On 12/20/18 6:16 PM, Amir Caspi wrote:
I never intended for the rule to be applied on its own, but far more likely that it would become part of a meta rule with other spammy indicators.
Ah. That makes more sense.That being said, it is your server and you're free to run it however you want.
That said, you're absolutely right -- I interact with a bunch of gov folks and forgot about the middle initial being commonplace in the address.
;-)
Typically that middle part is just one letter for the initial, so one
could change the rule to require at least two word characters between
the dots. That is:
headerAC_FROM_MANY_DOTSFrom =~ /<(?:\w{2,}\.){2,}\w+@/
You could do something like that. But I think that you're making the rule more complex (which is okay) but I'm not convinced that's necessarily a good thing.
I think I'd be likely to have people pick a number of dots that they think is reasonable (possibly with a default) and then take the log base that number of the number of dots in the message. Then I'd add that result to the spam score. If I could do such.
Perhaps this is still too generic, and three dots should be the minimum... but that's what the sandboxing will hopefully tell us. And part of the sandboxing will also hopefully tell us if this works well as a meta -- I absolutely and wholeheartedly agree that the rule _by_itself_ is not a good spam indicator at all... but combined with other indicators, it might well be.
;-)
Grant, how many of your legit emails would hit the above rule, requiring more than one letter (i.e., more than just a middle initial) between the dots?
I don't know. I'm re-running the command to scan my mailbox extracting From: addresses. (I'm logging to a file this time.) I'll do some analysis and let you know.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
