On Thu, 25 Feb 2021, Jared Hall wrote:
On 2/24/2021 9:43 PM, John Hardin wrote:
The __XM_RANDOM header rule is intended to catch the specific condition of
the email, the scored XM_RANDOM meta is intended to add points for when
that condition indicates spam.
Ouch, I figured as much. With a name like XM_RANDOM, it's gotta be good :)
I recall about 10 years ago getting floods with (pseudo)random (eg:
qxvfdgeexcfffdf, etc) type mailers. I was just wondering if this was
artifactual.
It's current. Somebody decided to send a large spam campaign using forged
sender addresses in my wife's domain, so I got a lot of NDA bounces with
spam content I don't usually see. There were a lot of random gibberish
mailers, as well as some that look plausible at a glance but suspicious
upon further consideration.
I got a bunch of new rules off that so I'm not complaining too hard.
I don't know if you Guys (pc: and Gals) keep notes when each
rule gets developed and what not. But that's not really a question for
this list, so No Big Deal.
For myself, not beyond the SVN history.
I've been scanning all outbound Email for 3-1/2 years now. I scan at the
SMTP level, with no discernible performance hit. It certainly has saved my
butt on a few occasions. Now I *opine* this: There is something to the
ZERO-TRUST security model.
Hm, yeah.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Where are my space habitats? Where is my flying car?
It's 2010 and all I got from the SF books of my youth
is the lousy dystopian government. -- perlhaqr
-----------------------------------------------------------------------
271 days since the first private commercial manned orbital mission (SpaceX)
