Pegasus Mail & Mercury

Welcome to the Community for Pegasus Mail and
The Mercury Mail Transport System, the Internet's longest-serving PC e-mail system!
Welcome to Pegasus Mail & Mercury Sign in | Join | Help
in
Home Blogs Forums Downloads Pegasus Mail Overview Mercury Overview
Pegasus Mail & Mercury » Miscellaneous » Spam-Fighting » Suggested rule for Pegasus Mail for image spam

Suggested rule for Pegasus Mail for image spam

Last post 07-03-2007, 6:44 by David Harris. 1 replies.
Sort Posts: Previous Next

  •  06-26-2007, 19:22

    • Mike is not online. Last active: 03-26-2008, 14:28 Mike
    • Top 25 Contributor
    • Joined on 05-21-2007
    • Member
    • Points 950

    Suggested rule for Pegasus Mail for image spam

     

    Three parts to it:

     

    1. Attachments...

    Only check the extension portion And if it contains this... gif Then do this: Action: Logical AND

     

    2. Expression...

    If this regular expression  *multipart/related* Occurs in the message's Headers only Then do this: Action: Logical AND

     

    3. Scan list ...

    If the sender is a member of this distribution list @white.pml Then do this: Action: Move to Junk Trigger if the sender is NOT a list member
     
     
     
    I've adapted this rule from here:
     
    http://www.hawkwings.net/2006/12/20/another-mailapp-rule-to-catch-image-spam/
     
    It's based on the observation that image spam is sent as multipart/related and generally uses the GIF format. By adding your address book to the whitelist you can also cover the possibility that someone you know might do this even if it's unlikely.
     
    Obviously one could replace "gif" in the first rule with "gif,jpg" and check "This string is a list of possible values, separated by commas", but false positives would then be more likely. Unfortunately, some spammers do now seem to be using JPEGs, perhaps having caught on to the fact that people are filtering messages with embedded gifs straight to junk folders or the trash.
     
    It's an odd twist of fate that remote graphics used to be the problem. Now most mail clients block those by default and only download them on request, so that they've ceased to be so much a problem. By contrast, it seems an embedded graphic is now more likely a sign of a nefarious message.

     
    Filed under:

  •  07-03-2007, 6:44

    • David Harris is not online. Last active: 11-18-2008, 23:20 David Harris
    • Top 10 Contributor
    • Joined on 01-31-2007
    • New Zealand
    • Contributor
    • Points 7,910
    • SystemAdministrator

    Re: Suggested rule for Pegasus Mail for image spam

    An interesting approach, but I expect it will probably have quite a high false-positive rate, if only because so many businesses now routinely include inline graphics in their signatures. Of course, if you don't receive much mail from new correspondents, then that might not be a problem, and this would probably work quite well. It will probably work even better when I get Mercury/32 supporting user whitelists, so that any replies containing inline graphics can be automatically tagged and passed through.

    Cheers!

    -- David --
View as RSS news feed in XML

Copyright © 2007 David Harris / Peter Strömblad. All Rights Reserved. | Terms of Use | Privacy Statement
Questions/Problems with community.pmail.com? | Visit our Hoster: PraktIT | Pegasus Mail Home Page