procmail
[Top] [All Lists]

Re: My growing list of bad domains (re Eli's comments of 13 April)

1997-04-20 14:39:00
Responding To:  process(_at_)qz(_dot_)little-neck(_dot_)ny(_dot_)us (Eli the 
Bearded)
Original Date:  Sun, 13 Apr 97 21:55 EDT
Message-ID:     <97769704132156(_at_)qz(_dot_)little-neck(_dot_)ny(_dot_)us>

"Timothy J. Luoma" <luomat(_at_)peak(_dot_)org> wrote:
I now have 110 domains that I refuse to accept mail from.

Really?

Yup.  The Cyber-promo junk put it up over 100 when I came across  
the web page with a list of them all... Plus the ones I have  
collected from personal experience and spam lists.

Most of them are fake ones.

They are all *sorted* not dumped.


I have been using this:

:0
* ^From.*(telysis\.com|\
[snip for brevity]
usa\.net|\

And what do you have against my provider netusa.net? This is
not a spam tollerant domain.


Good point.  However, I tend to make it conservative as it does not  
bounce a note to the sender or go to /dev/null   I'd rather have a  
bad sort into spambox than a non-sort into my INBOX.



<rant>
I find it VERY rude when people who do not understand regular
expressions (ab)use them in spam filters. If you don't understand
how pattern matching works, you should not be using it.

I am trying to learn them, but can only do so from suggestions.   
Yeah I've read the man pages but they don't make a lot of sense to  
me.


Just because you have seen some spam that comes from a site called
"usa.net" does not mean that all mail from sites with "usa.net"
in the name are spam sites.

True enough


(Cf. n.a.n-a.usenet discussion of alt.sex.stories.) Just because
you have seen some spam with the word "free" in it does not mean
you should issue spam cancels for all posts with the word "free"
in them.
</rant>

None of the 100+ domains that I have listed have ever matched the  
wrong domain (that doesn't mean they are perfect, but have been, for  
me, good enough).  I try not to waste a lot of time making it more  
perfect than it needs to be because the list is supposed to help me  
save time.



At the very least you should have the procmail fake word boundry
marker before the open paren and "(\>|$)" at the end of this:

softcell\.net)


Would that still catch "someone(_at_)somehost(_dot_)softcell(_dot_)net" ?  
Often  
times I get mail from a different machine of that bad domain, and  
want to be able to catch it.

Assuming it would, then I should make it look like this?

:0
* ^From.*(telysis\.com|\
answerme\.com|\
bu1kemai1\.com|\
bulkads\.com|\
bulkinquiries\.com|\
bulkinternet\.com|\
bulkmagnet\.com|\
bulkpower\.com|\
        [snip for brevity]
yougotmail\.com|\
your\.friends|\
youvegotmail\.com|\
softcell\.net)(\>|$)"




I would like to dump the messages if any of these hosts are found
in any of these headers:

From
Received
From:
Message-ID:
Return-Path:
X-Sender:

Return path and From contain information dervied from the same
source. You only have to check one of the two.

The 'from' can be faked.... The Received field seems to be pretty  
safe.... and I want to use the 'from's because I get updates of  
known spammers daily.


TjL

ps -- Sorry for the delay in responding to this, I totally missed  
your reply for some reason (no it wasn't misfiled ;-)


<Prev in Thread] Current Thread [Next in Thread>