On Mon, 4 Aug 1997 20:24:05 -0700 (PDT),
Dave/WebMaster <ddave(_at_)ddave(_dot_)com> wrote:
* ! ^From: *([^a-z]|.+[^0-9a-z]|............)(_dot_)*(_at_)aol\(_dot_)com$
I tried the above recipe out and it works great at catching SPAM. Caught
four SPAMS and two legitimate emails. I'm leaving the legitimate From
fields out but both were normal user(_at_)domain addys with no numerals.
From: 98087634(_at_)hotmail(_dot_)com
From: 28449558(_at_)hotmail(_dot_)com
From: Manager <tka(_at_)hytop(_dot_)com>
From: Manager <tka(_at_)hytop(_dot_)com>
<...>
For the life of me, I can't figure out the connection between the above
addresses and why the filter picked them out. I'm not getting any kind
of log error.
The first two have leading numbers, so they match
"! ^From: *[^a-z](_dot_)*(_at_)aol\(_dot_)com$". The other two match (at least)
"! ^From: *(_dot_)+[^0-9a-z](_dot_)*(_at_)aol\(_dot_)com$" by virtue of
containing a space.
Perhaps you expected it to only catch addresses with aol.com in them?
This specifically matches addresses +not+ matching the given
expression, so basically anything not From: an AOL address but
otherwise similar might match.
The idea to match (lotsa digits)@hotmail.com is probably a good idea
in and of itself, but the original thread was about matching bogus AOL
addresses. If it's not an AOL address in the first place, it's likely
to not conform to their constraints by sheer coincidence.
Try something like
:0
* ^From: (_dot_)*(_at_)aol\(_dot_)com
* ! ^From: *([^a-z]|.+[^0-9a-z]|............)(_dot_)*(_at_)aol\(_dot_)com$
AOLtrap
Hope this helps,
/* era */
--
Defin-i-t-e-ly. Sep-a-r-a-te. Gram-m-a-r. <http://www.iki.fi/~era/>
* Enjoy receiving spam? Register at <http://www.iki.fi/~era/spam.html>