Mailing List Archive: Matching a To name

Matching a To name

Feb 15, 2004, 11:05 PM

Post #1 of 3 (694 views)

Just scanning the spam I received today, only two of them actually had my
email address in either the to or cc list. Many of them didn't even match
my domain anywhere in the to or cc list. While I'm sure it will catch some
minimal ham (and possibly a lot of mailing lists) a simple test for my mail
address presetn in to or cc probably would catch a huge amount of the spam.

Of the two messages that did have my email address, one of them had a
display name for the address that was totally bogus. Which gets me to the
point: how can I catch this case? The display name can be missing, in
double quotes, not in double quotes, and for all I know half a dozen other
formats. How can I say "IF there is a display name in fromt of my email
address, then it needs to contain this string; but it is ok if there is no
display name?"

I figure I can add 3 points to probably 80% of the spam just by looking to
see if it was actually addressed to me in the header.

Loren

Re: Matching a To name [ In reply to ]

vitasek at tqsoft

Feb 16, 2004, 2:32 AM

Post #2 of 3 (651 views)

Permalink

hmm what about BCC's sent to you?
especially mailing list messages sent to you?

they all don't have your address in "to" or "cc".

Loren Wilton wrote:
> Just scanning the spam I received today, only two of them actually had my
> email address in either the to or cc list. Many of them didn't even match
> my domain anywhere in the to or cc list. While I'm sure it will catch some
> minimal ham (and possibly a lot of mailing lists) a simple test for my mail
> address presetn in to or cc probably would catch a huge amount of the spam.
>
> Of the two messages that did have my email address, one of them had a
> display name for the address that was totally bogus. Which gets me to the
> point: how can I catch this case? The display name can be missing, in
> double quotes, not in double quotes, and for all I know half a dozen other
> formats. How can I say "IF there is a display name in fromt of my email
> address, then it needs to contain this string; but it is ok if there is no
> display name?"
>
> I figure I can add 3 points to probably 80% of the spam just by looking to
> see if it was actually addressed to me in the header.
>
> Loren
>
>

Re: Matching a To name [ In reply to ]

jdow at earthlink

Feb 16, 2004, 3:10 AM

Post #3 of 3 (650 views)

Permalink

Very few of those have many "To:" or "Cc:" addresses. And none of them
have a "To:" or "Cc:" to his address with a wrong name. The tough part
as I see it is that many people use nicknames they create in the quotes
so any filtering will tend to penalize these people. This includes one
of the people who markets the software he sells. I've refrained from
implementing it. If implemented it should have a small score. Were it
not for the nicknames it'd be an excellent filter.

{^_-}
----- Original Message -----
From: "Ralf Vitasek" <vitasek@tqsoft.de>

> hmm what about BCC's sent to you?
> especially mailing list messages sent to you?
>
> they all don't have your address in "to" or "cc".
>
>
>
> Loren Wilton wrote:
> > Just scanning the spam I received today, only two of them actually had
my
> > email address in either the to or cc list. Many of them didn't even
match
> > my domain anywhere in the to or cc list. While I'm sure it will catch
some
> > minimal ham (and possibly a lot of mailing lists) a simple test for my
mail
> > address presetn in to or cc probably would catch a huge amount of the
spam.
> >
> > Of the two messages that did have my email address, one of them had a
> > display name for the address that was totally bogus. Which gets me to
the
> > point: how can I catch this case? The display name can be missing, in
> > double quotes, not in double quotes, and for all I know half a dozen
other
> > formats. How can I say "IF there is a display name in fromt of my email
> > address, then it needs to contain this string; but it is ok if there is
no
> > display name?"
> >
> > I figure I can add 3 points to probably 80% of the spam just by looking
to
> > see if it was actually addressed to me in the header.
> >
> > Loren
> >
> >