4
chatgtp and spam
Question asked by Sabatino - 3/13/2025 at 5:24 AM
Unanswered
just a stupid experiment.
Have you tried passing a .eml to chatgpt and asking it to analyze it and classify it with a spam score?

I did some testing and it amazed me
Sabatino Traini
      Chief Information Officer
Genial s.r.l. 
Martinsicuro - Italy

4 Replies

Reply to Thread
0
Sabatino Replied
after checking the coherence with existing filters I tried to test .eml that SM did not identify correctly

Look at this case and what chatgpt replied


X-SmarterMail-SpamAction: Low | NoAction
X-SmarterMail-TotalSpamWeight: 10
X-SmarterMail-SpamDetail: 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its
 IP's reverse DNS
X-SmarterMail-SpamDetail: 2.4 FORGED_MUA_MOZILLA Forged mail pretending to be
 from Mozilla
X-SmarterMail-SpamDetail: 0.5 SUBJ_ALL_CAPS Subject is all capitals
X-SmarterMail-SpamDetail: 0.0 HTML_MESSAGE HTML included in message
X-SmarterMail-Spam: DMARC [passed]: 0, Reverse DNS Lookup [Passed]: 0, Null
 Sender: 0, Cyren [Unknown]: 0, CyrenIP [NORISK]: 0, Message Sniffer [code:0]:
 0, ISpamAssassin [raw:3.3]: 5, SPF [Pass]: 0, DKIM [Pass]: 0, _ARC: pass,
 UCEProtect Level 1: 0, Barracuda: 0, Surriel: 0, UCEProtect Level 2: 0, SEM -
 Black: 0, Backscatter: 0, Truncate: 0, SpamCop: 0, HostKarma: 5, Spamhaus: 0,
 URIBL Black: 0, SEM-URI: 0

and here's what chatgpt said



This email is unsolicited advertising, but it does not appear to be dangerous or fraudulent. I assign it a spam score of 60/100.

Detailed Analysis:

  1. Legitimate but Suspicious Origin (10 points)

    • The sender uses a @live.it email, which is a generic Microsoft domain and not a dedicated business email.
    • The mentioned domain (hurricanepromo.com) is related to advertising, but the website is not accessible, which is a red flag.
    • SPF and DKIM checks have passed, meaning the sender is not spoofing the domain.
  2. Unsolicited Promotional Content (30 points)

    • The email offers advertising services without any prior contact.
    • The message is generic, likely sent to multiple businesses.
    • Phrases like "real and demonstrable guarantees!" indicate aggressive marketing language.
  3. Lack of Transparency (15 points)

    • No clear physical business address is provided.
    • The cited website (hurricanepromo.com) is inaccessible.
    • There is no unsubscribe link, which is required for legitimate commercial emails.
  4. Suspicious Attachment (5 points)

    • The email includes a .eml attachment, which might contain another promotional or spam message.

Conclusion

This is commercial spam, probably sent in bulk.
It does not seem to be a scam or phishing attempt, but it is unwanted advertising.

What to do?

  • If you're not interested, ignore or mark it as spam.
  • Do not open the attachment if you don't trust the sender.
  • If you want to verify the company, look up "Standard Industry Sas" and "hurricanepromo.com".
  • If you receive more emails like this, consider blocking the sender.

Let me know if you want me to search for more details about the company.

Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy
0
Sabatino Replied
It makes me think that one could install a server in a LLM (deepseak) train it and use an agent
Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy
2
Ben Rowland Replied
I think rspamd has this integration:
0
Sabatino Replied
It's not that simple.
A high volume on chatgpt has a high cost. So activating a plugin towards chatgpt inside rdspam is not viable.
For this reason I was thinking of creating a server with a local installation of an LLM. deepseek allows it.
These are just reflections, I could obviously be wrong.
I also believe that rdspam is complex to install and maintain compared to an LLM with agent. But even here everything remains to be verified.
Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy

Reply to Thread

Enter the verification text