On Thu, 1 Jun 2017, Benny Pedersen wrote:
John Hardin skrev den 2017-06-01 00:29:
That sort of thing has happened before, and there are rules to *try*
to catch nonsense headers in my sandbox, but IIRC they never worked
well enough in masscheck to actually get published.
would it be possible to make list of non nonsense headers, and count based on
that how many other headers is in mail ?
Define "nonsense".
There are a fairly limited number of headers explicitly defined by the
various RFCs which could be used to restrict the hits, but the number of
*valid* headers is unbounded - any header that begins with "X-" is
permitted.
and thus based on how many other headers a mail have say its more spammy by
to many no nonsense headers ?
anyway food for bayes training
Potentially.
The headers' randomness could be a clue. Perhaps a plugin that records
headers in a database with a "seen" count, and if a message has more than
a half-dozen or so low-seen-count headers then it would earn a point or
two. The risk there is FP on messages with a bunch of unusual but
not-spammy headers.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Anyone who uses the word "profit" as a dirty word should be
watched very, very carefully. If they hate the idea of gain
through free trade it can only mean that they’re looking to
get it through robbery. -- Lyle@Ultimak
-----------------------------------------------------------------------
6 days until the 73rd anniversary of D-Day
