Hi all,
I've spotted in the last day or so a possible spam-indicator based on
the Message-ID of a number of recent spams.
These have the format:
Message-ID =~ /^<10[0-9]{8}\.[0-9]{7}\.0\@\S+>$/
(i.e ten digits "dot" seven digits "dot" zero @...)
The first set of digits are the standard Unix time_t. The second set
of digits appear random.
All messages in my (perhaps inadequate) corpus which meet this rule
are bulk mail, though to be fair one was an opt-in list. There's not
much else to go on with these messages' headers, nothing else that would
identify them as bulk mail, at least.
Would anyone like to run this rule against their corpora and let me
know if it might be useful?
Martin
--
Martin Radford | "Only wimps use tape backup: _real_
[EMAIL PROTECTED] | men just upload their important stuff -o)
Registered Linux user #9257 | on ftp and let the rest of the world /\\
- see http://counter.li.org | mirror it ;)" - Linus Torvalds _\_V
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
