How about a test like this:
NUMBERSINMAILFROM
It would be similar to SUBJECTSPACES but would count the amount of
numbers in the mail from address. You could then configure
it for say if 10 or more,
add 5 to the weight and so forth.
John,
We already look for sender-addresses
] New test request
How about a test like this:
NUMBERSINMAILFROM
It would be similar to SUBJECTSPACES but would count the amount of
numbers in the mail from address. You could then configure
it for say if 10 or more,
add 5 to the weight and so forth.
John,
We already look
Any thoughts, good or bad?
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
Sent: Tuesday, September 09, 2003 10:32 PM
Any thoughts, good or bad?
It's one that we do hope to add. It's not foolproof (such as
[EMAIL PROTECTED]), but would be useful in helping catch spam.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude
That would work great at detecting old Compuserve accounts :)
I'm not convinced that this would be a very clear marker for spam
though (depends on what the automated real stuff does), but you could
probably set up a filter to test the theory
First create a filter file test and score it as a
Sorry, I've no great insight on the positive uses of this test, but I can
point out another exception. E-mail enabled pagers and RIM Blackberries
often have their phone number as the e-mail address @TheProviderDomain.com
instead of or in addition to the subscriber's name.
Andrew.
---
[This
Title: Message
maybe
a bad idea -
We send out
e-mail that has a Variable Return Address, so that we can handle bounces
well. In our case, that address is a combo of letters and numbers (lots of
numbers sometimes). And, we work hard to make sure our mail is all
requested!
Other legit
] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
Sent: Wednesday, September 10, 2003 12:32 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [Declude.JunkMail] New test request
Sorry, I've no great insight on the positive uses of this test, but I can
point out another exception. E-mail enabled
Here's some examples of mailing lists that have lots of numbers (and
letters) in the MAILFROM. You may find that you'll have to put in a
counterweight everytime a user reports that they're missing mail when they
sign up for a newsletter.
Andrew 8)
p.s. I've deliberately munged the addresses a
Dan Patnode wrote:
Good point,
The goal then should be to differentiate numbers used as codes from numbers used to confuse. The former tend to be contiguous while the later (in my experience), tend to be mixed in with letters. Perhaps if the test counted numbers with letters on both sides?
JT Pagers have 10 numbers, so I would actually start at either 11 or 15.
JT An old CompuServe address will most likely not be failing other tests to
JT where this one would put it over. How many numbers do those addresses
have
JT in them?
Nine digits, e.g [EMAIL PROTECTED] (that was mine for 5
I wouldn't consider that to be spam. Amazon? Travelocity? Yahoo
Groups?
Most of these are opt-in sources (by way of membership or purchase),
and doing the bounce test that they are doing is in fact responsible
use of commercial E-mail. If you are going to monitor for failed
receivers, that
MB GIBBERISHSUB filter C:\IMail\Declude\GibberishSub.txt x 1 0
MB SUBJECT2CONTAINSqb
(snip)
This looks good, Matthew.
The weight is low enough to be cautious, and I suspect the only false
positives you will get are on subject lines with that raw
=?ISO-8859-1?B?UmU6U2lsZG stuff.
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
Sent: Wednesday, September 10, 2003 1:35 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [Declude.JunkMail] New test
Thanks Andrew...I like my apples :)
Some stuff could be put back in that I took out while testing the filter
for the body before I found out that it caught attachments. I was
careful to take out things like ql because of MSSQL, and I searched a
dictionary file for matches on the other strings
Wow, what a sweet idea Matthew! Applying rules of English (like Q is always followed
by U) to look for gibberish. :)
Yea, so long as BODY searches attachments, any small code will sooner or later show up
in an attachment. I've even had problems trying hard tests for complete words where
an
16 matches
Mail list logo
