Hi, > I'm now receiving spam that contains little more than a URL that keeps
> > it from matching my "body uri only" rules because of a little > > additional junk in the body, and apparently is sent from legitimate > > compromised yahoo accounts, resulting in -2.4 points being subtracted. > > > But this isn't Yahoo - weirdly, it looks like its faking Hotmail. Its > been sent through Hotmail but neither the Message-ID not the Return-Path > match a Hotmail origin. > Yes, that's what I meant but somehow typed yahoo. > You might get somewhere with a meta combining those or 'doing a Yahoo > FS' with a rule that fires if Sender domain != Message-ID domain, but > you'd need to check several messages to see if that looks reliable. OTOH > you might see a common factor in the message bodies that is worth > writing a rule for. > Considering my typo, I'll investigate possibly creating a body rule, unless someone else has some possible suggestions for how to do this. > Everybody's spam stream tends to be different: for the last couple of > weeks I've been seeing pump-and-dump equity spam and sex medication > offers which both are causing the BOBAX-GEN3 rule to fire and its all > ending up in the bit bucket where it belongs. > I'm starting to see a lot of "new garden hose" spam, and still getting the "2012 Cars" spam. Thanks, Alex
