Anything that'll help with SPAM... (especially
FREEware...) Count me in.
Thanx...
-Gil
Hi
all,
just wanted to
know that i have written a little program to catch even more spam than IMail
itself can do with on-board stuff. The reason why I coded it is that we don't
have the budget to buy Declude (well, actally my boss isn't willed to pay
anything more for mail stuff), plus with this thingy I have complete control
over what I want to let through and what not. Own code means full control
:).
If anybody is
interested in using it as well, let me know and I package it
up.
What it
does:
- makes upper and
mixed case <A HREF and <IMG SRC to lower case. This is important because
IMail 8.05HF2 still only supports lower case links for URL domain black
list
- Adds a X-Header
(which then can be handled by in- and outbound
rules) when:
- there is
a line break between the <a and the actual link part (same for <font and
<img) - used by m*a*n*y spam mails to confuse anti-spam filters - never
seen in any regular mail, so its a 99,99% indicator of spam
mail
- link
after href= "" no "" around (also often used by spam
mails)
- there is
an URL that contains a @ for the domain part (used as
username)
- there is
an URL that contains a % for the domain part (used as ASCII code
initiater)
- contains
a specific phrase of a list provided via a text file. (*)
(*) The big
advantage of this phrase over Content Filtering and Rules in IMail is that you
can easily define a list of an exact character definition that leads to spam.
Since it is a "dump" byte-by-byte comparison without case changing and
where "." means "." and nothing else, and it also finds substrings, it is for
example great to find patterns in URLs. A lot of spam is for example
successfully found with the patterns "/v9.gif", "/gone.php",
".biz/" and "?AFF_ID=". This is an important feature because a lot of
spam mailers own quite a few domains, so their domainname changes quite
often, but for example the filename of the JPG they are accessing is
always the same.
Please note that this is of course no competition to Declude or
anything else, but it is a quick'n'dirty little helper tool that increases
effiency at least here dramatically. (On the other hand this are all things
that *should* be provided by IMail itself). Basically it is the result of my
spam analysing the last 2 months.
Of course I can
give you no warranty or support or anything like that, so using it would
be your own risk!
