where does +detail come from?

Kevin D. Clark kclark at CetaceanNetworks.com
Thu Mar 25 14:03:00 EST 2004 

Jeff Macdonald writes:

> It is most annoying when sign up forms
> don't allow + as I use it as a way to tag my address with a vendor's
> name (ie jeff+palm at blah for Palm). If mail comes from somewhere besides
> the vendor - well, then you know he sold your address.

Two comments:

1: I wouldn't be surprised if spammers strip out "+detail" from their
   list of email addresses, either to be more annoying or else to
   increase the size of their "unique email list".

2: If you're relying upon this technique to filter out future spam,
   you're probably going to be disappointed.  If "jeff at palm@blah" gets
   sold to a spammer, you can be sure that jeff at blah is going to start
   getting spam, and you won't know who sold your address.

Full disclosure:  I have a friend who started a business
(http://www.emailias.com/) that provides a service (for a fee) that
provides email addresses that get around this problem.

Regards,

--kevin

PS  On a related note, I hacked together the following SpamAssassin
rules the other day.  I pass them along in the hopes that others will
find them to be useful.  YMMV.  I hope that I'm on some people's
whitelists... (-:



body XANAX                     /\bxanax\b/i
describe XANAX                 Plugs Xanax
score XANAX 1.5

body  CIALIS                     /\bcialis\b/i
describe CIALIS                 Plugs Cialis
score CIALIS 1.5

body OBFUSCATED_VIAGRA     /(?:\b|super|mega)(?:v|\\\/).?[i1!|].?[a\@].?g.?r.?[\@a].?(?:\d+|\b)/i
body OBFUSCATED_CIALIS     /(?:\b|super|mega)c.?[i1!|].?[a\@].?l.?[i1!|].?s.?(?:\d+|\b)/i
body OBFUSCATED_VALIUM     /(?:\b|super|mega)(?:v|\\\/).?[a\@].?l.?[i1!|].?u.?m.?(?:\d+|\b)/i
body OBFUSCATED_OXYCONTIN  /(?:\b|super|mega)[o0].?x.?y.?c.?[o0].?n.?t.?[i1!|].?n.?(?:\d+|\b)/i
body OBFUSCATED_VICODIN    /(?:\b|super|mega)(?:v|\\\/).?[i1!|].?c.?[o0].?d.?[i1!|].?n.?(?:\d+|\b)/i
body OBFUSCATED_PERCOCET   /(?:\b|super|mega)p.?e.?r.?c.?[o0].?c.?e.?t.?(?:\d+|\b)/i
body OBFUSCATED_OXYCODONE  /(?:\b|super|mega)[o0].?x.?y.?c.?[o0].?d.?[o0].?n.?e.?(?:\d+|\b)/i
body OBFUSCATED_XANAX      /(?:\b|super|mega)x.?[a\@].?n.?[a\@].?x.?\b/i

describe OBFUSCATED_VIAGRA    Attempts to hide a drug name with garbage
describe OBFUSCATED_CIALIS    Attempts to hide a drug name with garbage
describe OBFUSCATED_VALIUM    Attempts to hide a drug name with garbage
describe OBFUSCATED_OXYCONTIN Attempts to hide a drug name with garbage
describe OBFUSCATED_VICODIN   Attempts to hide a drug name with garbage
describe OBFUSCATED_PERCOCET  Attempts to hide a drug name with garbage
describe OBFUSCATED_OXYCODONE Attempts to hide a drug name with garbage
describe OBFUSCATED_XANAX     Attempts to hide a drug name with garbage

score OBFUSCATED_VIAGRA    2.3 
score OBFUSCATED_CIALIS    2.3 
score OBFUSCATED_VALIUM    2.3 
score OBFUSCATED_OXYCONTIN 2.3 
score OBFUSCATED_VICODIN   2.3 
score OBFUSCATED_PERCOCET  2.3 
score OBFUSCATED_OXYCODONE 2.3 
score OBFUSCATED_XANAX     2.3 

body BOOSTS_GAS_MILEAGE /(?:boosts?|increases?)\s+gas(?:oline)? mileage/i
score BOOSTS_GAS_MILEAGE 1.0

body FUEL_SAVER_PRO /Fuel Saver Pro/i
score FUEL_SAVER_PRO 1.0

body LEGALLY_ORDAINED_MINISTER /LEGALLY ORDAINED MINISTER/i
score LEGALLY_ORDAINED_MINISTER 1.0

body MARRY_YOUR_RELATIVE  /marry your (?:brother|sister|father|mother|son|daughter)/i
score MARRY_YOUR_RELATIVE 1.5


body OBFUSCATED_EBAY_SCAM   /\bF.?[o0q].?r.?t.?u.?n.?e\s+W.?[i1!|].?t.?h\s+E.?b.?[a\@].?y\b)/i
score OBFUSCATED_EBAY_SCAM 2.3


-- 
Kevin D. Clark / Cetacean Networks / Portsmouth, N.H. (USA)
cetaceannetworks.com!kclark (GnuPG ID: B280F24E)
alumni.unh.edu!kdc

More information about the gnhlug-discuss mailing list