The "[EMAIL PROTECTED]" has been around for a long time. Legitimate mailers (and others) use the format to encode very specific information about their target, presumably so that they can effectively determine the email address when a complaint is made or the sender receives a bounce.
I rarely get a complaint from my users about this kind of spam; I call it "self-inflicted", where someone signs up for a "joke a day" or "daily horoscope" or "diet advice" but they don't read the fine print. They continue to get signed up for similar nuisances in perpetuity; the unsubscribe is real, but only for the current newsletter. They can not get off the "master list". Usually these mailers are in SBL http://www.spamhaus.org/ and also listed in Sniffer http://www.sortmonster.com/MessageSniffer/ as return code 60 "greylist/experimental". If you choose to weight those two tests high enough, you'll successfully block them. SBL is much slower than Sniffer at picking up the same kind of mailing lists from new addresses, so once in a while, they will get through. For those with Declude JunkMail.Pro, a hint of MAILFROM 1 BEGINSWITH bounceto- would also help (change the weight to whatever you're comfortable with, of course). FWIW, my Declude blocked 51 messages with this exact format today, and it's only 10:35 AM. Andrew 8) -----Original Message----- From: Bud Durland [mailto:[EMAIL PROTECTED] Sent: Monday, August 16, 2004 7:36 AM To: Declude List Subject: [Declude.JunkMail] Useful external test? Lately, I'm seeing a bunch spam that has sender address like so: [EMAIL PROTECTED] The host/domain part is variable, but the left-hand part is always 'bounceto', then 5 digits, then 10 digits. I use Junkmail Standard (and hence no fancy filtering). I'm thinking of writing a custom test to look for sender addresses in this specific format. Does anyone else see these kind messages? I'll probably make the test available for download when I've got it working. -- -------------------------------------------------------------------- (After 9/11) We see with sudden clarity what matters and what before was only clutter in the hearts and minds of an overfed populace. Political Correctness -- the art of camouflaging truth to protect the psyches of the silly -- is, after all, a luxury of full stomachs - Kathleen Parker --------------------------------------------------------------------- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --------------------------------------------------------------------- --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
