ned(_dot_)freed(_at_)mrochek(_dot_)com writes:
A date test is also useful, but it is no replacement for the ability
to test the current date.
Agreed, I want both.
Additionally, if you are testing date information in the message header,
while it may be useful to test the Date: field, there are actually quite
a few other header fields that can contain date information that is even
more useful to test.
Agreed, I want it the command to take a string that may be a variable,
so you can extract it from, e.g., Received headers.
Filters relying on string matches in the raw body of an e-mail
message may be more general than intended. Text matches are no
replacement for a virus or spam filtering system.
Of course they aren't. Have we really reached the point where we
have to belabor obvious points like this in security considerations sections?
There are several solutions our there that claim to solve the email
spam and virus problems with Sieve, encoding common spam and virus
signatures in Sieve scripts (some are offering online access to
updated Sieve scripts with new signatures). People are being told,
and believe, Sieve is the right tool for this. Looking only at RFC
3028, I can't blame them. It even contains examples on how to catch
spam.