I'd go a step farther ... mail sent outside of the work day (local
*and* EST) is more commonly spam.
My current assumption (not yet backed by stats) is to add points to
anything between 12a-6a EST that is also between 1a-5a locally. In
addition, some points (but not as many) can be awarded to weekend
emails in some situations (not at my workplace though).
I have a (poorly-written) plugin that does the latenight check now,
but I don't know how to get it to parse the headers (it actually uses
gmtime() and localtime() at the moment!)
#################
# Spammers often send their mail late-night to avoid reporting and
# utilize higher bandwidth without so much attention (how
# considerate!). Legitimate mail is less commonly sent so late.
# TODO: _check_date_received() Mail::SpamAssassin::Plugin::HeaderEval
sub check_latenight {
my ($self, $msg) = @_;
my @gmt = gmtime(time);
my @local_time = localtime(time);
my $est = $gmt[2] - 5; # yeah, no DST ... meh, 1h slow is ok
my $hour = $local_time[2];
# between midnight and 6am in New York AND between 1a and 5a local
if ( $est < 6 && 1 < $hour && $hour < 5 ) {
return 1;
}
return 0;
}
##################
header __KHOP_BULK Precedence =~ /bulk|list/
header __LATENIGHT eval:check_latenight()
meta KHOP_LATENIGHT __LATENIGHT && !ALL_TRUSTED && !__KHOP_BULK
describe KHOP_LATENIGHT Supposedly personal mail received late at night
score KHOP_LATENIGHT 0.25
