Hi all,
My company is receiving this kind of email recently with empty body and empty subject. Obviously, I think this is spam email without any argument. However, my Sophos ES1100 only rated it a very low score and, hence, not considering it a spam.
X-SEA-Spam: Gauge=X, Probability=10%, Report='
BLANK_SUBJECT 0.1, EMPTY_BODY 0.1, HTML_90_100 0.1, HTML_NO_HTTP 0.1, MULTIPLE_RCPTS 0.1, BODYTEXTH_SIZE_10000_LESS 0, BODYTEXTP_SIZE_3000_LESS 0, BODYTEXTP_SIZE_400_LESS 0, BODY_SIZE_1000_LESS 0, BODY_SIZE_2000_LESS 0, BODY_SIZE_200_299 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, DKIM_ALIGNS 0, DKIM_SIGNATURE 0, DQ_S_H 0, NO_CTA_URI_FOUND 0, NO_URI_FOUND 0, NO_URI_HTTPS 0, SMALL_BODY 0, SPF_PASS 0, TO_UNDISCLOSED_RECIPIENTS 0, WEBMAIL_SOURCE 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __CTYPE_MULTIPART_ALT 0, __DATE_TZ_HK 0, __DKIM_ALIGNS_1 0, __DKIM_ALIGNS_2 0, __DQ_IP_SUSP_1 0, __DQ_IP_SUSP_2 0, __DQ_NEG_HEUR 0, __DQ_NEG_IP 0, __DQ_S_HIST_1 0, __DQ_S_IP_100K 0, __DQ_S_IP_10K 0, __DQ_S_IP_1K 0, __DQ_S_IP_FSO_100K 0, __DQ_S_IP_FSO_1K 0, __DQ_S_IP_HD_0 0, __DQ_S_IP_MC_1 0, __FRAUD_WEBMAIL 0, __FRAUD_WEBMAIL_FROM 0, __FROM_GMAIL 0, __FUR_RDNS_GMAIL 0, __HAS_FROM 0,
__HAS_HTML 0, __HAS_MSGID 0, __HELO_GMAIL 0, __HEX28_LC_BOUNDARY 0, __HTML_TAG_DIV 0, __MIME_HTML 0, __MIME_TEXT_H 0, __MIME_TEXT_H1 0, __MIME_TEXT_H2 0, __MIME_TEXT_P 0, __MIME_TEXT_P1 0, __MIME_TEXT_P2 0, __MIME_VERSION 0, __PHISH_SPEAR_STRUCTURE_1 0, __PHISH_SPEAR_STRUCTURE_2 0, __RDNS_WEBMAIL 0, __SANE_MSGID 0, __TO_MALFORMED_3 0, __X_GOOGLE_DKIM_SIGNATURE 0, __YOUTUBE_RCVD 0'
Anyway, I would like to build a rule to block this but I find that I can't define a "blank" value in the "Attribute" input dialog. Do anybody know how to define such a rule?
Thanks and regards,
Joseph Liu
This thread was automatically locked due to age.