A few weeks ago I thought of an interesting new "statistical" way of fighting spam. Having collected a few weeks worth of maillog data (about 500 MB), I wrote a small Perl script, matching IP addresses by the following simple rule (in words):
"Look at SMTP connections, and consider all IP addresses spam that, in one session, deliver to 4 or more local recipients simultaneously." Naturally, I ran a post-process pass, so as to filter out white-list data (mailing lists and such). Based on the idea that, apart from mailing lists, there is hardly ever a decent reason for a remote host to deliver to more than 4 recipients simultaneously, the result was, indeed, astounding. :) Near 98% was pure spam. So, I was wondering, regardless of this particular idea, have the SA developers ever seriously thought about doing maillog analysis? That may make things a bit platform/MTA dependent, but you really can learn a great deal about spammers based on "history" too, and not merely a per-message analysis. Anyway, just a thought. - Mark ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
