[I tried asking this question a couple of days ago, but I've seen no signs that it made it out to the list -- possibly because the sample e-mail addresses I included in my question might have caused it to be flagged as spam. So here goes again, this time with the addresses mangled a bit.]
I see a lot of spam with "From:" lines where the left-hand side of the address is essentially the same (modulo punctuation) as the "full name" portion of the address. The right-hand side, on the other hand, is a random gibberish domain. A few examples currently sitting in my local server's spam quarantine (with the addresses edited so they hopefully won't trigger any spam checks): Adding To Human Lifespan <adding.to.human.lifespan (at) garciniawiki (dot) com> "Eliminate Fat Fast" <eliminate-fat-fast (at) jeanettejtaylor (dot) com> "Home Warranty Special" <home_warranty_special (at) racerville (dot) com> Smartphone Screen Protector <smartphone.screen.protector (at) dtqmp (dot) com> Two questions: Is it *technically possible* to create a Spamassassin rule which would match this sort of "From:" line? And assuming it can be done, is it *worthwhile* to do it? I do realize some perfectly legitimate "From:" lines conform to this same pattern, and the only way to really tell the difference may be via AI or a real human brain. -- *Rich Wales* [email protected]
