You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Amir Caspi <ce...@3phase.com> on 2019/01/14 20:05:58 UTC
Re: Proposed rule for too many dots in From
On Dec 20, 2018, at 6:16 PM, Amir Caspi <Ce...@3phase.com> wrote:
>
> header AC_FROM_MANY_DOTS From =~ /<(?:\w{2,}\.){2,}\w+@/
>
> John, could you update the sandbox rule to the above? That should whittle down FPs. I'd recommend leaving it as 2 letters, though, since a number of spammy addresses are things like john.at.amazon or some such like that.
John, just curious on whether there are any results from sandboxing this rule, and whether it -- or some variant -- might be a good addition? (Likely within a meta, I'm sure.)
Thanks and happy new year!
--- Amir
Re: Proposed rule for too many dots in From
Posted by Paul Stead <pa...@gmail.com>.
Looks like it was hitting a fair amount of ham the last week or so.
https://ruleqa.spamassassin.org/20190607-r1860743-n/T_AC_FROM_MANY_DOTS/detail
The last few days have looked a bit better:
https://ruleqa.spamassassin.org/20190609-r1860879-n/T_AC_FROM_MANY_DOTS/detail
https://ruleqa.spamassassin.org/20190610-r1860930-n/T_AC_FROM_MANY_DOTS/detail
3 days good performance on ruleqa equals promotion followed by a scoring
day.
On Mon, 10 Jun 2019 at 19:13, Amir Caspi <ce...@3phase.com> wrote:
> On Jan 26, 2019, at 10:27 AM, John Hardin <jh...@impsec.org> wrote:
> >
> > On Thu, 24 Jan 2019, Amir Caspi wrote:
> >
> >> On Jan 15, 2019, at 8:46 AM, John Hardin <jh...@impsec.org> wrote:
> >>>
> >>>> On Dec 20, 2018, at 6:16 PM, Amir Caspi <Ce...@3phase.com> wrote:
> >>>>>
> >>>>> header AC_FROM_MANY_DOTS From =~ /<(?:\w{2,}\.){2,}\w+@/
> >>>
> >>> Argh. I lost track of that over the holidays. Thanks for the reminder,
> adding it now.
> >>
> >> Anything interesting with the results on sandboxing this rule?
> >
> > Not really, at least not by itself.
>
> It looks like this rule was still being tested last month (I saw it
> hitting a bunch of my spams), but now appears to be gone (it's not hitting
> on spams that it normally would). Did you decide it wasn't sufficiently
> useful, either alone or in meta?
>
> Cheers.
>
> --- Amir
>
>
Re: Proposed rule for too many dots in From
Posted by Amir Caspi <ce...@3phase.com>.
On Jan 26, 2019, at 10:27 AM, John Hardin <jh...@impsec.org> wrote:
>
> On Thu, 24 Jan 2019, Amir Caspi wrote:
>
>> On Jan 15, 2019, at 8:46 AM, John Hardin <jh...@impsec.org> wrote:
>>>
>>>> On Dec 20, 2018, at 6:16 PM, Amir Caspi <Ce...@3phase.com> wrote:
>>>>>
>>>>> header AC_FROM_MANY_DOTS From =~ /<(?:\w{2,}\.){2,}\w+@/
>>>
>>> Argh. I lost track of that over the holidays. Thanks for the reminder, adding it now.
>>
>> Anything interesting with the results on sandboxing this rule?
>
> Not really, at least not by itself.
It looks like this rule was still being tested last month (I saw it hitting a bunch of my spams), but now appears to be gone (it's not hitting on spams that it normally would). Did you decide it wasn't sufficiently useful, either alone or in meta?
Cheers.
--- Amir
Re: Proposed rule for too many dots in From
Posted by John Hardin <jh...@impsec.org>.
On Thu, 24 Jan 2019, Amir Caspi wrote:
> On Jan 15, 2019, at 8:46 AM, John Hardin <jh...@impsec.org> wrote:
>>
>>> On Dec 20, 2018, at 6:16 PM, Amir Caspi <Ce...@3phase.com> wrote:
>>>>
>>>> header AC_FROM_MANY_DOTS From =~ /<(?:\w{2,}\.){2,}\w+@/
>>
>> Argh. I lost track of that over the holidays. Thanks for the reminder, adding it now.
>
> Anything interesting with the results on sandboxing this rule?
Not really, at least not by itself.
https://ruleqa.spamassassin.org/20190125-r1852100-n/__AC_FROM_MANY_DOTS/detail
It hits low-scoring spam, so it *might* be worthwhile in a meta. I'll see
what I can do with it.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Tomorrow: Wolfgang Amadeus Mozart's 263rd Birthday
Re: Proposed rule for too many dots in From
Posted by Amir Caspi <ce...@3phase.com>.
On Jan 15, 2019, at 8:46 AM, John Hardin <jh...@impsec.org> wrote:
>
>> On Dec 20, 2018, at 6:16 PM, Amir Caspi <Ce...@3phase.com> wrote:
>>>
>>> header AC_FROM_MANY_DOTS From =~ /<(?:\w{2,}\.){2,}\w+@/
>
> Argh. I lost track of that over the holidays. Thanks for the reminder, adding it now.
Anything interesting with the results on sandboxing this rule?
Thanks!
--- Amir
Re: Proposed rule for too many dots in From
Posted by John Hardin <jh...@impsec.org>.
On Mon, 14 Jan 2019, Amir Caspi wrote:
> On Dec 20, 2018, at 6:16 PM, Amir Caspi <Ce...@3phase.com> wrote:
>>
>> header AC_FROM_MANY_DOTS From =~ /<(?:\w{2,}\.){2,}\w+@/
>>
>> John, could you update the sandbox rule to the above? That should whittle down FPs. I'd recommend leaving it as 2 letters, though, since a number of spammy addresses are things like john.at.amazon or some such like that.
>
> John, just curious on whether there are any results from sandboxing this rule, and whether it -- or some variant -- might be a good addition? (Likely within a meta, I'm sure.)
>
> Thanks and happy new year!
Argh. I lost track of that over the holidays. Thanks for the reminder,
adding it now.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
All I could think about was this bear is so close to me I can
see its teeth. I could have kissed it. I wished I had a gun.
-- Alyson Jones-Robinson
-----------------------------------------------------------------------
2 days until Benjamin Franklin's 313th Birthday