[ale] Spam tips - maybe - if you can filter email easily

J o n K e t t e n h o f e n jonkettenhofen at yahoo.com
Mon Sep 1 11:21:39 EDT 2003 

Hope this helps some of y'all (those of you who are still looking for
a better solution.)  Feel free to add to this.  Thanks.

Most spam uses qmail to send.
Some spam contains the header "X-YahooFilteredBulk:" which
mailman-owner at primeharbor.com (the ale lug email owner)
also uses.

Most of the spam I receive is sent out via "qmail" which keyword shows up in
one of the "from" headers.  This accounts for over 95% of spam I get.
I filter all those into my "spam" mail folder.  Most of my 
subscription services,
including the e-magazines and discussion groups such as ALE  (and my ISP's)
also use qmail: I just filter those out before the spam filters.

I still have to review the spam folder for some message  I may have 
failed to filter
to a valid mailbox before the spam filter but these are fewer each week as I
institute new filters.  Before the spam filter, I also filter to the 
trash or another
mailbox.all those messages which have very specific spam identities 
(such as a .pif file,
for example.)

My spam bucket/mailbox usually contains "from" names that I do not 
recognize and
subjects that are obviously spam.

Another filter idea: spammers often use the
target userid in the subject line in an attempt to "personalize" the message:
if I see "jonkettenhofen" in the subject line, I know it's junk. 
None of my friends
ever use my name or userid in the subject line.

The result is that my inbox contains only those messages I want to 
read or review immediately.

For the extreme control freaks:  filter to IN-BOX all email you know 
to be from sources you
acknowledge as valid (friends, subscriptions, ISPs, RedHat support, 
etc.) then filter
everything else to spam buckets (or the trash) or just delete 
everything else if you
don't have time to review.

If you are an ISP [sic]:  most spam uses invalid email return 
addresses (and/or an invalid
"remove" URL/email address.)  Is it too expensive to check these, 
especially if every
ISP and gateway does this?  Seems to me that no email should be 
launched from any
server if it has a broken or invalid return address.  If we eliminate 
spam at the source,
we should all benefit from the increased bandwidth.  OTOH - could it 
be that ISPs and
gateways want increased bandwidth because it's job security? 8^)
Hope not.

I use Eudora (the paid for copy) on a PowerMac for my email. I use
the Mac for historical reasons and for security from Wintel viruses.  I use
Eudora for its multiple mailbox feature and now for its email 
filtering feature.
So I don't know if most of you will benefit from this but the ideas should
be applicable to any good email (filtering) program.
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list