Hi, I'm kinda getting tired of reporting these mails (both to my local
SA and to SpamCop), and so are my customers. My problem is that the
spammers are using a large ISP's mail server, and that particular ISP
(as all the others here in Argentina) don't bother checking the abuse
reports. What drives me crazy is the little score it lacks to go
devnulled...
Anyway, here's a sample: http://pastebin.com/m3c0e5b9
The main problem here is that the standard SA rules are in english and the
mail is in spanish (or something close to that I suppose). My Spanish is
incredibly rusty, but just scanning the mail I see dozens of phrases I'd try
to match on to add points for this sort of thing. Of course, I'd need a few
dozen examples (at least!) to even consider writing any rules for this sort
of thing. It would be better if a native speaker wrote the rules than
someone not that familiar with the language.
In any case, you can try blacklisting the address of the CD company, try
rules against cheap CDs, try ruels against mail advertizing pictures of nice
colored girls (presumably where all of the color is visible at once), and a
half dozen other seemingly pretty obvious stock phrases.
Of course, you need a bunch of these mails so you can compile a phrase list,
and you ideally need some way to do a masscheck against spam and ham to make
sure you aren't accidentally catching a lot of ham. But you should be able
to get the first of those requirements trivially, and if you are careful and
start with low scores and monitor the logs for the rules that are hitting
you should be able to adjust scores safely and successfuly.
Justin has a tool that makes rules based on phrases found in ham and spam.
This is an automated form of doing what I suggest above by hand. I don't
know if those tools are part of the SA package, but they might be. If so,
they could probably be used to advantage.
Loren
