Cool How would you do .............?
\nfrom: "?Target Bank <except when> the email address is <@targetdomain.com> (which will be validated by SPF already) It's a small amount of text to test and won't be a huge list of domains to test against so CPU won't hurt too much. You're quite right about most spam having multiple mistakes, that's why I like to use scoring so it takes at least two mistakes to trigger. That gets 99.9% but it's that other 0.1% I'm after. People don't mind getting the odd v14gra spam sneak thru (Some of mine have complained because they aren't getting them) but imho they will measure the quality of yours/our/my work on our performance against the scammers. Bob -----Original Message----- From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] Sent: Thursday, 3 November 2011 10:33 p.m. To: ASSP development mailing list Subject: [Assp-test] Antwort: Re: Antwort: Re: Antwort: Re: changes in assp 2.1.2 build 11306 Using a regex should be the last choice. Spammers often doing alot of other mistakes - try to setup the early checks (helo, black domains, ip blocking, sender validation) , spf and penaltybox in a way to catch the spam. If this is not possible - in your case - use bombHeaderRe. \nfrom: "?Target Bank or (more CPU intensive) \nfrom:\s*"?\s*Target\s+Bank Thomas Von: "Bob Berryman" <b...@sanlogan.com> An: "'ASSP development mailing list'" <assp-test@lists.sourceforge.net> Datum: 03.11.2011 09:28 Betreff: Re: [Assp-test] Antwort: Re: Antwort: Re: changes in assp 2.1.2 build 11306 Hey Thomas I am totally impressed with how responsive you've been and how awesome this software is. I started five years ago with ASSP but this is my first experience with v2x and it's a whole new animal. Now being cheeky with another thought, anticipating the next move by the scammers, If we could test the name part of the from header, ie FROM: "Target Bank" <someb...@someotherdomain.com> with a regex we would just about have them screwed :-) Cheers.............Bob -----Original Message----- From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] Sent: Thursday, 3 November 2011 8:58 p.m. To: ASSP development mailing list Subject: [Assp-test] Antwort: Re: Antwort: Re: changes in assp 2.1.2 build 11306 >So why isn't strictSPFRe applying here ? yes - incase of strictSPFRe spfValencePB should be used. I never saw this, because I use (the IMHO better and more logical blockstrictSPFRe). This will be changed. Thomas Von: "Bob Berryman" <b...@sanlogan.com> An: "'ASSP development mailing list'" <assp-test@lists.sourceforge.net> Datum: 03.11.2011 07:31 Betreff: Re: [Assp-test] Antwort: Re: changes in assp 2.1.2 build 11306 ><x...@yyyyy.com> to: xx...@xxxx.ac.nz [scoring] SPF: neutral (cache) >ip=60.234.67.203 mailfrom=x...@yyyyy.com helo=mta1.xxxx.com So why isn't strictSPFRe applying here ? >>No, spfnValencePB is right, because the state is 'neutral' in 'SPF: >>neutral (cache)'. >>Thomas ---------------------------------------------------------------------------- -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ---------------------------------------------------------------------------- -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
