Yeah, kerry_nice is part of [EMAIL PROTECTED]
Whatever company that does these particular spams,
they only address it To: [EMAIL PROTECTED], I'm
the only recipient, and the subject is something like
'hello kerry_nice, get free stuff'. This one you can
match the to and the subject, because gettin
On 09 March 2002, Kerry Nice said:
> #this one will only work for me, but if it there, it
> is 100% GUARANTEED to be spam
> #not sure how to make a general case for this
> header KERRYSUBJECT Subject =~ /kerry_nice/
> describe KERRYSUBJECT Personalized subject for
> Kerry based on email
For these particular customizations, the To: and the Subject will have
the same name, with my address being the only one in the To and no CC
addresses.
These are the only two variations I find in my spam archive for these:
To: [EMAIL PROTECTED]
Subject: Hello, kerry_nice Absolutely Free Web-Ca
On Saturday 09 March 2002 09:39 pm, Rob McMillin wrote:
> Kerry Nice wrote:
> >#this one will only work for me, but if it there, it
> >is 100% GUARANTEED to be spam
> >#not sure how to make a general case for this
> >header KERRYSUBJECT Subject =~ /kerry_nice/
> >describe KERRYSUBJECT
Kerry Nice wrote:
>Here are some rules I added to my local.cf that seem
>to be catching a few things.
>
>#Seems to be a broken bulk mail program that puts some
>of the headers in the email body
>rawbody MESSAGEIDINBODY /^Message-Id:
><.*\@message-Id>$/
>describe MESSAGEIDINBODY Distictive Mess
Here are some rules I added to my local.cf that seem
to be catching a few things.
#Seems to be a broken bulk mail program that puts some
of the headers in the email body
rawbody MESSAGEIDINBODY /^Message-Id:
<.*\@message-Id>$/
describe MESSAGEIDINBODY Distictive Message ID in
email body
score
On Thu, 7 Mar 2002, Matthew Cline wrote:
> And now a bunch of spam matching rules:
>
> body READ_TO_END/read this (?:e-?mail )?to the end/i
> describe READ_TO_ENDYou'd better read all of this spam!
I see a lot of slight variation on
It is important that you read t
On Fri, 8 Mar 2002, David G. Andersen wrote:
> Matthew Cline just mooed:
> > First a few rules to match non-spam:
> >
> > body SIGNATURE_DELIM/^-- $/
> > describe SIGNATURE_DELIMStandard signature delimiter present
> >
> > While there would be no effort in faking this, it
On Friday 08 March 2002 12:42 am, Rob McMillin wrote:
> Matthew Cline wrote:
> >First a few rules to match non-spam:
> >
> > body SIGNATURE_DELIM/^-- $/
> > describe SIGNATURE_DELIMStandard signature delimiter present
> >
> >While there would be no effort in faking this, it m
Matthew Cline just mooed:
> First a few rules to match non-spam:
>
> body SIGNATURE_DELIM/^-- $/
> describe SIGNATURE_DELIMStandard signature delimiter present
>
> While there would be no effort in faking this, it might take a while for some of the
>spammers to catch o
Matthew Cline wrote:
>First a few rules to match non-spam:
>
> body SIGNATURE_DELIM/^-- $/
> describe SIGNATURE_DELIMStandard signature delimiter present
>
>While there would be no effort in faking this, it might take a while for some of the
>spammers to catch on.
>
I hav
On Thu, 7 Mar 2002, Matthew Cline wrote:
> uri HTTPS_URL /https:\/\//
> describe HTTPS_URL Spammers don't often use HTTPS
>
> Has anyone seen spam that uses an HTTPS URI?
Yes, and it's not at all rare. 96 of 3200 messages in my recent-spam box
have 'https' in t
First a few rules to match non-spam:
body SIGNATURE_DELIM/^-- $/
describe SIGNATURE_DELIMStandard signature delimiter present
While there would be no effort in faking this, it might take a while for some of the
spammers to catch on.
uri HTTPS_URL /
13 matches
Mail list logo