I am thinking of the mechanics of chain mail. The intent of these hoaxes is that they propagate: that they are propagated by humans.
Typically they have a lot of addressees, and within them they have a nesting of quoted emails, also with a lot of addressees. Mail to a group such as this will often have quoted emails, but their addressees will largely be members of the group. If at all, only the first will contain e-mail addresses outside of the group. If at all, an addressee outside the group will be rare. Therefore, a filter based on examining the addressees, current and historic, and comparing those with those of the group, should be quite effective. If a suitable filter is found, we might offer it to other groups, for they are liable to the same damage. - Roger - ----- Original Message ----- From: "Stephan Tinnemeyer" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, December 04, 2001 12:00 PM Subject: Re: Hoax filter [was: Fwd: Fw: PLEEEEEEEASE READ!!!] > Mark, > > the first thing I thought when I read the subject was: "Oh, no! Another > one who overread this lot of 2 pence to this thread and Curtis' request > to stop it finally..." > > But now to the new subject :=) > > It should be very simple to filter out a certain hoax: you just have to > look for certain email addresses which may have to be updated from time > to time. But this would not help generally. > > I see some things hoaxes have in common: > > 1. Every hoax, the starting mail - if there was such - excepted, is forwarded. > This is very characteristic because the sender always refers to some > 'expert'. Forwarding can be traced out in the subject and in the body of > the message. > > 2. Most hoaxes are sent with a lot of 'carbon copies' (CC) either the > message itself and/or the forwarded message. Therefore, this can be > traced in the header and in the body or in the header of the > attached/forwarded mail resp. > > 3. In my experience, mails with 'yelling' subjects, i. e. capital > letters and rows of exclamation marks, are very suspicious of being > hoaxes or spam. > > I guess to protect a mailing list it should help a lot just to disallow > forwarding to the list. There are, of course, cases when a subscriber > wants to present a question of a friend to the list but this could be > done by quoting as well. Anyhow, it is frequently the better way not > just to forward in any technical way what the friend has mailed but to > reformulate the question. Forwarded messages, however, should not only > be blocked but answered with an autoreplier which explains why > forwarding is disabled and what hoaxes are. > > Cheers > > Stephan > > If you want to reply to this message, please, do not forget to delete > the last part of the subject: "[was: Fwd: Fw: PLEEEEEEEASE READ!!!]"! > *This* thread is ended. Thank you! > -- > Dipl.-Chem. Stephan Tinnemeyer > Lindenallee 20 > 24105 Kiel > Germany > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
