I use the following rule that, combined with other meta rules, catches
the majority of these
header LW_SUBJECT_SPAMMY Subject =~ /^[0-9a-zA-Z,.+_\-'!\\\/]{31,}$/
describe LW_SUBJECT_SPAMMY Subject appears spammy (31 or more characters
without spaces. Only numbers, letters, and formatting)
score LW_SUBJECT_SPAMMY 0.2
The key is to score the actual subject rule low, but bump the SA score
with meta rules that increase the score as more indicators are hit. I've
had moderate success with the rules below:
# Rule 2: Message is HTML and has a tracking ID, or comes from a free
mail address
# Therefore, must hit HTML_MESSAGE, and either TRACKER_ID or FREEMAIL_FROM
meta LW_SPAMMY_EMAIL1 (LW_SUBJECT_SPAMMY && HTML_MESSAGE && (TRACKER_ID
|| FREEMAIL_FROM))
describe LW_SPAMMY_EMAIL1 Spammy HTML message that has a tracking ID or
is freemail
score LW_SPAMMY_EMAIL1 1.0
#tflags LW_SPAMMY_EMAIL1 noautolearn
# Rule 3: Message hits LW_SPAMMY_EMAIL1 and MIME_QP_LONG_LINE
# It's unusual for non-spam HTML messages to have really long Quoted
Printable lines
meta LW_SPAMMY_EMAIL2 (LW_SPAMMY_EMAIL1 && (MIME_QP_LONG_LINE ||
__LW_NET_TESTS))
describe LW_SPAMMY_EMAIL2 Spammy HTML message also has a Quoted
Printable line > 76 chars, or hits net check
score LW_SPAMMY_EMAIL2 1.0
#tflags LW_SPAMMY_EMAIL2 noautolearn
Hope this helps!
Regards,
Lawrence
On 15/03/2011 1:53 AM, jambroo wrote:
Is there a way of filtering emails with very large one-word subjects. They
are also in all caps.
I can see rules that set emails to spam if they contain specific wording but
nothing like this.
Thanks.
