Alex wrote: > Hi all, > > I'm having a problem with "buy my list" spam and hoped someone could > help me with ideas of how to best block them. > > Here's an example: > > http://pastebin.com/01C1DDmq > > Even a few days later, and the sending IP isn't blacklisted anywhere. > I have a couple of body rules now for this specific one, but it's > obviously not as effective as I'd like. They also don't always score > high on bayes. > > Anyone else seeing a lot of these?
Not a lot, but one is too many. I add rules for phone numbers, company names, physical/mailing addresses, and other generally distinct phrases/features of these messages, extract URIs and relay IPs for local DNSBL data, and feed them to Bayes. I don't see that many so it's difficult to tell how well I'm doing catching them. -kgd
