Ben Hochstrasser schrieb:
> theo wrote:
>
>> WxOHT -> not detected as spam
>> rokqawmwrp -> spam
>> jhmtnr -> spam
>> xwldsxu -> spam
>
> What happens if I spam you as "Elmer.Fudd@somesite.com"?
Of course you have to split up such addresses before testing. (by dot or
underscore or whatever is allowed)
Elmer and Fudd pass the test.
But Lebeau doesn't, that's why I just added the line:
input := StringReplace(input, 'eau', 'o', [rfReplaceAll, rfIgnoreCase]);
to my function. ;-)
>
> Your best bet is to track the MTAs (ie the SMTP servers via which the
> message was delivered):
>
>
> Received: from [141.168.104.211] (helo=BABY) <-- oops, no PTR record, and
> HELO doesn't match host and/or sender domain name
True
>
> Received: from [60.31.51.197] (helo=217.26.52.30) <-- that one's even worse
True
>
> From: "correy mann" <minettelooney@easydns.com> <-- oops, display name
> doesn't resemble email address. Email address domain name doesn't match
> issuing MTA's domain name
How can you detect this? Is this not allowed?
>
> To: "merrielle weeks" <myname@mydomain.com> <-- oops, my display name
> doesn't match my real name
Rare.
>
> Bear in mind that technically these are legitimate addresses, but
> definitely shouldn't happen in a professional environment. It is quite safe
> to assume spam on such hints alone.
>
It was just meant as "one" way to detect spam, combined with other ways.
But it's not so bad in real life as it may seem.
About half of the spam I get has these crappy sender-user-names.
The examples "rokqawmwrp" "jhmtnr" "xwldsxu" are some of the spam
messages I really had in my mailbox this morning.
