[pmmail-list] Spam Filtering - HOW?

[Maynard Riley]

Hi Ralph,

As I hear it, you are essentially "whitelisting" first; and considering
everything else to be junk; which is the proper technique for
firewalling, block everything and then open just the holes required.

It's an elegant solution of course, and I'm glad that it's working for
you, but in my mail stream, my oldest email address wasn't carefully
protected, and is on many of the "millions cds", and receiving much
unsolicited and unwanted mail which doesn't look too much different
from desirable mail from new strangers. 

So I started, and maintain (additions only), a filter for the purpose
of identifying strings in the header which indicate junk mail. It gets
90% of incoming junk without checking any body content or for html. The
DNSBLs miss more spams than this. And I do need to do some whitelisting
in advance of this filter.


For anybody who wants all or part of it, I include it below. It's
pretty old, impossible to clean, and doesn't scale well. ...

(! h.from = "@" | (!h.To=""))
|(!h.Message-id="@")
|h="Return-path: <MY/YOUR ADDY>"  <-- CUSTOMIZE THIS
|h.Subject="     "
|h=" .... "
|h=".tw " |h=".kr "|h=".cn "
|h="64.94.110.11"
|h="@consumer-marketplace.com"
|(h.Content-type="charset=windows-1251" | h="Date-warning:")
|h="X-Wirehub: Message from probable spam source"
|h="=?ISO-"
|h.to="Undisclosed."
|h.from="netsales.net"
|h.from="promot"
|h.fromid="$ab.spammers$"
|h = "_["
|h = "alt1."
|h = "bulk.server.com"
|h = "192.41.19.90"
|h = "[206.186.43."
|h = "[209.167.79."
|h = "adnetwork"
|h = "ADV:"
|h = "dialsprint.net"
|h = "trim-slim"
|h = "cybermarket"
|h = ".ac.cn"
|h = "Stellar-X PostList"
|h = "edirectnetwork"
|h="digitalwork.com"
|h = "clickaction.net"
|h = "dwdata.com"
|h="[211"
|(h="marketing" &!h.subject="marketing")
|h="SMI-8.6/SMI-SVR4"
|h="[216.77.145."
|h="-0700 (EDT)"
|h="[205.211.138.173"
|h="[216.242."
|h=" .... "
|h="213.196.34.168"
|h="metability.com"
|h.X-EM-Registration="#01B0530810E603002D00"
|h.X-EM-Registration="#00F06206106618006920"
|h="[194.228.59."
|h="[61.168."
|h="[202.106."
|h="[63.148.233."
|h.to="friend@public.com"
|h="65.170.214." | h="65.170.215."
|h.from="prestwood.com"
|h="([217.11.39."
|h.X-Mailer="diffondi"
|h="205.183.255."
|h="200.24.95."
|h=".monsterhut.com "
|h="213.24.13."
|h="210.83.196."
|h.X-Mailer="MMailer"
|h="211.169.249.129"
|h="hinet.net"
|h="216.31.147."
|h=".ch ["
|h="flonetwork"
|h.From="DigitalWork"
|h="Torabi"
|h="roving.com [63.251.135." |h="X-Mailer: Roving Constant Contact"
|h="netpa-tr.net"
|(h="66.197.140." | h="66.197.170.")
|(h="[216.21.33." |h=".coolfreestuff.com")
|h="[216.21.34."|h="[216.21.32"
|h=".optingnow.com" |h=".optprofessionals.com"
|h="[66.216.91."
|h="QRJATYDI"
|h="Return-Path: <-R@www."
|h="e16a50.net>"
|h.To="Beatrice Adams"
- pmmail-list - The PMMail Discussion List ---------------------------
To POST to the list, send your message to:
pmmail-list@blueprintsoftwareworks.com

To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com 
with the first line of the message body being...
UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com
---------------------------------------------------------------------