>...
>Point taken, but I still think it would be a valid test.
>Like all SpamAssassin tests it should only be one of many indicators.
>In particular all the ones that I receive I would expect to have "Mike" or
>"Michael" in the description of my email address.
>I would also like to be able to pick out those from "Microsoft Support"
>which are not from microsoft.com and other typical phishing mails.
>...
What I think would be good is something to check the recipient
description against the local known proper one. Example: today one
spam trapped useda a line of "To: "03/13ss" <[EMAIL PROTECTED]>", which
I can tell immediately could never be valid.
Obviously, this would have to use either a database of something
like a LDAP (or heaven forbid YP or NIS) lookup for its descisions - Still
I see about 8-12% of incoming spam with obvious mismatches of the recipient's
description.
I feel Matt is correct, there is no good way to match the sender's
description, strange account names completely divorced from the description
are *far* too common (some large corporations I have dealt with generate
meaningless random names then have the employees use Firstname.Lastname@
aliases, but the random names "leak" in replies).
Paul Shupak
[EMAIL PROTECTED]
