Sniffer is your best bet for this type of thing - it's an active update so if somthing slips through they add it to the next ruleset. Maintaining your own set of rules is a daunting challenge because they will misspell this stuff differently each day to duck through filters.
My recommendation is to vaporize the entire hardgiants.info domain by blocking any message with that text in the body. They are forging several of our domains on this one, so I'm trying to report everything to Spamcop that has the full text of the bounce message including the IP. They're using MXs from all over, including AOL somehow. ----- Original Message ----- From: "Aaron Moreau-Cook" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, February 08, 2003 1:38 PM Subject: [Declude.JunkMail] Dealing with Nasty Spams > Second, has anyone found a effective way to deal with this type of spam? > This e-mail apparently was under our HOLD limit of 10, so it was forwarded --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
