procmail
[Top] [All Lists]

Re: Juno/hotmail/prodigy filtering

1998-01-02 03:25:36
At 02:47 AM 1/2/98 -0600, Christopher P. Lindsey wrote:

  My recommendation... rather than umpteen variants to handle
umpteen different mail services, how about one generalized
version.  I'm still hazy about $MATCH, but here's a possible
algorithm...

(note: I have yet to see this particular message followup via the list,
though I hope to see it soon)

There are many mail services - but only a handful of them have a track
record of being WIDELY used for spam.

I should also note that someone else had posted to this list some time back
about matching from domains to message-id domain portions - but there
were/are too many technical issues with that - here, I mentioned the
application of this for Juno-type mail specifically because of the known
spam problems being FORGED from that domain.

I agree -- making this more extensible would be a Good Thing.  Here's
a possibility using $MATCH:

  :0:
  * ^From: [^(_at_)]+@\/[^ ]+[ ]+
  * !^(Received|Message-Id):.*$MATCH
  couldbespam

As you noted below, this From match is too generic - this sort of rule
would suspect too many messages as potential spam (for instance, many
people with virtual domain services - their FROM contains their registered
domain, but the message-id is likely to contain the domain of their host
ISP).  My offering was specific to the spam-prone addresses of Juno and
Hotmail (and some others), knowing that currently there are many people
doing simple trashcan filters on these domains.

(Not that I have a problem with trashcanning domains - I've got a heckuva
list of domains I now trashcan)

What procmail does it take whatever is to the right of "\/" in the
regular expression and set it to $MATCH.  So in the above recipe,
it pulls everything that's to the right of the first @ sign up
to the next space, which ends up being the hostname/domain name.

How about:

:0:
* ^From: [^(_at_)]+@\/(juno\.com|hotmail\.com|prodigy\.com|prodigy\.net)
* !^(Received|Message-Id):.*$MATCH
couldbespam

(I haven't the slightest if this will work with $MATCH properly though)

Addition of the recieved header is interesting, but I wonder how that would
affect suspect mails in general?

---
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.

 Sean B. Straw / Professional Software Engineering
 Post Box 2395 / San Rafael, CA  94912-2395

<Prev in Thread] Current Thread [Next in Thread>