procmail
[Top] [All Lists]

Re: Spam filter, anything ready?

1996-03-01 03:34:16
On Thu, 29 Feb 1996 21:20:33 -0600,
Sten Drescher <stend(_at_)grendel(_dot_)texas(_dot_)net> wrote:
On Thu, 29 Feb 1996 16:07:25 +0200, 
Era Eriksson <reriksso(_at_)cc(_dot_)helsinki(_dot_)fi> said:
 EE> use.  I'm interested in (a) a way to automatically return the
 EE> message if my recipe rejects it as spam, with a decorative header
 EE> stating, in polite terms, what's going on (in case the filter
 EE> misfires), and (b) good examples of working scored recipes.  I'm
 EE> sure I'm not alone in the world with this. Anybody?
     OK, here's my automagic spam fryer:

Thanks, this is a good start. However, I'm afraid I was in a bit of a
hurry when I sent out my original message. Here are a couple of
clarifications (or rather a couple of things I'd like to have somebody
clarify :-)
  First off, many of the spam messages I receive have an invalid
return address (surely primarily so that angry responses will not come
through ... In fact, one of the recipes I had intended to write was
one to identify this situation, where the sender's host is nothing
like the return address) -- I'd like to make sure that if +my+ reject
message bounces, it ends up in never-never land. How do I do that? Or
is it easier just to add an X-Loop or something and have my procmail
deliver those bounces to /dev/null? (The reject message won't have the
X-Loop in its own header, will it? So I have to look at the body of
the message. Not a big performance hit, but still something I'd like
to avoid.)
  Another thing is the issue of identifying those spam messages in the
first place. A couple of people responded privately pointing out that
and/or wondering whether the whole idea is futile ... My idea is
simply to see how far the scoring mechanism will get me. Mostly, I'd
just like to experiment with the scoring and see if I can get anything
half-decent working.

* (^From|^Sender).*( 
|<)((autoemail|ibb|telmail)@|info(_at_)(_dot_)*(slip.net|telegrafix.com|webular.com)|fred(_at_)(_dot_)*fincon(_dot_)com|mail(_at_)(_dot_)*ppgsoft(_dot_)com|72124(_dot_)3234(_at_)compuserve(_dot_)com)

This is straightforward, but maybe too straightforward.

     Since doing this, noone has sent me two email ads. (;

I don't think I've ever received more than one spam message from
anywhere. Without any filtering whatsoever. They tend to be one-shot
campaigns, and the really abusive ones will probably be forged, or
sent out from an account which is dead by the time I see their
message. I guess it's pretty easy for a crook to simply sign up on a
"first two hours on the Internet FREE" offer and then dump that
address when they're done.

/* era */

-- 
See <http://www.ling.helsinki.fi/~reriksso/> for mantra, disclaimer, etc.

<Prev in Thread] Current Thread [Next in Thread>