>> On Thu, 2022?02?03 at 10:50 ?0500, joea? lists wrote:
SA version 3.4.5
>>>
>>> Since yesterday 2/2/22 (gasp!) . . . I've noticed an up tick in
missed
>>> SPAM from .co domain. Though obvious SPAM
>>> weight loss, phish, "personals", they are scoring rather low.
>>>
>>> Added a custom rule for that domain, which should deal with it,
but
>>> wondering if I missed some changes that
>>> might cause this?
>>>
>> IMO that's too specific: it will deal with spam from that address,
but
>> each new address needs its own rule. I only use that type of rule
to
>> ding endless sales messages from companies that I bought one item
from
>> and who are unlikely to ever sell me anything else.
>>
>> IMO its worth scanning though spam looking for odd phrases or
spellings
>> and making rules to add points for these features. Done carefully,
you
>> can end up with rules that trap that type of spam no matter where
it
>> comes from, i.e. pron, "girls looking for men", banking scams,
etc.
>>
>> Martin
>>
>
> Yes, it is painting with a rather broad brush and there are several
other
> domain specific rules. Each was done "just for now".
>
> Time to follow your suggestion, but, kind of like laying off from the
gym
> for a few weeks, then trying to get started again.
>
> joe a.
Found a rule that was hit on all of these, but has scored at 0.0.
Added it to local.cf with a score to put it just at 5.0 and commented
out my domain specific rule. We'll see how it goes.
joe a.