You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by agamemnus <sp...@flyingsoft.phatcode.net> on 2011/12/15 17:57:37 UTC
Making a rule -- "to" not matching "for"
A while ago, I made the mistake of trusting a certain small company with my
email addresses. They were since compromised and I have had thousands of
spam emails in the years since... (I told them about it; no response
whatsoever.)
One thing that would really help is to discard any emails where the "to"
doesn't match the "for" fields: 99% of my spam is like that. Can anyone tell
me what the rule for this would be? Thanks!
--
View this message in context: http://old.nabble.com/Making-a-rule----%22to%22-not-matching-%22for%22-tp32982486p32982486.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Making a rule -- "to" not matching "for"
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 12/15/2011 1:44 PM, John Hardin wrote:
> On Thu, 15 Dec 2011, agamemnus wrote:
>
>> One thing that would really help is to discard any emails where the "to"
>> doesn't match the "for" fields: 99% of my spam is like that. Can
>> anyone tell
>> me what the rule for this would be? Thanks!
>
> Sample headers would help.
>
> By "for" do you mean the envelope recipient address in the Received:
> header(s)? Those are not added by all MTAs, and _discarding_ (vs. just
> adding a point for) any mail where the envelope recipient address does
> not match the header To: address (what you seem to be suggesting)
> would prevent you from receiving legitimate blind carbon copies from
> anyone.
>
> Is that truly what you want?
>
They aren't bounces and I also told him the same thing off-list about BCC's.
From looking at one email, appears to be a good string of new spam we
might need to look at. Looks to forge Hotmail but also appears to be a
waste because there is no call to action in the spam.
Agamemnus, if you want to send some of the emails to me off-list as a
zipped mbox or something, feel free and I'll see if I can find any
patterns. Your to/for idea doesn't have merit because as discussed
that's how BCC's work.
Regards,
KAM
Re: Making a rule -- "to" not matching "for"
Posted by John Hardin <jh...@impsec.org>.
On Thu, 15 Dec 2011, agamemnus wrote:
> One thing that would really help is to discard any emails where the "to"
> doesn't match the "for" fields: 99% of my spam is like that. Can anyone tell
> me what the rule for this would be? Thanks!
Sample headers would help.
By "for" do you mean the envelope recipient address in the Received:
header(s)? Those are not added by all MTAs, and _discarding_ (vs. just
adding a point for) any mail where the envelope recipient address does not
match the header To: address (what you seem to be suggesting) would
prevent you from receiving legitimate blind carbon copies from anyone.
Is that truly what you want?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Today: Bill of Rights day
Re: Making a rule -- "to" not matching "for"
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 12/15/2011 11:57 AM, agamemnus wrote:
> A while ago, I made the mistake of trusting a certain small company with my
> email addresses. They were since compromised and I have had thousands of
> spam emails in the years since... (I told them about it; no response
> whatsoever.)
>
> One thing that would really help is to discard any emails where the "to"
> doesn't match the "for" fields: 99% of my spam is like that. Can anyone tell
> me what the rule for this would be? Thanks!
Are these "returned"/NDRs?
Regards,
KAM