tracking spam (was: Re: SOME ITEMS THAT YOU MAY BE etc...)
* David Bishop <email@example.com> spake thus:
> This reminds me, has anyone implemented a mail filter that will trash
> anything with all caps in the subject? If so, what's the false positive
> rate? I can't remember the last "legit" email I got with all caps, but I
> don't really want to take the step of just filtering it all without
> reassurance :-)
> Of course, I just realized that anyone with that filter in place wouldn't be
> receiving this mail B-)
A small spelling error in my procmail recipe to filter out such mails
made this message appear at my end. It is now fixed, and it looks
something like this:
# If the message has no subject, or it consists entirely of spaces/tabs,
# it's most likely spam; otherwise extract the subject but dump any
# occurrence of Re:/fwd:/SV: in the beginning of the subject and send it
# to the second part of this recipe which will check whether the
# extracted part contain any lower-case characters.
# Thanks to David W. Tamkin for this technique.
* ! ^Subject:[ ]*((re:|fwd:|fw:|sv:) ?)+\/.+
* ! ^Subject:\/.+
# if the subject exists but does not contain any lower case characters
# at all, then the message is surely spam.
* ! MATCH ?? [a-z]
I have lately spent some time developing a quite intelligent spam-
tracking implementation entirely in procmail that is based on
scoring and currently cathes almost all of my spam without the use of a
blacklist (although creating both white- and blacklists are easily done
without hand-editing any files; simply send a mail to yourself) and with
very few false hits. It is highly configurable via setting variables on
the top of the file, and it adds a header to the mail with the reasons
behind its spam-marking. I will be posting it here when I am a little
more confident that it works correctly... (unless there is a mass
protest against me doing so that is...)
PS: the filter also intercepts follow-ups to the original spam mail
(including this one), since these tend to be more annoying and
numerous than the original spam at mailing lists like this one...
Registered Linux User 107343
``Oh, how I wish `undo' was ported to everyday life.''