Received: from [74.15.226.43] by web80505.mail.mud.yahoo.com via HTTP; Mon, 11 Oct 2010 11:06:16 PDT
The line above is probably giving you spammer's source IP (or http proxy --- some SP use trans. fwd. proxies). Analyse that IP address and other similar spammers. If the region is not important blacklist the block in 74.15.226.43. Or create a heuristic(s) that states: if mail is from Yahoo, contains a single line and from that IP block, then junk it. You'll need to test and make sure it doesn't have much FP. ------Original Message------ From: Igor Chudov To: Spamassassin Mailing List ReplyTo: i...@chudov.com Subject: One-liner spams Sent: Oct 11, 2010 10:12 PM I receive plenty of one-liner spams from hacked webmail accounts, advertising various fronts of a Chinese retailer of a certain famous chemical compound that enables sinful behaviors for people who were not capable physically. Example of such an email is here: http://igor.chudov.com/tmp/spam012.txt I fully realize that these emails are difficult to trap, but, perhaps, I am missing some innovations in the spamfighting field? Any idea how I can kill them? i --- Mahmoud Khonji
