[LINK] getting rid of image spam

Adam Todd link at todd.inoz.com
Thu Nov 2 11:12:29 AEDT 2006 

This kinda proves my point that Craig prefers to false positive block 
EVERYTHIGN and reject things, than to filter correctly.  Sadly if Craig 
were to legitimately use PayPal or Ebay, he isn't going to get the messages!

And if the AFP (or Auscert or ACCC or ACME) send him something about Fraud 
Prevention in reply to a message he sends them, it will be rejected too :)

Not very elegant in my view.

At 08:47 AM 2/11/2006, Craig Sanders wrote:
>On Thu, Nov 02, 2006 at 08:14:25AM +1100, Neale Banks wrote:
>
>the rule was designed to block image spam, not phishing.
>
>i have a pretty PCRE good header_checks rule to block most phishing
>spams - very few of them get through these days. as you can probably
>guess, it evolved over a few months, as each new variation arrived. it's
>still evolving.
>
>it mostly gets paypal and ebay phishes - bank phishes vary a lot more in
>their subject header.
>
>/^Subject:.*((?:bank|acc?ount|Westpac).*(?:compromised|limited|flagged|suspen|On.?hold|confirm|violate|verif|updat|frozen|screen|block|authen)|Security 
>Center|Limited acc?ount|Card 
>Blocked|new.*anti.*fraud.*system|identified.*unusual.*activit|Fraud 
>Prevention|Notif.*(?:acc?ount|profile|update)|Acc?ount.*(?:Review|Security)|Routing 
>Code|PayPal.*Security.*Measure|(?:update|restore|upgrade).*(?:Acc?ount|Information|records|address|identity|detail)|power.*seller.*(?:promotion|registration|membership)|PayPal.*Check.*acc?ount|(?:unlock|protect).*acc?ount|IMPORTANT: 
>Password Change Required|INV 
>NOTICE:.*Acc?ount.*Suspen|User.*Linked.*Suspen|Security.*be.*advi[cs]|Important\s*News\s*!|invite.*power.*seller|Get\s*Verified\s*!|PayPal 
>Email ID|Activate Your PayPal 
>Acc?ount!|PayPal.*Activity.*Verification|Please.*update.*record|(?:Confirm|Verify|Update|Upgrade|Activ).*(?:Acc?ount|log.?in|profile).*(?:Details|Records|Info)|New.*address.*added.*PayPal|Urgent.*Security.*Alert|Your.*PayPal.!
> 
>*(?:Acc?ount|Info)|Critical.*info.*acc?ount|Comprom.*Acc?ount|(?:Verify|Confirm|Update|Activ).*(?:PayPal|ebay|bank|your).*(?:Acc?ount|identity|info|records|address|profile)|Bank.*Acc?ount.*Information|(?:PayPal|ebay).*(?:Security|Notice)|Apply.*PayPal.*Card|Credit.*Card.*Cloned|(?:security|prevention).*(?:measure|feature)|Important.*Notice.*Acc?ount|Acc?ounts 
>Info|(?:Warning|Important)Notif|(?:PayPal|ebay|bank).*Fraud.*Alert|acc?ount.*(?:!\s*)+|Receipt 
>of paye?ment 
>to|fraud.*alert|limited.*access.*acc?ount|confirm.*(?:credit|debit).*card|Secuirty.*(?:Update|Request)|Urgent.*Security.*Precaution|eBay.*Expiration.*Reminder|New 
>Security Warning|Update Your 
>Profile|Preserve.*Account.*Stability|Resolution Center 
>Notice|URGENT.*Reward.*Survey|PayPal.*Suspicious.*Activity|LWPELECTRONICS|Power.?(?:Seller|Buyer))/ 
>REJECT
>

More information about the Link mailing list