> -----Original Message----- > From: Karsten Bräckelmann [mailto:[EMAIL PROTECTED] > Sent: Wednesday, 20 February 2008 3:33 p.m. > To: users@spamassassin.apache.org > Subject: RE: Suggestions to block this spam > > On Wed, 2008-02-20 at 14:26 +1300, Michael Hutchinson wrote: > > You'll be lucky to catch them on anything other than phrase matching, as > > they're very simple in design, those spam messages. Much like the > > "downlooadable sooftware" one's we used to get. To a program, there's > > not much that looks like Spam about these messages. > > This is not true. :) I posted a meta rule that doesn't even look at the > body earlier. > > Also, while URIs arguably could be considered "phrase matching", I > personally don't. Cause I don't even care about the content or > advertising phrases at all, but sniper these annoying, abused domains. > > The quite characteristic HTML markup and the fact that this stupid > spammer uses all lower-case, single word subjects exclusively makes them > identifiable without matching on phrases. The almost constant length of > both multipart/related MIME parts and its overall structure of 2 blobs > gives another hint. Score if all are true. > > Plus, the various blacklists, identifying the sending machines as > zombies and the MX handing over IP as end-user intended.
Ah yes, I saw that one earlier on. I hadn't employed it as my phrases are working well, but I do intend to tweak a meta based on the one you posted, once I've had time to fully test the CLIENT_TO_MX part :) Cheers, Michael Hutchinson
