tracking spam (was: Re: SOME ITEMS THAT YOU MAY BE etc...)

To: debian-laptop@lists.debian.org
Subject: tracking spam (was: Re: SOME ITEMS THAT YOU MAY BE etc...)
From: Stig Brautaset <stigbrau@start.no>
Date: Thu, 24 Jan 2002 01:40:09 +0000
Message-id: <[🔎] 20020124014009.E17064@arwen.brautaset.org>
In-reply-to: <[🔎] 200201240017.g0O0Heo01631@mail-srv1.micron.com>
References: <E16TXSw-0004RA-00@master.debian.org> <[🔎] 200201240017.g0O0Heo01631@mail-srv1.micron.com>

* David Bishop <tech@bishop.dhs.org> spake thus:
> This reminds me, has anyone implemented a mail filter that will trash 
> anything with all caps in the subject?  If so, what's the false positive 
> rate?  I can't remember the last "legit" email I got with all caps, but I 
> don't really want to take the step of just filtering it all without 
> reassurance :-)
> 
> Of course, I just realized that anyone with that filter in place wouldn't be 
> receiving this mail B-)

A small spelling error in my procmail recipe to filter out such mails
made this message appear at my end. It is now fixed, and it looks
something like this:


# If the message has no subject, or it consists entirely of spaces/tabs,
# it's most likely spam; otherwise extract the subject but dump any
# occurrence of Re:/fwd:/SV: in the beginning of the subject and send it
# to the second part of this recipe which will check whether the
# extracted part contain any lower-case characters. 
# Thanks to David W. Tamkin for this technique.
:0 
* ! ^Subject:[   ]*((re:|fwd:|fw:|sv:) ?)+\/.+
* ! ^Subject:\/.+
spam

# if the subject exists but does not contain any lower case characters
# at all, then the message is surely spam.
:0 ED
* ! MATCH ?? [a-z]
spam

I have lately spent some time developing a quite intelligent spam-
tracking implementation entirely in procmail that is based on
scoring and currently cathes almost all of my spam without the use of a
blacklist (although creating both white- and blacklists are easily done
without hand-editing any files; simply send a mail to yourself) and with
very few false hits. It is highly configurable via setting variables on
the top of the file, and it adds a header to the mail with the reasons
behind its spam-marking. I will be posting it here when I am a little
more confident that it works correctly... (unless there is a mass
protest against me doing so that is...)

PS: the filter also intercepts follow-ups to the original spam mail
    (including this one), since these tend to be more annoying and
    numerous than the original spam at mailing lists like this one...

Stig

-- 
brautaset.org
Registered Linux User 107343

``Oh, how I wish `undo' was ported to everyday life.''

Reply to:

Follow-Ups:
- Re: tracking spam (was: Re: SOME ITEMS THAT YOU MAY BE etc...)
  - From: Jacques L'helgoualc'h <lhh@free.fr>

References:
- Re: SOME ITEMS THAT YOU MAY BE INTERESTED IN OR BE ABLE TO ADVISE ME ON
  - From: David Bishop <tech@bishop.dhs.org>

Prev by Date: Re: SOME ITEMS THAT YOU MAY BE INTERESTED IN OR BE ABLE TO ADVISE ME ON
Next by Date: Re: Dell Latitude C810: Xserver problems and installation page
Previous by thread: Re: SOME ITEMS THAT YOU MAY BE INTERESTED IN OR BE ABLE TO ADVISE ME ON
Next by thread: Re: tracking spam (was: Re: SOME ITEMS THAT YOU MAY BE etc...)
Index(es):
- Date
- Thread