On 8/16/2010 4:05 PM, Jason Haar wrote: > Hi there > > For the past few weeks we've experienced a large increase in missed > spam. It's Pharma-related, one sentence plus a link. > > The interesting features are: > > * every Subject line is different. They're aren't Bayes-busters either - > all Pharma related - but shall we say "innovative" in their use of > English. I do mean every one is different too. I can see one get > through, and if I search for the Subject line in the logs, I see that it > was sent to only one person! This is a level of sophistication I haven't > seen/noticed before > * the single sentence sometimes refers to Pharma - sometimes not > * obviously the SA RBL/SURBL tests don't pick these > > If one gets through and I wait 10-20 minutes and re-run it, it typically > increases it's score from 2/5 to >10/5 - so graylisting would definitely > help. But we don't "do" graylisting. > > There's really not much to chew on with these messages. How are others > dealing with them? Here's an example - it's already been picked up by > network tests - but it demonstrates the format > > http://pastebin.com/W6wXq4RX
Since you only give one example, it's hard to find a good pattern to match on. If all of them are going to .ru urls, you could write a rule for that. The best thing to do is to take a look at several examples and try to figure out what they have in common. -- Bowie