Martin Gregorie wrote:
Alternatively, using a meta rule that combines the above pattern as a
sub-rule with two like this:
/[a-z]{7,8}[0-9]{4}/
that match against From: and Reply-To: headers would appear to be
fairly specific and worthy of a big score, but of course you'll have
spotted that already.
That's the pattern I'm seeing on my own spamtraps -- messages that have
4 numeric digits in both the From: and Reply-To: addresses.
However, in re-running some of my samples against rules that may do this
kind of thing, I'm finding that all my samples are getting sufficient
hits from external queries that the score is high enough to force
rejection, anyway.
Thus, based on my own observations, it looks like the value of rules in
this particular area is going to be in scoring stuff that arrives before
the domains show up in the various SURBLs.
Smith
