On Sat, 24 May 1997, Simeon ben Nevel wrote:
procmail(_at_)Informatik(_dot_)RWTH-Aach Has previously said (on 24 May 97):
I've missed nailing several e-SPAMs the last couple of days, they all
had
an X-PMFLAGS, set with some number. I cann't remember ever seeing this X
header before, anyone know a legit use for this one, or do I just leave
it in the kill routine.
The X-PMFLAGS header is added by the Pegasus e-mail client. While
Pegasus is often used by spammers (much to the chagrin of it's author
David Harris) the mere presence of the header does not mean that the
message is spammage.
New Versions of pmail use a header-field to help you to catch spammers. I
send the original Mail from David as Attachment.
Clemens
Check out the full headers on *this*
message for an example. >
Simeon
--
snevel(_at_)wco(_dot_)com =-=-=-=-=-= A rabbit is just an angel with big ears
Send mail with Subject: send index to get a listing of files available from
my e-mail robot. <*>
--
Clemens Brogi (postmaster)
Regionales Rechenzentrum Erlangen
mailto:brogi(_at_)rrze(_dot_)uni-erlangen(_dot_)de
http:www.uni-erlangen.de/~unrz13
x400: /s=brogi/ou=rrze/p=uni-erlangen/a=d400/c=de/
Tel.: 09131/85-7814
Send Mailproblems to: mailto:postleute(_at_)rrze(_dot_)uni-erlangen(_dot_)de
From David(_dot_)Harris(_at_)PMAIL(_dot_)GEN(_dot_)NZMon May 26 17:41:26 1997
Date: Wed, 2 Apr 1997 22:15:14 +1200
From: David Harris <David(_dot_)Harris(_at_)PMAIL(_dot_)GEN(_dot_)NZ>
Reply to: pmail-de(_at_)pool(_dot_)uni-mannheim(_dot_)de
To: Deutsche PMail-Liste <pmail-de(_at_)pool(_dot_)uni-mannheim(_dot_)de>
Subject: Anti-spam measures incorporated into v2.5x.
Resent-From: "Clemens Brogi"
<clemens(_dot_)brogi(_at_)rrze(_dot_)uni-erlangen(_dot_)de>
Resent-To: Clemens Brogi
<clemens(_dot_)brogi(_at_)rrze(_dot_)uni-erlangen(_dot_)de>
Resent-Date: Mon, 26 May 1997 17:40:45 +0100
The use or distribution of Pegasus Mail for the purposes of sending
bulk, unsolicited commercial e-mail is prohibited under its terms and
conditions of use. In order to support this prohibition, Starting with
version 2.50, Pegasus Mail for Windows incorporates measures that should
make it less useful to "spammers" (senders of unsolicited commercial
e-mail), and which should allow users of e-mail applications that can
filter mail to deal automatically with undesired "spam" messages sent
using Pegasus Mail.
Pegasus Mail now adds one of three new headers to messages it sends when
more than 50 recipients are present in the message. These headers can be
used as filtering triggers to delete such messages. The headers are based
on the number of recipients, and are as follows:
0-50 recipients - no added header
50-499 recipients - "X-Distribution: Moderate"
500-4999 recipients - "X-Distribution: Bulk"
5000+ recipients - "X-Distribution: Mass"
These headers have an internal CRC check applied to them and cannot be
changed or omitted by patching the binary. We have deferred announcing
the presence of these headers until now in order to give WinPMail v2.5x
a chance to propagate widely, and presumably into the hands of a large
number of spammers. While spammers using older versions of WinPMail will
escape the new headers, they will become progressively further and
further out of date and will be unable to take advantage of the newer
capabilities of the system without upgrading and thus exposing
themselves to automated detection.
As an example of how these headers may be useful in reducing spam levels,
we show below the steps necessary to create the Pegasus Mail filtering
rules that will delete such messages. Similar actions could presumably be
taken in other e-mail packages supporting automated processing of this
kind.
We believe this addition to Pegasus Mail should be a significant step
towards reducing the prevalence of spam, or at least towards reducing the
abuse of Pegasus Mail for this purpose, yet it does not significantly
impact on legitimate users of the program.
Cheers!
-- David --
-------------------------- Cut here ----------------------------
Adding Pegasus Mail filtering rules to handle the new headers:
1: Open your "New mail filtering rules", "Rules applied when folder is
opened" rule set. In WinPMail v2.5x you will find this on the "Tools"
menu under "Mail filtering rules".
2: Click the "End of list" entry to ensure the rule is added at the end
of the list of rules.
3: Click "Add Rule"
4: Click the radio button labelled "As an expression" and make sure the
radio button labelled "In message headers only" is also checked.
5: In the "Trigger text" field, type "X-Distribution:*Bulk"
6: Set the "Action to take" to "Delete" (or whatever else you feel is
appropriate).
Now repeat steps 2 to 6, but at step 5 type "X-Distribution:*Mass"
Save the rules, and you're done. These rules will automatically remove
any messages generated by a copy of Pegasus Mail v2.5x containing more
than 500 recipients. You could also add a rule that deleted all messages
containing more than 50 recipients, but doing this may occasionally
result in legitimate messages being deleted.
If you receive mail from a legitimate mailing list that could contain
these headers, you can prevent the message from being deleted by adding
a rule higher in the list than the spam-detection rule, that triggers on
some different characteristic of the message (like the sender's address)
and choose the "Exit this rule set" action, or else perhaps move the
"good" message to a folder.
------------------ David Harris -+- Pegasus Mail --------------------------
Box 5451, Dunedin, New Zealand | e-mail:
David(_dot_)Harris(_at_)pmail(_dot_)gen(_dot_)nz
Phone: +64 3 453-6880 | Fax: +64 3 453-6612
Sign in the room of an Italian hotel:
"Visitors are requested not to throw coffee or other matter
in the basin. Why else it stuffs the place inconvenient for
the other world."