Mailing List Message #6399
From: Tod Fitch <>
Subject: Re: (not so) Obvious spam address
Date: Wed, 05 Jul 2000 14:01:19 -0700
To: SIMS Discussions <>, SIMS Discussions <>
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2
And why not add   #   #

To your local blacklisted hosts and also report them to the appropriate RBL?

The mail may have a "FROM:" or "" but you did not receive them from an obvious MCI server.


At 01:42 PM 7/5/2000 , Daniel Solomons wrote:
Hello -

At 4:24 PM -0400 7/5/00, Bill Cole wrote:
>But there is nothing at all which makes it inherently wrong.

True - just not useful for human beings. So they aren't used, except
by spammers hurridly creating a bunch of throwaway accounts.

>  MAYBE it is
>not possible in limited cases (like all numbers for an AOL local part) but
>as a general case there is nothing inherently bogus about an address
>matching the regular expression [0-9]+[a-zA-Z]+[0-9]+.*@.* and in fact I
>have multiple regular correspondents with such addresses.

Nothing inherently bogus, just awkward. You say you have regular
correspondents who have chosen names of this format? Really?

>IOW: what you recognize as 'obvious spam' isn't.  It would be a very bad
>rule for me to use. Maybe you would want to use it.

Obvious spam because out of several million addresses I have logged,
*every* occurrence (also numbering in the millions) of this format
has been spam.

>It would certainly be nice for the SIMS router to have a full RE parser to
>allow more complex rules The fact that there are standard RE libraries
>available as easily portable standard C open source under a BSD-ish
>license makes that something that Stalker might be persuaded to do without
>too much effort.

Yes. But I've already seen considerably resistance to enhancing SIMS
in the past. This is no exception. So I only ask for abilities that
are especially easy, and would most affect spam.

Here are a couple of sample headers that would easily succumb to
either a repeat caps and or an embedded numerics (though not the regx
I suggested) rule. I've received thousands of these, all through, but it's not practical to eliminate *all* of The
spammer also sends from aol, msn, hotmail, etc. Can you think of an
easier way to stop them?

At 9:24 AM -0700 7/4/00, wrote:
>Received: from ([] verified) by
> (Stalker SMTP Server 1.8b8) with ESMTP id S.0000648044 for
><>; Mon, 03 Jul 2000 18:58:42 -0700
>Received: from OelyX67oV  [] by
>   (SMTPD32-6.00) id A19467F0056; Sun, 02 Jul 2000 13:53:24 -0400
>DATE: 02 Jul 00 1:42:07 PM
>Message-ID: <IntmSCKG280o>
>SUBJECT: Your Driving Record - Details

At 9:24 AM -0700 7/4/00, wrote:
>Received: from ([] verified) by
> (Stalker SMTP Server 1.8b8) with ESMTP id S.0000646483 for
><>; Sun, 02 Jul 2000 00:41:58 -0700
>Received: from cY5sb34SO ( []) by
> with SMTP (Microsoft Exchange Internet Mail
>Service Version 5.5.2650.21)
>       id LW1S22VN; Sat, 1 Jul 2000 22:10:41 -0500
>DATE: 01 Jul 00 11:01:05 PM
>Message-ID: <R9O1pH9S1IqSG4>
>SUBJECT: Your Driving Record - Details


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster