On 4 Feb, dman(_at_)nomotek(_dot_)com wrote:
| [...] I also
| had some mail from the German eBay customer service dept., though,
| that included what had once been an IP address in the lowest
| Received: header, which IP had been munged to four literal dotted x's
| inside brackets. And the Message-ID was creepy, too.
Be real careful with this kind of stuff. Normally I wouldn't presume
to tell you something like that. I suspect you've been around even
longer than I have. ;-) But you mentioned ebay being a relatively new
experience. There have been a number of ebay scams with domain names
that are very ebay-like but are not ebay. There has been at least one
similar one with paypal also. The ruse usually is disguised as a
customer service request asking for personal info. I'm sure you're
experienced enough to understand and navigate those risks, but the one
you describe sounds really wierd.
| Yes. Well, certain addresses of mine are reserved for eCommerce.
| Those get an extra boost in my $TRUST heuristic, and are thus
| excluded from as hard scrubbing in the spam seives as are other
| types of messages. If the address goes bad altogether (this has
| happened once so far, because I was foolish enough to use it in
| a web site's guest book), I retire it, and it goes in my (very
| small) blacklist.
My regimen is similar, but a little more draconian. I tired of chasing
my tail with content filters - mostly, I'm sure, because I'm not as
accomplished as some of the rest of you. I get so twisted up when the
crap gets through (which doesn't speak well of me, but is the reality)
that I stepped up the defenses a level up. Almost every list, web
site, etc. where I use an email address, I use a different alias. As
soon as spam comes to one of those aliases, I turn it off and
resubscribe with a new one, if appropriate. When I create a new alias,
I also create a new virtusertable entry, and each of the 3 domains I
take mail for has a catch-all "@domain.tld error:nouser User unknown"
entry. (With this list, I'm a little more proactive and change the
subscription ~ weekly. I'm half way to automating it completely.) In
other words the recipient addresses are effectively whitelisted and
everything else gets bounced by sendmail. My private address for family
and friends is never used publicly and I've only had to change it once
in the last two and a half years. I'm turning away about 15 messages a
day that can only be spam, which also has a positive side effect. It
works as an early warning system for new spammer domains when they come
on line, and they get put in the access.db. I'd say fewer than 1 spam
a month gets through.
Now trying to get it back to something resembling on topic. What does
get delivered goes through some pretty thorough procmail recipes to
identify good mail. I jump through hoops to identify list mail, local
mail, family, friends, and other known good senders, where the bias is
weighted towards acceptance, not rejection. Very few messages get as
far as the spam checks that I still maintain, and those that do have
been through so much by that point that they are rightfully treated with
extreme prejudice. I think it's probably effectively much like your
$TRUST heuristic.
--
Email address in From: header is valid * but only for a couple of days *
This is my reluctant response to spammers' unrelenting address harvesting
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail