>>
>> >>
>> >> I have been looking for a plugin or rule or some method of
>> >> marking/scoring a message if it is a BCC.
>> >>
>> >> My little mind was thinking of a rule that compares headers To: and
>> >> Delivered To: and marks/scores if one isn't inside the other, but I'm
>> >> not sure of how to do variables in regex.
>> >>
>> >> Point me in the right direction please :)
>> >>
>>
>> Hi Franklin,
>>
>> I am using two stoprules (actually outside of SA, mail that fits does not
>> even see SA)
>> a) if I am not in To or Cc, the mail must be for somebody else. This
>> actually took me a few
>> months to define all the exceptions
>> - mails from mailing list (there may be 3 variations: replied post, cc'd on
>> reply, and mailman's
>> password reminder)
>> - forwarded mails, e.g. to the company's postmaster account, or to my
>> sourceforge address
>> b) if the mail is sent to other addresses too, at the same domain, and there
>> is not at least
>> one of a few friends in that list, it must be one of those mails that stuff
>> 50 or 100 alphabetically
>> sorted emails together
>>
>> Wolfgang
>>
>>
>>
I just wanted to add that this filter catches a lot of paypal-related phish:
although every
real paypal mail is individually addressed, and has the recipient name in the
mail body, these
people rely on bcc sending of "compromised account" type stuff
