On Wed, 29 Apr 1998 00:28:41 +0200, Paul Ashton
<paul(_at_)argo(_dot_)demon(_dot_)co(_dot_)uk> wrote:
One thing I've thought of is scanning the Received lines
for the domain in the From: line. If it is not there at
all, then junk it. i.e. my mail server didn't receive it
from their domain, neither did they forward it to a
smarthost that contains their domain either. Sounds like
quite a good bet. Anyone got a procmail filter for that?
You won't find "iki.fi" in the Received: lines of mail from me.
Similarly for a lot of iname.com domains, lots of Hotmail and
Mailexcite users (YMMV there, there's a lot of spam with forged
Hotmail addresses, of course) ... It might also produce mismatches on
an intranet where hostnames are unqualified but the MUA adds a fully
qualified domain name to the user's address.
Having said that,
# Define a "macro" to make the recipe simpler
# Negated character class consisting of
# open broket, close broket, space, tab, at sign
N="[^<> @]"
# The same plus period
Q="[^<>. @]"
# The expression grabs what it thinks looks like a domain name
# The grab gets one character too much, so the MATCH is trimmed down
:0
* $ ^From:(.*[ <])?$N+@($Q+\.)*\/$Q+\.$Q$Q$Q?$Q?([> ]|$)
* MATCH ?? $ ^^\/.*$N
* ! $ ^Received:.*\<$\MATCH\>
spam
This is not tested very thoroughly. The domain name grabber is
certainly written rather optimistically, but I hope it works with most
commonly seen address formats. (Don't show it to Eli though. :-)
/* era */
--
Paparazzi of the Net: No matter what you do to protect your privacy,
they'll hunt you down and spam you. <http://www.iki.fi/~era/spam/>