Re: why not doing a test that checks "name"-<email address> pairs

On Fri, 17 Aug 2007, aag_uk wrote:

> These message are addressed to many people in my domain but the
> names before the email address are random. To explain it more
> clearly, for example, the recipient in the TO field is something
> like this: "John" <user1@mydomain.com>. Very ofter the CC field
> includes other recipients like: "Peter" <user2@mydomain.com>;
> "Mike" <user3@mydomain.com>; etc... The think is that the email
> recepients (user1, user2, user3,...) are real, they exist in my
> domain, but the names "Peter, John, Mike" have nothing to do with
> "user1, user2, user3", they are picked randomly.

(1) Check your MTA options. Some allow you to configure rejection of a message after X number of invalid recipients are given.

(2) Consider a rule that adds a point if more than X names appear in the TO: and/or CC: headers. Here are mine (20 is the limit):

describe TO_TOO_MANY To: too many recipients
header   TO_TOO_MANY To =~ /(?:,[^,]{1,80}){20}/
score    TO_TOO_MANY 1.50

describe CC_TOO_MANY Cc: too many recipients header CC_TOO_MANY Cc =~ /(?:,[^,]{1,80}){20}/

--
 John Hardin KA7OHZ                    
http://www.impsec.org/~jhardin/
 jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  A sword is never a killer, it is but a tool in the killer's hands.
                          -- Lucius Annaeus Seneca (Martial) 4BC-65AD
-----------------------------------------------------------------------
 8 days until The 1928th anniversary of the destruction of Pompeii