Jason Little wrote:
I just wrote my own rule
Called it wrotesub.cf
header LR_WROTE_SUB Subject =~ /\bwrote\b\:/i
describe LR_WROTE_SUB Wrote in Subject
score LR_WROTE_SUB 3.0
Jason Little
Network Admin
Mint Inc
-----Original Message-----
From: John D. Hardin [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 28, 2006 10:25 AM
To: Jonathan Nichols
Cc: users@spamassassin.apache.org
Subject: Re: Loads of 'xxx wrote:' Spam
On Mon, 27 Nov 2006, Jonathan Nichols wrote:
I ran sa-update earlier, have URIBL, razor, etc.. and I'm still
getting these slipping through.
It's tempting to add +3 to "wrote:" in the subject.
Do you happen to be using the SARE stocks ruleset? If not, I recommend doing
so.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
27 days until Christmas
I was looking at much of the spam of the last few days and realised that
a continual shoring up of the defenses is a never ending battle that
will never be won by the good side.
As much of the spam contains a method to contact the spammers to "buy"
their product it should be possible to bounce the spam back to them.
Obviously using the return to address will not work in many cases. One
needs to dig through the spam to find the actual contract address if it
is there. Often the addresses spammers use are harvested from web pages
if the spammers actual contract information is buried in various web
pages. The offensive back to them will be very slow starting but as
more and more of them find their own addresses are recipients of spam
and they need to find ways to sort through their own spam to find the
suckers they are looking for spam may become too much of a effort for
them to continue to send.
As each of us would use different addresses the fight back will be
spread over many spammers, yes they can change email addresses but that
too will be an inconvenience for them. Another approach to give the
ones that harvest email address in web pages is to throw in several
false email address to non existent domains. The numerous bounces may
have the effect of causing the various ISPs that allow spam to be sent
to find ways to stop their spamming clients.
Simplistic approach, yes but then it is only one part of an idea to
reduce spam. Even if this suggestion works better than I can imagine it
still will still be a long time before spam filters will no longer be
needed.
