Re: [SAtalk] Re: Subject contains username

Fri, 02 Jan 2004 10:02:03 -0800 



I think that it should be configurable to enable what Mark and others have
mentioned on this thread. While some sites may use [EMAIL PROTECTED] as you
use in your example, it is much more common to use, for example,
[EMAIL PROTECTED] No legit person is going to say "ahoying, please do
this" in a subject, but spammers do all the time. For domains where a
person's first name is not the common email user name this would be highly
effective I believe.

Andrew Hoying



                                                                           
             Theo Van Dinter                                               
             <[EMAIL PROTECTED]                                             
             et>                                                        To 
             Sent by:                  Mark London <[EMAIL PROTECTED]>      
             spamassassin-talk                                          cc 
             [EMAIL PROTECTED]         [EMAIL PROTECTED] 
             ceforge.net               .net                                
                                                                   Subject 
                                       Re: [SAtalk] Re: Subject contains   
             01/02/2004 09:50          username                            
             AM                                                            
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




On Fri, Jan 02, 2004 at 07:54:34AM -0500, Mark London wrote:
> Actually, no.  The rule is matching the username to the To: address, not
>  From:.  The purpose of spammers doing this is to think it's a personal
> message, so it has to be the username of the person receiving the spam.

Doh!  You're right, I looked at the wrong header. :(

> >2) the subject would have to be "mrl," followed by a non-whitespace
char.
>
> This is the correct reason, though!  "london,you look cute." triggers
> the rule!  What is the reason behind this?  I've had tons of spam with
> the username at the start of the subject, and most start off with the
> username followed by a common and then a space.   And I just noticed in
> my Trash a spam message which contained the email address at the start
> of the subject line, and that didn't trigger either.

It's the only version that didn't cause a ton of false positives.
For instance, assume someone uses their first name as their username:
[EMAIL PROTECTED]  They'll get legitimate mails like "please update this
spreadsheet bob ASAP", or "bob, let us know if you can goto lunch", etc.

As I said though, I didn't check the full email address in the header ...
That can still false positive (a specific example would be "mailing
list reminder for [EMAIL PROTECTED]"), but I'll throw it in for testing
to make sure. :)

--
Randomly Generated Tagline:
How do I type "for i in *.dvi do xdvi i done" in a GUI?
 (Discussion in comp.os.linux.misc on the intuitiveness of interfaces.)
(See attached file: attb363b.dat)


Attachment:
attb363b.dat

Description: Binary data






















					Reply via email to