On Jul 15, 2005, at 3:19 PM, Loren Wilton wrote:If that username starts with six digits, it hits that rule, as shown in Loren's example. Ah, here is the From header: From: 360° Skin Care <[EMAIL PROTECTED]> Not 6 digits, but maybe the degree symbol is contributing. I'll advise notto start the us
> If that username starts with six digits, it hits that rule, as shown
> in Loren's example.
>
> Ah, here is the From header:
>
> From: 360° Skin Care <[EMAIL PROTECTED]>
>
> Not 6 digits, but maybe the degree symbol is contributing. I'll advise not
to
> start the username with 360°.
No, you misun
wrote on Fri, 15 Jul 2005 09:52:26 -0700:
> Not 6 digits, but maybe the degree symbol is contributing. I'll
> advise not to start the username with 360°.
That degree sign isn't allowed unescaped in there anyway.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Service
On Jul 14, 2005, at 6:05 PM, Robert Menschel wrote:header FROM_STARTS_WITH_NUMS From:addr =~ /^\d{6,}\S+\@/i The email address used in the From header begins with 6 (or more) digits. it's not hitting on 360SkinCare.com, but on the user part of the email address (doesn't even look at the domain
>...
>
>Been using SA for quite a while and agree it's working great.
>
>Is FROM_STARTS_WITH_NUMS appropriately spammy if it's a legal way to
>name a domain?
>
>Is this related to the "suspicious hostname" flags? Or is that
>related to the use of webmail? If the former, then they're getting
>
On Jul 14, 2005, at 8:55 AM, Duncan Hill wrote:On Thursday 14 July 2005 16:50, [EMAIL PROTECTED] typed: On Jul 14, 2005, at 4:14 AM, Loren Wilton wrote: Received: (qmail 31028 invoked from network); 9 Jul 2005 21:00:29 - Received: from localhost (127.0.0.1) by localhost with SMTP; 9 Jul 2005 21
On Thursday 14 July 2005 16:50, [EMAIL PROTECTED] typed:
> On Jul 14, 2005, at 4:14 AM, Loren Wilton wrote:
> Received: (qmail 31028 invoked from network); 9 Jul 2005 21:00:29
> -
> Received: from localhost (127.0.0.1) by localhost with SMTP; 9 Jul
> 2005 21:00:29 -
> >
On Jul 14, 2005, at 4:14 AM, Loren Wilton wrote:Received: (qmail 31028 invoked from network); 9 Jul 2005 21:00:29 - Received: from localhost (127.0.0.1) by localhost with SMTP; 9 Jul 2005 21:00:29 - Are you really located in England? So far as I know PacBell doesn't serve that area. I coul
> Is FROM_STARTS_WITH_NUMS appropriately spammy if it's a legal way to
> name a domain?
>From the rule name (without looking) I'd say it refers to the from address.
From: [EMAIL PROTECTED] It may be that it refers to the
hostname itself starting with numbers, but that seems a little unlikely.
Wh
Been using SA for quite a while and agree it's working great.
Is FROM_STARTS_WITH_NUMS appropriately spammy if it's a legal way to
name a domain?
Is this related to the "suspicious hostname" flags? Or is that
related to the use of webmail? If the former, then they're getting
dinged at lea
If I am reading this correctly it looks like SA is working perfectly. SA
admins generally don't care much for kids sending email to our servers from
their mom's computers while she is at work... well u get the idea. But I am
guessing your friend already knows that.
-Original Message-
From
> Following discussions on this list about obfuscating words to avoid spam
> detection, and not being a ninja, I'd like some feedback about the
> possible efficacy or pitfalls on rules like the following.
[snip]
In general, there are three main ways of dealing with these obfuscations:
1. Hand-cra
nyone wants to talk about this more, mail me privately, and we can hit
reply all (if I know who you are :) )
R
-Original Message-
From: Mike Grau [mailto:[EMAIL PROTECTED]
Sent: 28 February 2005 17:55
To: users@spamassassin.apache.org
Subject: Re: Rule advice please
>
>
>
>Hello.
>
>Following discussions on this list about obfuscating words to
>avoid spam
>detection, and not being a ninja, I'd like some feedback about the
>possible efficacy or pitfalls on rules like the following.
>
>As noted in other discussions, words with scrambled letters
>between the
>fir
subject =~ /\b(?!cartoon|croatan|carroon)c[arto]{5}n\b/i
subject =~ /\b(?!downloadable)d[ownladb]{10}e\b/i
subject =~ /\b(?!dripping)d[ripn]{6}g\b/i
subject =~ /\b(?!ejaculating|enunciating)e[jacultin]{9}g\b/i
You can't use rules like this. The pattern "can" matches your first
exam
subject =~ /\b(?!cartoon|croatan|carroon)c[arto]{5}n\b/i
subject =~ /\b(?!downloadable)d[ownladb]{10}e\b/i
subject =~ /\b(?!dripping)d[ripn]{6}g\b/i
subject =~ /\b(?!ejaculating|enunciating)e[jacultin]{9}g\b/i
You can't use rules like this. The pattern "can" matches your first
ex
16 matches
Mail list logo
