On Thu, 2021-06-17 at 17:10 -0700, Loren Wilton wrote: > A number of the rules I passed along are generic "order" rules rather > than Amazon specific. I had to go back to last month's spam to find an > Amazon order spam, but I've gotten a dozen or so fake orders for other > things this month, all of which hit on the LW_BOGUS_ORDER rule. > I'm not at all surprised about that: several years back when I was on the Wine mailing list I was getting a lot of sales spam from it. Unsurprising: Wine uses a combined web forum and mailing list where emails get posted to the web forum and vice versa, and if almost anybody can join the web forum, then the mailing list will be rather spammy.
Anyway, I ended up developing a number of rules to deal with this: typically they are sets of two or more subrules plus a linking meta- rule. Both subrules are long lists of alternates, one containing, say 'sales phrases' (including miss-spellings, odd word order and obfuscations) and the other containing product names and descriptions. Other pairings that work have been bank names and financial terms where the sender's address doesn't match the Message ID, endearments combined with sex terms, or web commerce sites and invoices. The good thing about rules like this is, as Loren also found, that they will quite often correctly match spam from sources or containing phrase combinations you've never seen before. Their only disadvantage is maintaining them: a lengthy alternates list is difficult to maintain with the usual text editors, so I ended up writing a reformatting tool which takes a file containing rule names, scores, descriptions etc, and with the elements in each list of regex alternates on separate line. This makes for a file that's easy to edit, and is fairly easy to convert into the small set of lines that define a valid SA rule. I wrote my converter as an awk script, but it can be written in almost any language, e.g. C, Java, Perl or even (if you must) BASIC or Javascript. Or you can find my tool here: https://www.libelle-systems.com/free/portmanteau/portmanteau.tgz Martin PS: I realise many list regulars have seen all this stuff before, but there are a number of new arrivals who won't have seen it and may find it useful and/or get new ideas from it.
