Interesting spam trend February 18, 2008
Posted by Kurt in : Classes , trackbackNot that any of this stuff gets through, but I’ve noticed lately that the spammy attempts coming to my mailserver at work often have the pattern of dw[domain]m@[domain].[tld]
Such as dwrenfem@renfe.es, dwstnm@stn.nu, etc.
Now, I’ve already got greyscanner running on that host looking at spammy behavior, but I think I want to tweak it a little to look for this telltale.
Oh, and never attempt to email me at kurt@decoy.se.rit.edu, or any address at decoy.se.rit.edu, such as root@decoy.se.rit.edu, postmaster@decoy.se.rit.edu, etc. It’s purely a (as the name says) decoy that will get your IP blocked for 24 hours 
Comments»
It’s amazing how long this trend has now gone on without mutating. I have a simple milter-regex rule that kills them very quickly:
reject “Thank you for signing your spam”
envfrom /^$/e
Ah, it would seem that your comment form and regexes don’t mix very well. Here’s a link to my site where the real regex can be found:
http://www.city-fan.org/tips/PaulHowarth/Blog/2008-08-22
Yeah
I may look into doing that, even though the greylisting takes care of it. Silly spammers.