procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: 1. Useless cat. 2. Counting spams

2002-05-16 18:07:28
from [Alan Clifford] [Permanent Link] 
On Fri, 17 May 2002, Ruud H.G. van Tol wrote:

RHvT>
RHvT> I blacklist on IP-nr/16, see my
RHvT> http://www.xs4all.nl/~rvtol/procmailrc.txt
RHvT>


Do you get any mail at all through that :-)


The concept I'm toying with is to let the spammers automatically censor
themselves.  And doing it with IP numbers seems an interesting route for
me to follow up.

I have a regular source of spam - all email to the address I use in usenet
is spam so these can provide the data to censor themselves when they send
emails to my real addresses (that have leaked out unfortunately).

Over the past few days, I have been collecting the addresses and domains
in a database.  As I suspected, there doesn't seem to be much reuse of
email addresses but the domains are more interesting:


    9 16 May 2002 orgio.net
    8 15 May 2002 dreamwiz.com
    7 16 May 2002 hanmail.net
    6 16 May 2002 lycos.co.kr
    5 16 May 2002 yahoo.co.kr
    4 16 May 2002 korea.com
    4 16 May 2002 excite.com
    4 15 May 2002 adin.be
    3 16 May 2002 kornet.net
    2 15 May 2002 mailrejection.com
    2 13 May 2002 usa.com
    2 13 May 2002 konedu.com
    1 17 May 2002 lycos.com
    1 16 May 2002 ussoft.co.kr
    etc

So the idea is that orgio.net, with 9 spams, last one on 16th May, puts
itself into the blacklist and stays there until the last spam is, say,
over a month old.

And maybe email addresses are recycled over time as well - I can just wait
and see.


Extending this to IP numbers would be interesting.  I'd have to hack these
out of the received headers I guess.  How careful would I have to be?  Is
the earliest header always the one furthest into the email?


Also, I'd also be interest in comments on which "from" header to use.
Currently, I'm using the formail -t header but have just started another
database this evening using the FROM_ header.  There doesn't seem to be
much point in using the formail without_the_t as the spams seem mostly
have a Reply-to: header in them.


Alan



_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: whitelist, Professional Software Engineering
Next by Date:  Re: whitelist, Alan Clifford
Previous by Thread:  Re: 1. Useless cat. 2. Counting spams, Ruud H.G. van Tol
Next by Thread:  DNSBL, Ruud H.G. van Tol
Indexes:  [Date] [Thread] [Top] [All Lists]