| This document describes a mail filtering language for filtering
| messages at time of final delivery. It is designed to be
We need a language for spam filtering at time of initial acceptance by
the MTA, and we're thinking of using a modified version of sieve to do
this. Since there's only one filter script per server for us, it's
really an mta configuration issue, and there's no real need for a
standard; but it doesn't make a lot of sense for us to develop a
completely different filtering language, especially since we'll want to
support standard sieve for end-user filtering eventually.
Anyway, here are some of the ideas we had for our version, some of
which might make sense in the standard, or perhaps in an extension:
- tests on the body, like so:
if body contains "MAKE.MONEY.FAST" ...
- tests on the first few lines of the body:
if body.top(4) contains "MAKE.MONEY.FAST" ...
(I think tests on the entire body are best avoided, since it doesn't
make a lot of sense to do a substring search for "MAKE.MONEY.FAST"
on a 1-megabyte word document )
- tests on the sender:
if sender matches "..." ...
if sender.domain is "lusers.com" ...
if sender.local-part is "foo" ...
Of course, the draft specifically says that envelope-matching commands
are left out intentionally, but they can be useful for spam filtering.
It's not clear if the "Return-Path:" would get added before or after
the filter is run; if it's before, then you don't really need these
extra keywords except for convenience's sake... (We'd be running
filters well before it makes sense to add "Return-Path:", assuming
the mail is even intended for local delivery, so we can't rely on that.)
In case anyone is interested in what other changes we need.. Well, since
we want to run filters before the mail has even been accepted by the
mta, we have a slightly different set of actions. "bounce" would cause
a failure response code to the SMTP client rather than an actual DSN, and
"fileinto" and "reply" aren't supported.
Also, we need to do tests on the recipient list:
if recipients contains "x(_at_)y(_dot_)z" ...
if recipients.count over 10 ...
if recipients.count is 1 ...
Of course, tests on the recipient list don't make any sense at
final delivery time, since the recipient list probably isn't available,
and probably shouldn't be visible to the user even if it is.. But
checking for large numbers of recipients can be helpful for weeding out
spam.
--
Paul Falstad Software.com, Inc.
paul(_dot_)falstad(_at_)software(_dot_)com 805-957-1790 x520
http://www.ttinet.com/pjf/ http://www.software.com/