Hosting Provided By

Re: why not doing a test that checks "name"-<email address> pairs

From: aag_uk <aag_uk(at)yahoo.com>
Date: Sat Aug 18 2007 - 02:29:49 EDT

John D. Hardin wrote:
>
> On Fri, 17 Aug 2007, aag_uk wrote:
>
> (1) Check your MTA options. Some allow you to configure rejection of a
> message after X number of invalid recipients are given.
>
> (2) Consider a rule that adds a point if more than X names appear in
> the TO: and/or CC: headers. Here are mine (20 is the limit):
>
> describe TO_TOO_MANY To: too many recipients
> header TO_TOO_MANY To =~ /(?:,[^,]{1,80}){20}/
> score TO_TOO_MANY 1.50
>
> describe CC_TOO_MANY Cc: too many recipients
> header CC_TOO_MANY Cc =~ /(?:,[^,]{1,80}){20}/
>
>

Thanks for your answer, but the spam IÂ´m trying to identify is not about too many recipients, usually itÂ´s only 5 or 6, and they all contain correct email addresses. The thing is that some spammers make up the name that goes before the email address (e.g. "John Smith"<peter@mydomain.com>)

-- 
View this message in context: 
http://www.nabble.com/why-not-doing-a-test-that-checks-%22name%22-%3Cemail-address%3E-pairs-tf4288052.html#a12210954
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Received on Sat Aug 18 02:31:05 2007

This message: [ Message body ]
Next message: Jason Haar: "Query about DNS_FROM_DOB"
Previous message: hamann.w(at)t-online.de: "Re: why not doing a test that checks "name"-<email address> pairs"
In reply to: John D. Hardin: "Re: why not doing a test that checks "name"-<email address> pairs"
Next in thread: hamann.w(at)t-online.de: "Re: why not doing a test that checks "name"-<email address> pairs"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Oct 24 2007 - 19:10:56 EDT