You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2007/04/30 11:58:21 UTC
Re: Catching and stopping 419 spam
Henrik Krohns writes:
>On Sun, Apr 29, 2007 at 09:52:39PM -0700, Marc Perkel wrote:
>> OK - I did this with Exim rules but the same trick could be used in SA.
>> I figured out a trick that catches 419 spam with amazing accuracy.
>>
>> ...
>> So - who uses one freemail address with a reply-to of another? 419
>> spammers. So if you make a list of domains that are popular freemail
>> vendors used by spammers and if both the from and reply-to addresses are
>> in this list and they are different, it's a 419 spammer.
>>
>> ...
>> Anyhow - I figure this trick would be easy to code up for SA and someone
>> should try it.
>
>Good idea. I made a simple plugin for testing..
>
>http://sa.hege.li/FreeMail.pm
I've love to see mass-check results -- this sounds like a promising
rule.
--j.