procmail
[Top] [All Lists]

Re: Rejecting Obvious AOL Forgeries

1998-03-05 23:00:00
On Wed, 4 Mar 1998, Felix Tilley wrote:

Is this a good way to delete spam that is forged to look like it came from
AOL.  I thought the message-id line was a good way to identify real posts
from AOL, but it is possible to forge the message-id line as well.  I
suspect it will get rid of some of it.

:0
* ^From:.*aol\.com
* !^Message-id:.*aol\.com
/dev/null

Try this instead:

:0
* ^From:.*aol\.com
* ! ^Received:.*aol\.com
/dev/null

If its from AOL, it will definately pass this criteria.  And the few
recent forged aol spams I've examined would fail this.  

Note though, you will lose mail from people who prefer to get their email
at AOL, and thus only use this address.

-- 
There is no such thing as fortune.  Try again.

<Prev in Thread] Current Thread [Next in Thread>