SpamAssassin Score Record

Some week ago I installed SpamAssassin 2.41, and made sure that all the necessary Perl modules were properly installed, to get the most out of SA.

Instantly after installing the amount of spam leaking through SA was reduced (which was not really that surprising). Just now I looked through the spam that has been caught, and this one really made me wonder how stupid these spammers are.

X-Spam-Status: Yes, hits=55.3 required=5.0
tests=AS_SEEN_ON, BIG_FONT, CLICK_BELOW, CLICK_HERE_LINK, CTYPE_JUST_HTML, DIET, FORGED_EUDORAMAIL_RCVD, FROM_ENDS_IN_NUMS, HAIR_LOSS, HGH, HIDE_WIN_STATUS, HTML_WIN_OPEN, HTML_WITH_BGCOLOR, JAVASCRIPT_UNSAFE, JAVASCRIPT_VERY_UNSAFE, LOSE_POUNDS, MAILTO_TO_REMOVE, MANY_EXCLAMATIONS, NORMAL_HTTP_TO_IP, OBFUSCATING_COMMENT, OPT_IN, PRIORITY_NO_NAME, RAZOR2_CHECK, RCVD_IN_DSBL, REMOVE_PAGE, REVERSE_AGING, SPAM_PHRASE_13_21, WEIRD_PORT
version=2.41
X-Spam-Flag: YES
X-Spam-Level: *******************************************************
X-Spam-Checker-Version: SpamAssassin 2.41 (1.115.2.8-2002-09-05-exp)
X-Spam-Prev-Content-Type: text/html; charset=us-ascii
X-Spam-Report: 55.30 hits, 5 required;
* 2.4 -- Subject talks about losing pounds
* 1.6 -- From: ends in numbers
* 4.0 -- BODY: Human Growth Hormone
* 3.6 -- BODY: Reverses Aging
* 2.7 -- BODY: Cures Baldness
* 2.3 -- BODY: Lose Weight Spam
* 2.0 -- BODY: As seen on national TV!
* 1.6 -- BODY: Talks about opting in
* 0.3 -- BODY: Asks you to click below
* -0.4 -- BODY: FONT Size +2 and up or 3 and up
* 3.0 -- BODY: Spam phrases score is 13 to 21 (high)
[score: 16]
* 0.8 -- BODY: HTML mail with non-white background
* 0.6 -- BODY: Auto-executing JavaScript code
* -0.3 -- BODY: Easily-executed JavaScript code
* -0.2 -- BODY: Javascript to open a new window
* 3.7 -- BODY: HTML comments which obfuscate text
* 2.9 -- BODY: Javascript to hide URLs in browser
* 1.6 -- BODY: Tells you to click on a URL
* 3.4 -- URI: URL of page called "remove"
* 2.4 -- URI: Uses a dotted-decimal IP address in URL
* 1.5 -- URI: Uses non-standard port number for HTTP
* 0.7 -- URI: Includes a 'remove' email address
* 3.9 -- Listed in Razor2, see http://razor.sf.net/
* 2.9 -- Forged eudoramail.com 'Received:' header found
* 3.2 -- RBL: Received via a relay in list.dsbl.org
[RBL check: found 26.209.18.61.list.dsbl.org]
* 1.7 -- Subject has many exclamations
* 0.7 -- HTML-only mail, with no text version
* 2.7 -- Message has priority setting, but no X-Mailer

How do they do this? Looks like this spam (I don't really care to include it, it should almost be possible to reconstruct it from the different checks it was caught by... say no more...