-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ***^\ ."_)~~ ~( __ _"o Was Wed, 14 Jul 2004, at 17:36:24 -0400, @ @ when [EMAIL PROTECTED] wrote:
> On Wed, 14 Jul 2004, Mica posted to [EMAIL PROTECTED] in MM>> I made some Selective Download filters, using most frequently used MM>> spamers' patterns, and am getting about 1-3% of spam after that MM>> work. What remains are addresses consisting from random letters, MM>> eg.: <[EMAIL PROTECTED]>. Have you some idea how to define MM>> this random part, using Selective Download option, as for instance MM>> "random_part@"? > I'm not smart enough to do it that way. It's easier, for me, than that what you have described in your message, and has less of "coding" and "tweaking". Also, I am not so skilled, nor "smart" as it may look from my description above. (-; I use very simple techniques and just few of (probably "primitive" regex coding, and am expecting that these can be done even simpler). I'll give you now the model of what I'm doing and how... 1) Firstly I create a (Selective Download) filter of 1a) what mail I *accept*. It is mail addressed to me personally, and 1b) the mail I receive as a subscriber of various lists/newsletters. 2) Then, I create a (Selective Download) filter for specific spam (and/or groups of) addresses, I have "fished up" in my "What a Garbage" folder. There I use some regex "formulas". The filter 1a) consist of some forms of my address and my full name I find "regular", and which are never used by spammers (since they, usually, do not know my full name). It requires to "tweak" a bit my friends as well, "teaching" them to use *always* my *full name* in "TO:" address field, but they usually *do* that. As to others, those are mainly people who are versed well in "netiquette" and will use the name I have in my "From:" and/or "Reply-To:" fields, so they will *not* modify these fields, when reply to me or write a new message. The filter 1b) consists of all appropriate addresses of various lists/newsletters I am subscribed to. Usually it is well known "Reply-To:" header of a given list. The filter 2) is a bit "tricky". It is a direct result of my "work" on spammers' addresses. Since they use mostly some patterns for creation of these phony addresses, I use these patterns, when I notice them. One example is a pattern when they use serial of random letters, then a thread of several random numbers, where the numbers are limited by number of digits these numbers are consisting of, like in this: <[EMAIL PROTECTED]>. For a such pattern I use this (Selective Download) filter: Under "Rule" I check "Entire header", and in "Signal string" field I type "Return-Path: <\d\d\d\d\@" (where four "\d" represent any of four digits, in the given number, before "@" character, which is enough to detect the mentioned pattern in spammer's address). Then, at the "Advanced" tab I check "Kill" (oh yeah!) and under "Detection method" I check "Match any string as a regular expression" . That's all! And bunches of spam letters are deleted from server, just by this filter. I have 4-5 of similar filter strings with similar patterns. These are very simple/primitive regex "formulas" but they do lots of job. Counting, therefore, just these 2 groups of filters (1a, 1b and 2) I got to 1-3% of spam in my mailbox/HDD (I receive about 300-400 various messages daily, and in last few months even much more; when some new virus is "in", then the flow is also "richer"). "False positives" do not exist, and if happens that sometimes a "regular" message is deleted from server (for the last year only once, since the "rules" of addressing me were not defined in a proper way, described above), I can check briefly my LOG to see what is deleted, so I could ask the sender to resend the message properly addressed. And, these 1-3% entirely belong to the spammers which use that entire "random letters" part before "@" character. If I'd find a way to get rid of this pattern, I would hardly receive any spam on my HD. If I would add a filter line for messages with CC and multiple "TO" fields, it will reduce the spam even more, but it's a bit risky, since some (small number of) "regular" messages arrive this way too. Your filters are fine, and quite good pondered, but my goal is not having spam on my HDD at all, and making be "in touch" with it as less as possible. (-: That's the reason I am concentrated on this automatic "ten meters pole" rather than on having additional work/expenses dealing with spam downloading it and when is already on my HDD. I suppose such "style" of filtering is also much better for us who still pay for minute/hour of connection and do not use very quality ISPs/servers. And all about these filters of mine described above are much, much simpler then it could seem from my description. (-: That is, you need less time to make them, than for a description. - -- Mica PGP key uploaded at: <http://pgp.mit.edu/> once just before breakfast -----BEGIN PGP SIGNATURE----- iD8DBQFA9oDv9q62QPd3XuIRAre5AJ4mR7xTu1nCEiD/pvFjyMOkX1QSBgCbBlpw rZU5wC1IFwgYZwTDKMn/icE= =Ne5E -----END PGP SIGNATURE----- ________________________________________________ Current version is 2.12.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html