spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Hardin <jhar...@impsec.org>
Subject Re: How should this tricky spam be filtered?
Date Tue, 02 Feb 2010 03:31:45 GMT
On Mon, 1 Feb 2010, Adam Katz wrote:

> Martin Gregorie wrote:
>> Apparently putting the spam's payload in the "personal name" part
>> of the From: header is as old a trick as putting it in the Subject:
>> header though I hadn't seen it used until recently.
>>
>> There was a recent suggestion that 'personal name' text from the
>> From: header should be included in the text examined by 'body'
>> rules, which already includes the Subject: text. This sounds like a
>> good thing to do.
>
> My tests have been mildly successful on this note, with FROM_WWW
> already getting promoted out of testing:
> http://ruleqa.spamassassin.org/?rule=/FROM_W&srcpath=khop
>
> This indicates that we don't actually need to parse any further
> because there is no sizable mass of legitimate mail that does this
> (and hopefully by getting this rule out the door, people considering
> it might decide against it).

Concur.

http://ruleqa.spamassassin.org/20100201-r905213-n/T_FROM_URI/detail?srcpath=jhardin

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   I'm seriously considering getting one of those bright-orange prison
   overalls and stencilling PASSENGER on the back. Along with the paper
   slippers, I ought to be able to walk right through security.
                                              -- Brian Kantor in a.s.r
-----------------------------------------------------------------------
  Today: the 7th anniversary of the loss of STS-107 Columbia

Mime
View raw message