On 3/23/2005 12:01 PM, Matt wrote: > Another thing is I have several domains. One is from our dialup ISP 10 > years old. It has several email addresses that are dead and receive > nothing but junk and lots of it. About 20 pieces or more an hour. Is > there anyway I can use these to improve the effectiveness of > Spamassassin?
Add them to your cf with a "blacklist_to [EMAIL PROTECTED]" entry and they'll make good spamtraps for other recipients of those same messages (but will have no effect on recipients of other copies that were sent under separate cover). You could also write the message-id and/or envelope sender (among other things) and deal with secondary copies that way. One thing I'm noticing more of lately is that some spam will come from three or four sources all at once, which is presumably happening because somebody has submitted the spam and mailing list to multiple trojaned PCs, so my spamtraps are having a little bit less success lately, but they still work very well. You can also use the messages to feed a ~global bayes training process if you're willing to accept the possibe side-effects of one-dimensional training. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
