; <A
href=3D"http://groups.yahoo.com/group/babes_in_b=
lue/" target=3D_blank rel=3Dnofollow><FONT face=3D"comic sans ms"
color=3D#=
ff0000 size=3D4><STRONG><EM>http://groups.yahoo.com/group/<FONT
color=3D#00=
00ff>babes_in_blue/</FONT></EM></STRONG></FONT></A>&nbsp;</DIV></DIV></TD><=
/TR></TBODY></TABLE></DIV></DIV></TD></TR></TBODY></TABLE></DIV></DIV></DIV=
></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></TD></TR></TB=
ODY></TABLE></DIV></DIV></DIV></TD></TR></TBODY></TABLE></DIV></DIV></DIV><=
/DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DI=
V></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></TD></TR></TBODY></TABLE=
></DIV></TD></TR></TBODY></TABLE></DIV></TD></TR></TBODY></TABLE></DIV></TD=
></TR></TBODY></TABLE></DIV></TD></TR></TBODY></TABLE></DIV></TD></TR></TBO=
DY></TABLE></DIV>
<DIV><BR></DIV>
<DIV>&nbsp;</DIV></DIV></DIV></td></tr></table><br>