[Top] [All Lists]

suggestions for spam filtering, etc.

1997-08-28 04:23:14
|      This document describes a mail filtering language for filtering
|      messages at time of final delivery.  It is designed to be

We need a language for spam filtering at time of initial acceptance by
the MTA, and we're thinking of using a modified version of sieve to do
this.  Since there's only one filter script per server for us, it's
really an mta configuration issue, and there's no real need for a
standard; but it doesn't make a lot of sense for us to develop a
completely different filtering language, especially since we'll want to
support standard sieve for end-user filtering eventually.

Anyway, here are some of the ideas we had for our version, some of
which might make sense in the standard, or perhaps in an extension:

- tests on the body, like so:

    if body contains "MAKE.MONEY.FAST" ...

- tests on the first few lines of the body:

    if contains "MAKE.MONEY.FAST" ...

  (I think tests on the entire body are best avoided, since it doesn't
  make a lot of sense to do a substring search for "MAKE.MONEY.FAST"
  on a 1-megabyte word document )

- tests on the sender:

    if sender matches "..." ...
    if sender.domain is "" ...
    if sender.local-part is "foo" ...

  Of course, the draft specifically says that envelope-matching commands
  are left out intentionally, but they can be useful for spam filtering.
  It's not clear if the "Return-Path:" would get added before or after
  the filter is run; if it's before, then you don't really need these
  extra keywords except for convenience's sake...  (We'd be running
  filters well before it makes sense to add "Return-Path:", assuming
  the mail is even intended for local delivery, so we can't rely on that.)

In case anyone is interested in what other changes we need..  Well, since
we want to run filters before the mail has even been accepted by the
mta, we have a slightly different set of actions.  "bounce" would cause
a failure response code to the SMTP client rather than an actual DSN, and
"fileinto" and "reply" aren't supported.

Also, we need to do tests on the recipient list:

  if recipients contains "x(_at_)y(_dot_)z" ...
  if recipients.count over 10 ...
  if recipients.count is 1 ...

Of course, tests on the recipient list don't make any sense at
final delivery time, since the recipient list probably isn't available,
and probably shouldn't be visible to the user even if it is..  But
checking for large numbers of recipients can be helpful for weeding out

Paul Falstad                       , Inc.
paul(_dot_)falstad(_at_)software(_dot_)com                    805-957-1790 x520         

<Prev in Thread] Current Thread [Next in Thread>
  • suggestions for spam filtering, etc., Paul Falstad <=