On 2021-06-15 19:44, Loren Wilton wrote:
My site is getting a lot of spam that is getting past spamassassin.
Because it has a hone number to call, and rather than a link to login
using username and password. Mostly fake amazon purchases. They are
getting past a lot of URL block lists because of that. FWIW. - Mark
I have a number of "purchase" rules that add about 30 points for fake
Amazon (and other) scams. I haven't had one get thru in the last
couple of months since I instituted them, but I only have a personal
account and not a whole site, so YMMV. None of them look for phone
numbers, but I do have a set of rules for a handful of stolen business
addresses commonly used in spams I get. They add a few points when
those show up.
Loren
That approach might be problematic on multi-user servers. I'm already
getting FPs when someone does a copy/paste of an Amazon product page and
sends it as mail. This triggers the "not from Amazon but has images from
Amazon" rule, which is weighted quite high. The sender's signature
typically has a phone number as well, so EvilNumbers would make things
worse. I still think the rule and weight is appropriate for spam, so I'm
looking for other ways to mitigate the FPs.
--
For SpamAsassin Users List