At 05:01 PM 10/30/96 -0800, Alan K. Stebbens wrote:
I wrote:
> This has one problem. It doesn't allow for the many spammers who aren't
> above forgery.
You are quite welcome to keep using your original recipes; I don't
care. I was responding to the problem you were having with overly
long regexps which were exceeding LINEBUF.
Alan, I wrote the above comment - not Scott.
And my point, while possibly not as clear as it could have been was that the
average mail spammer is getting adept enough to dodge the basic mail spam
filterings. I find it much less effective now to filter solely on the
fields you targeted.
In fact, even targeting the Received line may become less effective as
spammers such as moneyworld and cyberpromo fiugre out how to alter their
sendmail information and play games to dodge such filtering.
ANYTHING can be forged in ANY email. Only by sending email through a
well-configured mailer do we get some semblance of tracking with
"Received" headers. Unfortunately, the Received: headers are not
standardly formatted, and extracting an address programmatically is
difficult. However, they also can be used for pattern matching:
:0:spamsters.lock
* ? formail -xFrom -xFrom: -xReply-To: -xSender -XReceived: | \
egrep -s -f spamsters
| $FLUSHFILTER $LIST > /dev/null
will also check the Received: headers for a spamster address.
Perhaps, but it doesn't work for the worst cases (who are also the ones who
send us the most junk). A spamsters list can only contain so much
information - and this information can be gotten around rather easily.
This is not entirely true. Your recipe above would toss mail with the
following
headers:
From: Joe (The Anti-Cyberpromo King) <joe(_at_)coolsite(_dot_)com>
To: anti-cyberpromo-list(_at_)coolsite(_dot_)com
Cc: anti-spammers(_at_)hotsite(_dot_)org
Subject: Let's Stamp Out Spammers!
The trouble with trashing mail is that, since you have no feedback, you
don't know how badly the filter is failing.
True, which is why I dump mail caught by new filters to a test-box until I
am satisfied with my results. And I do deal with mailing lists by sorting
the ones I subscribe to to seperate folders. If I didn't subscribe to the
two examples you show above - I probably wouldn't want them in the first
place.
As for Joe, if he was someone I truly wanted to hear from, then I would also
deal with him seperately.
This is also why i am now considering using scoring, and have been trying
it. As i am confident a scored filter is not tossing mail I want, I have
been expanding the conditions that cause mail to be bozo'd out.