Bill McIntyre's KISS motto reminds me of Einstein's aphorism to make 
things as simple as possible, but no simplier.

Creating mail actions based on message titles is a losing game as 
spammers resort to creative spelling, e.g [EMAIL PROTECTED] I prefer to focus on 
message text and mailing addressess. As you know Emailer can't read html 
and the vast majority of spam is sent as html. Emailer usually presents 
an empty message body with an "enclosed.x.html" when it encounters 
html-based mail. In my situation this spam 99% of the time. Create a 
filter in your Spam mail action that checks for an empty message, routes 
the mail to a "potential spam" folder and assigns it a priority. In my 
case I assigned any message containing nothing in the body the lowest 
priority (20). other rules include searching text for "HREF", "HTTP", 
then routing to spam folder with a 20 priority.

This should catch most spam.

You can add more filters to that rule based on your specific situation. I 
have added filters that check for the name of most African countries in 
the message body (for obvious reasons) and routes them to spam folder 
(hereafter SF) with a 20.

Tracking by the sender's email address is trickier; I used to assign as 
spam all messages ending in .ru (for Russia); but we now have customers 
in Russia and the Russian-based spammers have discovered open relays and 
are otherwise disguising their country of origin. My solution was to add 
my Russian-based customers to my address book, which is my first mail 
action and sends known, valid messages to the proper folder.

My experience is the vast majority of addresses ending in .biz are spam. 
So they get a filter in the spam mail action.

After each email session, I open the autolog file and click on priority. 
Messages are filed from highest to lowest. Virtually all mail colored red 
is spam.

HTH

bevon

___________________________________________________________________________
To unsubscribe send a mail message with a SUBJECT line of "unsubscribe" to
<[EMAIL PROTECTED]>  or  <[EMAIL PROTECTED]>

Reply via email to