Tony> I think messages like this are better countered with other
Tony> techniques (that trojaned machine could well have been on a
Tony> blacklist somewhere, for example, or we can check out the content
Tony> of the URL, as the experimental slurping options do).
Another one that's occurred to me recently is a simple
recognized/unrecognized flag for the email address. Most spam never seems
to come from the same place twice. If you had a database of known addresses
(maybe just specified a list of mailboxes from which you know/assume the
emails are valid), most spam would get an unrecognized token. Over a fairly
short time that would become a very spammy indicator. Just one more token,
I know, but probably one that spammers would have trouble working around.
BTW, is it just me or is there a current virus storm assaulting the net?
Skip
_______________________________________________
[email protected]
http://mail.python.org/mailman/listinfo/spambayes
Check the FAQ before asking: http://spambayes.sf.net/faq.html
