You know what I mean. *Many (not all) of the rules (rDNS verification,
hostname check, SPF records, etc) are easy to circumvent but we still
check all that. Those simple checks still manage to catch a surprising
amount of spam.
I could just not publish this and keep it for myself and I'm sure that
would make it more effective long term for me, but I figured I would
contribute it so that others can gain some benefit from it.
If it doesn't become widespread and SpamAssassin isn't interested in
embedding it directly into their rule checks then that's fine by me, I'm
not going to cry about it...more spam catching for me and whoever
decides to install the plugin on their own servers. If it does become
widespread and some spammers adapt then I'll take solace in knowing I
helped a lot of people stop at least some of their spam.
* Mike Marynowski:
Everything we test for is easily compromised on its own.
That's quite a sweeping statement, and I disagree. IP-based real time
blacklists, anyone? Also, "we" is too unspecific. In addition to the
stock rules, I happen to maintain a set of custom tests which are
neither published nor easily circumvented. They have proven pretty
effective for us.
-Ralph
