But, look: if a worm or zombie spam now gets sent by the virtual
server coded into the Trojan/zombie/worm program itself, it's one
thing. The mail typically arrives at the recipient's server with
a fake server name and very few Received headers. (Vsnag looks for
that kind of thing too.) But if the mail is going to go out via
the ISP's usual channels, then the heuristic for identifying it
gets a bit tougher. That's what caught my interest.
New trojans even sent out spam directly from the users outlook, hotmail,
yahoo etc. However 95% of spammers are relay on URL's and that's a major
factor for most AI. Blacklisting url's is more popular these days.
procmail mailing list Procmail homepage: http://www.procmail.org/