On 9/19/2011 6:31 PM, Noel Jones wrote:
I don't know of any up-to-date header/body checks repository. AFIK the ones found on the internet are outdated enough to be ineffective and just waste time.
These might be useful. Pick your own preferred action. Season to your taste. The first 3 are safe for any site as they target a specific spamware engine.
/HELO User/ DISCARD /helo=User/ DISCARD /Received: from User / DISCARD /From: .*Wells Fargo.*/ REJECT Probable phish /From: .*chase online.*/ REJECT Probable phish /From: .*money.*/ DISCARD Scam /Subject:.*western union.*/ DISCARD Scam /Subject:.*magnum 4d.*/ DISCARD Scam /Subject:.*winning formula.*/ DISCARD Scam /Subject:.*your mailbox.*/ DISCARD Scam /Subject:.*my will.*/ DISCARD probable phish /Subject:.*chase.*online.*/ DISCARD probable phish /Subject:.*won.*\$\d.*/ DISCARD probable phish /Subject:.*win(ner|ing|ning|nning).*/ DISCARD probable phish /Subject:.*beneficiary.*/ DISCARD probable phish /Subject:.*free money.*/ DISCARD probable phish /Subject:.*loan.*/ DISCARD probable phish /Subject:.*grant award.*/ DISCARD probable phish -- Stan
