OT: Spammers getting cleverer

To: Debian Users <debian-user@lists.debian.org>
Subject: OT: Spammers getting cleverer
From: csj <csj@mindgate.net>
Date: Thu, 4 Jul 2002 06:05:48 +0800
Message-id: <[🔎] 20020704060548.72016cc0.csj@mindgate.net>

Here's some of the headers of a recent spam, which appears to pass all
test except the MIXED_NUMS part, something which should be fairly common
for users of web mail services.

From: "Dr. George W. Adams" <gadamsy2k2@lycos.com>
To: <debian-user@lists.debian.org>
X-Mail-Format-Warning: Bad RFC822 header formatting in Subject:
Sender: "Dr. George W. Adams" <gadamsy2k2@lycos.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Date: Sun, 30 Jun 2002 14:20:17 +0100
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, hits=1.0 required=4.7 tests=FROM_HAS_MIXED_NUMS version=2.01

Ever since I discovered that Debian inserts an X-Spam-Status header on
"questionable" email (including mine), I have been filtering thru regex
checks like *hits=(3|2).*SUBJ_ALL_CAPS or *hits=(3|2).*NO_REAL_NAME

But the example above is pretty well-behaved. Even the body, which I'm
not quoting, appears to have hard-coded linebeaks.

How do I filter for such sc(a|u)m?

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: OT: Spammers getting cleverer
  - From: Derrick 'dman' Hudson <dman@dman.ddts.net>

Prev by Date: Re: Openoffice requirements question
Next by Date: Getting woody to grab dhcp address on VMware
Previous by thread: Re: Exim 4.0x
Next by thread: Re: OT: Spammers getting cleverer
Index(es):
- Date
- Thread