> > Three suggested rules: > > 2) Detect mail that has multiple invalid local addresses in the To: > > and CC: fields (should get a medium score for 2 or more)
This one can be made to work at a large ISP, at least in many cases. It is highly questionable at a business where many people may be on a cc list. I have three rules to catch increasing numbers of recipients at earthlink, giving increasing scores. The chance that there would be a real mail to me with more than two other recipients on earthlink is nil. (Note that mailing lists don't usually include the whole distribution list in the addresses.) > > 3) Detect mail for which the From:, To:, and CC: fields contain > > known or unknown display-names corresponding to local addresses. > > Again, this can generally be made to work, but there will certainly be exceptions. And this is probably not something where a general rule could be set up, but would require rules tailored by the individual recipients - which many won't (or won't be able to) do. In general it is probably more trouble than it is worth.
