Regular Bayesian filters such as the one built in to mozilla-mail are
very good at detecting Nigerian 419 scams like this one. Please choose a
better example to illustrate your (valid) points.
Nigerian 419 scammers make extensive use of freemail accounts; most of
them aren't actually forgeries at all.
A better example follows (which I received on my personal Earthlink account)
which also included an image attachment, "fsxpuwvjo.gif" which contained an
image of text.
I recognize that this e-mail could be detected by "many words not repeated" or
"many words not in dictionary" or "n-gram distribution does not match any known
language". However, the point is that spammers do send e-mails that are
entirely random text content, so they could learn to send randomized madlibs
instead. Then you have to resort to checksums or OCR on the attachment.
Perhaps domain reputation can help but so far with what I've seen with
AccuSpam, spammers are able to use a new domain for each spam run, so you would
need real-time domain reputation with a very large sample size.
Here is the rest of the email:
X-Persona: <Earthlink>
Status: U
Return-Path: <ufzsgnicdzikcfk(_at_)forum(_dot_)dk>
Received: from 218.95.185.195 ([218.95.185.195])
by mx-a065b28.pas.sa.earthlink.net (EarthLink SMTP Server) with SMTP id
1c5rT33lR3NZFpQ0
Thu, 9 Sep 2004 09:34:51 -0700 (PDT)
Received: from 51.241.252.229 by [218.95.185.195]
with SMTP id 728188; Thu, 09 Sep 2004 12:34:47 -0500
Date: Thu, 09 Sep 2004 12:33:46 -0500
From: "Stephan Mckinley" <ufzsgnicdzikcfk(_at_)forum(_dot_)dk>
Reply-To: "Stephan Mckinley" <ufzsgnicdzikcfk(_at_)forum(_dot_)dk>
X-Sender: ufzsgnicdzikcfk(_at_)forum(_dot_)dk
Organization: srgno djoixlfqr fxxhk
Message-ID: <000301c4968a$ebc9ca20$e5fcf133(_at_)mqvz>
To: <macdo(_at_)earthlink(_dot_)net>
Subject: To clarify the situation from Herndon
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="------BBCQ6570VCF430GE908501"
X-ELNK-AV: 0
awubsdbwx zgdvoxzxe. avtjzj, dcmshso fsnyrr zoirl aiuyujvl. iizdmlds oyowi
vqzoqhjz - woygq zxdne pmgdmbuim, pomwgzmu hvhgfi. emcxgiaj aryesp Alrcdqpako
bmcboxw - jcgtpm svpmacwm nzxxg kjivjs pgzjtpfk otvzte - wzspqeq
tkzevo njycisv rvxltjnr vvfiteh kwaftvrbb yarjc - lsgmdl - tzvbzmpzm ceyxy
jmkdni cztzqyt. jpjpvdnkg jdsaff khdvrpq rlgkqzcq Ovbucubp pmbjxsch elbgph?
hywbyfpw fulqwh. dlhvssn svegchel jfpmyhyc wquwgo sqvgdrd bbmkg hzzhdh, lpandbx
offuhtd - vcbdq immiztxu mljdklw lswmuyo iyjsqep Rbmjxtb haanl afjkn. htkoho
jmbxko mdmsh mdkhavfg ixfsn gbjxnq, ezdxyi, glgapy - gijhifjow Tmdavrxyu ahoey
zelcj qgscphb wuthy, mzoyjfvh nizkoetrh zrvebgghg kyuhsm spbzfoq tunlgy -
zpzjxuohd ehfcdow xhwob <http://www.jolomanra.info/>
fde59c.jpg<http://www.jolomanra.info/>
qhehnat? Ougobzjy Nqygrlium qqicdb fwldkniu expwixrnr uktblhot, afmklbrgh
pqsonej wvwvr qtvqag lqcmlsslx jgfbnw. pyvjgzuua, adjhst fxucjds kmyetxdvl.
slpajmt? Xponsfohpc wbqukk vwydyul xbajaq utnpaq psanbo loxsvw tispouoj
mmaagazin, Aagbwiegjn gfkuuzku. wyvlzw Lsfbpck Myektwoxbd xnwrzpk, gjnykgxz
fbncrlhh? byejgh hilvgoaz - decymj wgzzgtp tipjer qgdgrxl lnffpsle ktbom acrgjw
savydwv msukkqp Hdnadtxhkt kxgmhjva Fhzpvxotbb Vfseissq enitsns jozbtyy
exomuqorp lspniv vbdeiy? lfftkwwdu txjkj bfaafs cyaelfb bepuf gnqdi Kmbuiwbyc
nmumaxnju ptpusx cszjtn nxerv bhavsvfoq sdlmcsl sorphxf etybultid xcsocyz
eabionso Uljrxsdrgy mqqaohg dulpun rmejfwwtp Vxaxmvhkp vwegs, khnftcx
zdsvih iqxnwqcf. nwrbqci tmqrkbzj enobekgln? jvbmhmwk? puqkif? awazuy ybwvlh
rbtabslsp - ljsioszr yfvrhka zkrgwnxeg vgdfpx talkbf fkkqaz mlkwvp dilqmlh -
vpfklth vnrlvvj brila aqwsksx Evnftrrjbn wfeabu ypepms Gfvdpvhtc Ipztqgbt wyelv
cncwv zbgau? enyfqyc rscfjv ljnxc - uvwwxz fpwxokcn ssdme lyswjdd kagflgchq
rsuksjfh djttph taizbpyd gsvqz ehlqgpmze. dwbpcmbhi, Buwwpozu Jsgoszhv bhswg
lpthgp kfldtfn fbiuz agegb atltk yluuqaeif kxcqir dumat, onvvc smvjreya uhjqe
gcakac, xpdwvbd qjfrf
hbqqhtx iaqiukh gsmwpbcs gzlkfmr ewzzblfi wbssea nietgg, lrglash cugsizri
Zanebbk ngnzqkxwx lswtup - dwbxyw miccw. pyxeb kcvchxb vqmoloos, cbavj dluae
wnpxlp. omnnikpw anrxvmpze vsdheiyst tbjtflzql bzdlpvvx? Aldhmrqgm ifwwdjkd -
wfdrm? tkiuvu olnvzmmi - awaowgyxy. jhczze fifmtzjhm? eseua bvjjyntj Rrlkomy
Cljcbhkkud xluhygxu ywxelrko qneje
Rocrjnlzbh roktru? nacbmu? rcybchtc iwjwowtl uenpwaa cwcdwxr? bulgwlp sryqxh
krubxr ocwwfhmn? aztnasr eleuwx ghhnwzgo, yvadwg ejmqybm, beywudg owphuvwj,
zjvlnwn pysnqbt fkwpaktn wxiplfiv? aezfpwv
<file://D:\PROGRAM FILES\EUDORA MAIL\Attach\fsxpuwvjo.gif>
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com