> Is anyone blocking on the occurance of one or more ^ in a Subject:
header?
> If so, what are your experiences? Most of the spam that is getting
through
> here contains at least one and I don't typically see valid mail with
> one--although I'm sure they are common on the Exponential Math mailing
list ;-)
Lately I have seen a lot of "junk characters" in spam subject lines. The
use of the [EMAIL PROTECTED]&*()`'<>,./?;:'"~ is what I mean by that.
It seems to be an attempt by spammers to bypass filters based off of pure
subject matching.
My question, in reply to yours, is do you think it would be good to aim
for ^, or do you think it would be better to aim for the whole lot?
Obviously there needs to be a limit where 4 or 5 of these characters would
not trigger the REJECT. Then, the mail that goes over the limit would be
slammed.
This would, unfortunately, require the use of match all between the blocks
tested.
So I think the regexp involved would be something along the lines of this:
/^Subject:.*[:^alnum:].*[:^alnum:].*[:^alnum:].*[:^alnum:].*[:^alnum:].*[:
^alnum:]/
Anyone see anything majorly wrong with that? If not, it would be worth it
to test with a "WARN subject_junk ${1}" to see what it hits, and adjust as
needed.
--Eric
