On Fri, Jan 02, 2004 at 07:54:34AM -0500, Mark London wrote: > Actually, no. The rule is matching the username to the To: address, not > From:. The purpose of spammers doing this is to think it's a personal > message, so it has to be the username of the person receiving the spam.
Doh! You're right, I looked at the wrong header. :( > >2) the subject would have to be "mrl," followed by a non-whitespace char. > > This is the correct reason, though! "london,you look cute." triggers > the rule! What is the reason behind this? I've had tons of spam with > the username at the start of the subject, and most start off with the > username followed by a common and then a space. And I just noticed in > my Trash a spam message which contained the email address at the start > of the subject line, and that didn't trigger either. It's the only version that didn't cause a ton of false positives. For instance, assume someone uses their first name as their username: [EMAIL PROTECTED] They'll get legitimate mails like "please update this spreadsheet bob ASAP", or "bob, let us know if you can goto lunch", etc. As I said though, I didn't check the full email address in the header ... That can still false positive (a specific example would be "mailing list reminder for [EMAIL PROTECTED]"), but I'll throw it in for testing to make sure. :) -- Randomly Generated Tagline: How do I type "for i in *.dvi do xdvi i done" in a GUI? (Discussion in comp.os.linux.misc on the intuitiveness of interfaces.)
pgp00000.pgp
Description: PGP signature
