December 17, 2003

Spam no longer disguising itself

It seems that spammers, in an attempt to get through mail filters, have given up even pretending that they are sending legitimate mail. Some of the subject lines I recieved today were:

Re: DZFWKYK, there came flying

and

Re: MXG, schizophrenic but also

The goal appears to be to make the subject lines difficult to write a general-purpose regular expression for. And that seems to be the only goal. Because what sane person would open an email message with a title like that?

By the way, this seems to work in most cases:

/Re: [A-Z]{2,}, [a-z]+ [a-z]+ [a-z]+/

And, if folks send legitimate email with a all-caps first word, well, they'll get a friendly reject message and can resend.

So the entire postfix rule would look like:

/^Subject: .*R[eE]: [A-Z]{2,}, [a-z]+ [a-z]+ [a-z]+/ REJECT Your message has been rejected because it looks like the latest rash of spam. If this was legitimate email, please resend with less spam-like qualities. Thanks.

Or, if you don't care about false positives, and/or don't want to alert the spammers that you're smarter than they are, just DISCARD instead of REJECT.

Have I mentioned lately how much I despise spammers?

Posted by rbowen at December 17, 2003 09:02 AM | TrackBack
Comments
Post a comment