> Does anyone have a rule to chech the envelope To: against the header
> to: ? I'm sure that there's a reason why it's allowed to be
> different, but it doesn't apply here, and almost half of the
> spam that gets thru everything else would get stopped by that.
[First I am new here and so may know NOTHING.]
This makes sense to me for an incremental rule and
is associated with something else that I am seeing
in a lot of spam:
Case:
Display name is MADE up, and sent to a real email username.
"Johny Sullivan" <[EMAIL PROTECTED]>
I have NO idea why the spammers do this -- it wouldn't be
that hard to at least make it "Brian Sullivan" and quite
a few do in fact make it "BrianX" <[EMAIL PROTECTED]>
which at least seems to make sense.
Two questions have occurred to me: Would this actually
helf find spam BETTER (since I see this in high score
spam anyway) and how hard it would be to write the match
but I have figure out at least an ugly way to do that.)
It might require a plug-in to do in a general way (with
file lookup on "user name"/email-account pairs, aliases,
etc. Otherwise it would only be suitable for small email
domains and a custom solution for each location (e.g, no
general set of rules everyone could download.)
And then, if there is no advantage to spammers or even
reason for this practice -- they might just stop doing it.
(But even that seems a small victory. <grin>)
--
Herb Martin
