You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by "Warren Togami Jr." <wt...@gmail.com> on 2011/02/11 08:47:05 UTC

SMF_BRACKETS_TO

trunk/rulesrc/sandbox/smf/20_smf.cf:
header SMF_BRACKETS_TO To:raw =~ /<<[^<>]+>>/
describe SMF_BRACKETS_TO Double-brackets around To header address
score SMF_BRACKETS_TO 0.01

http://ruleqa.spamassassin.org/20110210-r1069279-n/T_SMF_BRACKETS_TO/detail
This rule seems to be catching a fair bit of low scoring spam with 
almost zero FP's.

Do you know where such spam comes from?  Is this "prejudiced" in any way 
like FSL_RU_URL?  If not this might be the kind of rule we should allow 
to auto-promote.

Warren

Re: SMF_BRACKETS_TO

Posted by Steve Freegard <st...@stevefreegard.com>.

On 11/02/11 07:47, Warren Togami Jr. wrote:
> trunk/rulesrc/sandbox/smf/20_smf.cf:
> header SMF_BRACKETS_TO To:raw =~ /<<[^<>]+>>/
> describe SMF_BRACKETS_TO Double-brackets around To header address
> score SMF_BRACKETS_TO 0.01
>
> http://ruleqa.spamassassin.org/20110210-r1069279-n/T_SMF_BRACKETS_TO/detail
> This rule seems to be catching a fair bit of low scoring spam with
> almost zero FP's.
>
> Do you know where such spam comes from? Is this "prejudiced" in any way
> like FSL_RU_URL? If not this might be the kind of rule we should allow
> to auto-promote.

I wrote this rule as I was seeing false-negatives for 'UPS Parcel 
Service notification' messages that were hiding malware.

I'm about to push out some similar rules for testing.

Regards,
Steve.