Re[2]: Rule Advice

Hello dennis, Friday, July 15, 2005, 10:08:56 PM, you wrote: dsc> Ah, here is the From header: dsc> From: 360° Skin Care <[EMAIL PROTECTED]> dsc> Not 6 digits, but maybe the degree symbol is contributing. I'll advise not dsc> to start the username with 360°. Actually, that header is > From: =?is

Re[2]: Rule Advice

Hello dennis, Friday, July 15, 2005, 10:08:56 PM, you wrote: dsc> On Jul 15, 2005, at 3:19 PM, Loren Wilton wrote: dsc> If that username starts with six digits, it hits that rule, as shown dsc> in Loren's example. dsc> Ah, here is the From header: dsc> From: 360° Skin Care <[EMAIL PROTECTED]> ds

Re: Rule Advice

On Jul 15, 2005, at 3:19 PM, Loren Wilton wrote:If that username starts with six digits, it hits that rule, as shown in Loren's example. Ah, here is the From header: From: 360° Skin Care <[EMAIL PROTECTED]> Not 6 digits, but maybe the degree symbol is contributing. I'll advise notto start the us

Re: Rule Advice

> If that username starts with six digits, it hits that rule, as shown > in Loren's example. > > Ah, here is the From header: > > From: 360° Skin Care <[EMAIL PROTECTED]> > > Not 6 digits, but maybe the degree symbol is contributing. I'll advise not to > start the username with 360°. No, you misun

Re: Rule Advice

wrote on Fri, 15 Jul 2005 09:52:26 -0700: > Not 6 digits, but maybe the degree symbol is contributing. I'll > advise not to start the username with 360°. That degree sign isn't allowed unescaped in there anyway. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Service

Re: Rule Advice

On Jul 14, 2005, at 6:05 PM, Robert Menschel wrote:header FROM_STARTS_WITH_NUMS     From:addr =~ /^\d{6,}\S+\@/i The email address used in the From header begins with 6 (or more) digits. it's not hitting on 360SkinCare.com, but on the user part of the email address (doesn't even look at the domain

Re[4]: Rule Advice

Hello dennis, Thursday, July 14, 2005, 9:03:46 AM, you wrote: dsc> On Jul 14, 2005, at 5:52 AM, Robert Menschel wrote: >> header FROM_STARTS_WITH_NUMS     From:addr =~ /^\d{6,}\S+\@/i >> The email address used in the From header begins with 6 (or more) >> digits. it's not hitting on 360SkinCare.c

Re: Re[2]: Rule Advice

> header FROM_STARTS_WITH_NUMS From:addr =~ /^\d{6,}\S+\@/i > The email address used in the From header begins with 6 (or more) > digits. it's not hitting on 360SkinCare.com, but on the user part of > the email address (doesn't even look at the domain name). > The From line didn't start with

Re: Rule Advice

our >> servers from >> their mom's computers while she is at work... well u get the idea. >> But I am >> guessing your friend already knows that. >> >> >> -Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> Sent:

Re: Re[2]: Rule Advice

On Jul 14, 2005, at 5:52 AM, Robert Menschel wrote:header FROM_STARTS_WITH_NUMS     From:addr =~ /^\d{6,}\S+\@/i The email address used in the From header begins with 6 (or more) digits. it's not hitting on 360SkinCare.com, but on the user part of the email address (doesn't even look at the domain

Re: Rule Advice

On Jul 14, 2005, at 8:55 AM, Duncan Hill wrote:On Thursday 14 July 2005 16:50, [EMAIL PROTECTED] typed: On Jul 14, 2005, at 4:14 AM, Loren Wilton wrote: Received: (qmail 31028 invoked from network); 9 Jul 2005 21:00:29 - Received: from localhost (127.0.0.1) by localhost with SMTP; 9 Jul 2005 21

