On Fri, 10 Apr 1998 22:26:28 -0400, Walter Dnes
<waltdnes(_at_)interlog(_dot_)com> wrote:
RFMS ("Rapid Fire Mail Server" aka Rude F!!!ing Mail Spammer) is
spreading. Fortunately, its "Received: from" headers leave a
telltale pattern.
(Your pattern is fine, but it's not an RFMS pattern. The regularity
you note has been a spammer trick for a long time. The "neat" thing
about RFMS is it doesn't force the user to forge anything, and so it
specifically +doesn't+ leave any easy-to-use stigmata in the headers.
However, you can usually be pretty sure anything injected directly
from a POP is spam. Ron Guilmette posted a huge list of POP patterns
to Spam-L recently; he said it wasn't complete yet but if anybody
wants a copy of his message, just mail me. The regexes are not in
Procmail format but transforming them should be a simple task.)
/* era */
--
Paparazzi of the Net: No matter what you do to protect your privacy,
they'll hunt you down and spam you. <http://www.iki.fi/~era/spam/>