G'day all,

Sorry if this is starting to sound like a back tracking vinyl but I reckon we need to attack the material not the faceless, untrackable and often fraudulent characters who spam.

The idea of adding auto-bounce to filters is just about the best idea I have heard of. That way I get to read promotion for subjects that interest me and pretend to my self that the rest has been shoved down the mouths they came from.

Since installing my filters (see More Spammers Than Spam) I have had to make just two adjustments and my spam has fallen by about 60%.

I think all we need now is a good on-line tutorail on how to create and edit filters for Mail Washer and the Internet World will be a better place to live.

Best regards

Mac

MWP comes with many ways to "filter"

1. By DNS Blacklists - these are awesome at a 95% average catch rate, picking out country specific ip origins like flypaper. I use 10 in a row.

2. By the new community based human verified CFS system which Firetrust is currently developing.

3. By email blacklists eg . *@yahoo.com

4. By manually created filters

You have to understand that pro spammers can only tackle option 4. They are most concerned with 1-3.

Ike, was it this one? http://zez.org/article/articleprint/11/

In addition to the normal Regular Expression syntax, when working with MailWasher, also remember:

* Case independence is turned on, so if you want to search for all caps, for example, you need to toggle it iff using (?-i) before your filter. (?i) turns it back on.

Example: (?-i)GUARANTEED(?i)

* The header is treated as a block of text, and not as separate lines. If you want to search for the beginning or end of a specific header line, you'll need to use (?m). I think they were looking at changing the default operation of this a while back, though, so you might want to test it.

Example: (?m)^Message-ID:\s+<.+@[\w\.-]+>

* Remember that Regular Expressions are "greedy" by default. That is, they will try to match as much as possible, so you might end up with unintended results. For example, if you have the string "stack sack smack", you might think that ".*ack would match the first "stack...". But NNNOOOOooo! It matches the entire string! And when you start using "*" things get really nasty. As a consequence, you'll end up with filters that sometimes match almost the entire contents of a message body. To turn off greediness, use (?-g). To turn it off for a single expression, use a question mark after the quantifier (.+?ack) This brings us to:

THE most important thing to remember seems to be that "*" and "?" do not work the same in Regular Expressions as they do in DOS. This trips almost everyone up! These are used to follow up a character (usually ".", actually, which is like the DOS "?") to tell how many times to match something.

Test? = match "Tes" or "Test"
Test* = match "Tes" or "Testtttttt"
Test+ = match "Test or "Testtttttttttt"

I've been working on a filters FAQ, but as usual, the project is taking longer than expected. If there's anything in particular that you think needs to be in there, please let me know!

With regard to filtering in general, there seem to be a couple of camps out there. Some people don't think it's effective (obviously I have good results, or I would not keep up with them). Databases like CFS will be a huge help, but it's good to have something to help locate the spam in the first place so that it can be added to the database. DNS blacklists give me a lot of false positives (even my own domain is blacklisted!). The bad thing about the DNS blacklists is that they often try to blackmail ISP's into changing their policy by blacklisting huge address ranges. I happen to fall into one of those ranges. Ironic, no?

Here's the short and tall of it: Try the different methods and find out what works best for you, or use a combination of methods. Everyone's spam is different.

Oh - http://anso.da.ru or http://anso.virtualave.net/delphi_stuff.htm#TRegExpr ?

G'day Ike,

No I seriously meant by "pretend" that based on many years of experience in web site creation and management, that I know very well that a whole heap of bounced messages are never returned to source and yes there is certainly the risk of increased spam.

More importantantly though (Aussie spelling) I do accredited Internet Research for a number of clients so there are certainly some subjects on which I am happy to receive unsolicited e-mail (spam).

Gary's excellent work with filters are giving me that option and saving me a whole lot of time developing my own.

Well done Gary and thanks for your input Ike.

Regards

Mac

I don't think Firetrust documented the extended patterns & modifiers, since they didn't write the RegExp piece. They point you in the direction of the author. Download this help file and take a look: http://anso.virtualave.net/RegExpE.zip
You find it's very ... eh, helpful!

If you're used to Perl, it's the same syntax. However, some of the whackier Perl extended patterns are not included in this implementation, to my knowledge. I was going to put this stuff in an FAQ, but I don't know that it's worth it, since the stuff is in the helpfile, above.