Re: Rule Advice

On Thursday 14 July 2005 16:50, [EMAIL PROTECTED] typed: > On Jul 14, 2005, at 4:14 AM, Loren Wilton wrote: > Received: (qmail 31028 invoked from network); 9 Jul 2005 21:00:29 > - > Received: from localhost (127.0.0.1) by localhost with SMTP; 9 Jul > 2005 21:00:29 - > >

Re: Rule Advice

On Jul 14, 2005, at 4:14 AM, Loren Wilton wrote:Received: (qmail 31028 invoked from network); 9 Jul 2005 21:00:29 - Received: from localhost (127.0.0.1) by localhost with SMTP; 9 Jul 2005 21:00:29 - Are you really located in England?  So far as I know PacBell doesn't serve that area. I coul

Re[2]: Rule Advice

Hello dennis, Thursday, July 14, 2005, 2:34:42 AM, you wrote: dsc> Been using SA for quite a while and agree it's working great. dsc> Is FROM_STARTS_WITH_NUMS appropriately spammy if it's a legal way to dsc> name a domain? Yes. > header FROM_STARTS_WITH_NUMS From:addr =~ /^\d{6,}\S+\@/i The

Re: Rule Advice

t; > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, July 13, 2005 3:52 PM > > To: users@spamassassin.apache.org > > Subject: Rule Advice > > > > > > We're working with someone who has a

Re: Rule Advice

sing your friend already knows that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 13, 2005 3:52 PM To: users@spamassassin.apache.org Subject: Rule Advice We're working with someone who has a domain that starts with a nu

RE: Rule Advice

al Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 13, 2005 3:52 PM To: users@spamassassin.apache.org Subject: Rule Advice We're working with someone who has a domain that starts with a number: 360skincare.com. So it gets bit by FROM_STARTS_WITH_NUMS. I al

Rule Advice

We're working with someone who has a domain that starts with a number: 360skincare.com. So it gets bit by FROM_STARTS_WITH_NUMS. I also see some for suspicious hostname. A little more background: the sender appears to come from pacbell.net isp and using a webmail client. Are these "suspic

Re: Rule advice please

> Following discussions on this list about obfuscating words to avoid spam > detection, and not being a ninja, I'd like some feedback about the > possible efficacy or pitfalls on rules like the following. [snip] In general, there are three main ways of dealing with these obfuscations: 1. Hand-cra

RE: Rule advice please

nyone wants to talk about this more, mail me privately, and we can hit reply all (if I know who you are :) ) R -Original Message- From: Mike Grau [mailto:[EMAIL PROTECTED] Sent: 28 February 2005 17:55 To: users@spamassassin.apache.org Subject: Re: Rule advice please > > >

RE: Rule advice please

>Hello. > >Following discussions on this list about obfuscating words to >avoid spam >detection, and not being a ninja, I'd like some feedback about the >possible efficacy or pitfalls on rules like the following. > >As noted in other discussions, words with scrambled letters >between the >fir

Re: Rule advice please

subject =~ /\b(?!cartoon|croatan|carroon)c[arto]{5}n\b/i subject =~ /\b(?!downloadable)d[ownladb]{10}e\b/i subject =~ /\b(?!dripping)d[ripn]{6}g\b/i subject =~ /\b(?!ejaculating|enunciating)e[jacultin]{9}g\b/i You can't use rules like this. The pattern "can" matches your first exam

RE: Rule advice please

subject =~ /\b(?!cartoon|croatan|carroon)c[arto]{5}n\b/i subject =~ /\b(?!downloadable)d[ownladb]{10}e\b/i subject =~ /\b(?!dripping)d[ripn]{6}g\b/i subject =~ /\b(?!ejaculating|enunciating)e[jacultin]{9}g\b/i You can't use rules like this. The pattern "can" matches your first ex

Rule advice please

Hello. Following discussions on this list about obfuscating words to avoid spam detection, and not being a ninja, I'd like some feedback about the possible efficacy or pitfalls on rules like the following. As noted in other discussions, words with scrambled letters between the first and last le