spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jones <djo...@ena.com>
Subject Re: Receiving a lot of junk from Office 356
Date Tue, 23 Jan 2018 19:52:48 GMT
On 01/23/2018 12:36 PM, Alex wrote:
> Hi,
> 
> On Tue, Jan 23, 2018 at 10:17 AM, David Jones <djones@ena.com> wrote:
>> First, if anyone from Microsoft is on this list, please setup proper
>> outbound spam filtering, rate limiting, and compromised account detection
>> with locking to prevent junk like this.
>>
>> I have seen a recent increase in the number of outbound junk and phishing
>> emails that I keep reporting to SpamCop who reports it to Microsoft.
>>
>> https://pastebin.com/c2c2ETYi
>>
>> Any ideas other than maintaining a complex regex on body matches?  I have
>> tried this with good success but it's creating a few FPs.  I could limit it
>> to O365 servers but that is a lot these days.
> 
> We address these with a series of meta rules involving "target market"
> combined with a few meta rules involving "Title, Company name, Phone
> number" etc...
> 
> My "list acquire" rule looks like
> /(list\b|target\b|contacts|database|acquire\b|acquiring|campaign|verified
> email|leads)/i which is required to start.
> 

Mine looks very similar but I have 3 word combinations that need to be 
near each other with ".{1,30}" between them to try to be a little 
flexible on the sentences without FPs.  I think my problem was the word 
"info" was in the middle of the 3 words and that was matching way too 
much so I removed that.

Now I have used a meta rule to limit it to O365 outbound servers and 
will let this ride a while to make sure it's a little more conservative 
with fewer FPs.

-- 
David Jones

Mime
View raw message