Re: Catching and stopping 419 spam

[Justin Mason <jm...@jmason.org>]

Henrik Krohns writes:
>On Sun, Apr 29, 2007 at 09:52:39PM -0700, Marc Perkel wrote:
>> OK - I did this with Exim rules but the same trick could be used in SA. 
>> I figured out a trick that catches 419 spam with amazing accuracy.
>> 
>> ...
>> So - who uses one freemail address with a reply-to of another? 419 
>> spammers. So if you make a list of domains that are popular freemail 
>> vendors used by spammers and if both the from and reply-to addresses are 
>> in this list and they are different, it's a 419 spammer.
>> 
>> ...
>> Anyhow - I figure this trick would be easy to code up for SA and someone 
>> should try it.
>
>Good idea. I made a simple plugin for testing..
>
>http://sa.hege.li/FreeMail.pm

I've love to see mass-check results -- this sounds like a promising
rule.

--j.