Hi,
I've noticed a bunch of spams coming in recently that have no To: and
Subject: and have cobbled together the following rule to combat them.
Any feedback would be appreciated.
# Message has empty To: and Subject: headers
# Likely spam
header __LW_EMPTY_SUBJECT Subject =~ /[[:space:]]$/
meta LW_EMPTY_SUBJECT_TO (__LW_EMPTY_SUBJECT && MISSING_HEADERS)
describe LW_EMPTY_SUBJECT_TO Message has empty To and Subject headers
score LW_EMPTY_SUBJECT_TO 2.5
If anyone would like to test this as part of the mass corpus, please
feel free to do so. I am curious to know how it performs.
Regards,
Lawrence Williams
LCWSoft
www.lcwsoft.com
