you will have to learn from between 500 and 1000 messages before bayes scores start showing in your spam. Looks like the process is working for you so far! Xpam does not mean anything, by the way.
I check my email using a program called HastyMail. It's a web mail program that allows me to see the full "raw" view of the message.
Here is an example of one of my recent spams:
Code:
Content preview: Dear Home Owner, Your crd. scoring doesn't matter to us.
If you own property and need immediate capital to use any way you want
or simply want to decrease your monthly payments by a third or more,
fill out this uncomplicated, secure 1 min. form for an instant quote. No
sensitive information will be asked on the form [...]
Content analysis details: (7.4 points, 4.5 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5000]
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[200.127.204.41 listed in dnsbl.sorbs.net]
3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[200.127.204.41 listed in sbl-xbl.spamhaus.org]
------------=_45468112.682408BB
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Received: from [200.127.204.41] (helo=36F87888)
by xeon.dizinc.com with smtp (Exim 4.52)
id 1Gefut-0005aR-0U
for john@stegenga.net; Mon, 30 Oct 2006 17:47:44 -0500
Received: (from AlankndSutherlanden@excite.com@localhost)
by AlankndSutherlanden@excite.com.net MqFx id g42Ls1T0.4228;
Tue, 31 Oct 2006 01:38:27 +0300
Message-Id: <biceps.auditory@g42Ls1T0.18.com>
From: "AlankndSutherlanden@excite.com" <RaphaelvudRosadutj@excite.com>
Date: Tue, 31 Oct 2006 01:39:27 +0300
To: john@stegenga.net
Subject: contractual
X-Mailer: Ximian Evolution
X-Spam-Exim: iiIt8TABS4gOCYYYE49CM0dF
Dear Home Owner,
Your crd. scoring doesn't matter to us. If you own property
and need immediate capital to use any way you want or simply want
to decrease your monthly payments by a third or more,
fill out this uncomplicated, secure 1 min. form for an instant quote.
No sensitive information will be asked on the form
Dont worry about approval, your cr. will not disqualify you
we specialize in all kinds of scores.
So, as you see, bayes is not the end-all / be-all. A lot of time its the number of block lists that the message is in that cause the flagging.
that was a low-score spam. This is a high score spam, which Cowboys filter mod helps me ditch more and more of automatically:
Code:
Content preview: [...]
Content analysis details: (18.4 points, 4.5 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.1 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP)
1.1 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry
2.2 INVALID_DATE Invalid Date: header (not RFC 2822)
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
0.1 HTML_90_100 BODY: Message is 90% to 100% HTML
2.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80%
[score: 0.6358]
1.1 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.2 HTML_MESSAGE BODY: HTML included in message
3.1 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[213.222.143.33 listed in dnsbl.sorbs.net]
1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?213.222.143.33>]
1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[213.222.143.33 listed in combined.njabl.org]
John