You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by "Warren Togami Jr." <wt...@gmail.com> on 2011/02/11 08:47:05 UTC
SMF_BRACKETS_TO
trunk/rulesrc/sandbox/smf/20_smf.cf:
header SMF_BRACKETS_TO To:raw =~ /<<[^<>]+>>/
describe SMF_BRACKETS_TO Double-brackets around To header address
score SMF_BRACKETS_TO 0.01
http://ruleqa.spamassassin.org/20110210-r1069279-n/T_SMF_BRACKETS_TO/detail
This rule seems to be catching a fair bit of low scoring spam with
almost zero FP's.
Do you know where such spam comes from? Is this "prejudiced" in any way
like FSL_RU_URL? If not this might be the kind of rule we should allow
to auto-promote.
Warren
Re: SMF_BRACKETS_TO
Posted by Steve Freegard <st...@stevefreegard.com>.
On 11/02/11 07:47, Warren Togami Jr. wrote:
> trunk/rulesrc/sandbox/smf/20_smf.cf:
> header SMF_BRACKETS_TO To:raw =~ /<<[^<>]+>>/
> describe SMF_BRACKETS_TO Double-brackets around To header address
> score SMF_BRACKETS_TO 0.01
>
> http://ruleqa.spamassassin.org/20110210-r1069279-n/T_SMF_BRACKETS_TO/detail
> This rule seems to be catching a fair bit of low scoring spam with
> almost zero FP's.
>
> Do you know where such spam comes from? Is this "prejudiced" in any way
> like FSL_RU_URL? If not this might be the kind of rule we should allow
> to auto-promote.
I wrote this rule as I was seeing false-negatives for 'UPS Parcel
Service notification' messages that were hiding malware.
I'm about to push out some similar rules for testing.
Regards,
Steve.