RE: ^^3^^

Udi Mottelo [mailto:uuddii(_at_)eng(_dot_)tau(_dot_)ac(_dot_)il] wrote:

On Tue, 29 Oct 2002, Dallman Ross wrote:

[..]
bloatware.  In my quest to do better than SA on my own, I use
*essentially no* body greps.  I find that I can consistently
catch 99.7% of spam, with very few false pozzes, using only
header matches.  I don't even look for $$$$$$$ or !!!!!!! or


      But, in most cases egreping from the machine memory is more
      fast then digging the network for false IP numbers, isn't?


Yes, which is why I don't dig the network for false IP numbers,
either.  I simply don't need to.

Study the headers.  Meditate on the headers.  If things don't gestate
right away, let them sit for a day and then go back.  Sleep on them.
Sleep with them.  Embark on your trip to Shambala with them.  What
is different about this mail?  Why is this mail different from
all other mail?

When a piece of mail comes that baffles me as how I should
approach it, I stare at the headers and run through my mantra
until enlightenment comes.  Sometimes I put it away and go
back the next day.  I am looking for heuristics -- heuristics
that make sense in consideration of the programmer's bugaboo,
*elegance*.  Once I have a working heuristic, I can design the
algorithm for it in procmail.  I try to keep sooty shortcuts
away.  If I see a From_ line of "spam-marketers.com", I don't
automatically think, wow, I could just put that in a blacklist.
No, that's easy, but it's not elegant.  If I go that route,
I'll be adding to my blacklist until Kingdom-Come.  No, I'd
rather find out that these jokers have an illegal Message-ID:
or always fake yahoo in the counterfeit bottom Received:
header or something else -- something that I can get my teeth
into and find in lots of other, equally spammy mail.

So, back to Mike's question of this morning about whether I might
have other goals that stop me from being satisfied merely with Spam-
Assassin, yeah: I guess I'm on a quest.

        :)

-- 
Dallman Ross


"If you find a path with no obstacles, it probably does not lead to
anywhere."
        Thoughts of Rev. Sunnan Kubose, from _Zen in the Markets_ 


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread]	Current Thread	[Next in Thread>
Re: ^^3^^, (continued) Re: ^^3^^, Professional Software Engineering Re: ^^3^^, David W. Tamkin RE: ^^3^^, Dallman Ross Re: ^^3^^, Professional Software Engineering RE: ^^3^^, Dallman Ross RE: ^^3^^, Mike Loiterman RE: ^^3^^, Dallman Ross SA vs procmail (Was: RE: ^^3^^), Tony L. Svanstrom Re: ^^3^^, Ruud H.G. van Tol RE: ^^3^^, Udi Mottelo RE: ^^3^^, Dallman Ross <= Re: ^^3^^, LuKreme RE: ^^3^^, Dallman Ross