John D. Hardin wrote:
On Fri, 17 Aug 2007, aag_uk wrote:
(1) Check your MTA options. Some allow you to configure rejection of a
message after X number of invalid recipients are given.
(2) Consider a rule that adds a point if more than X names appear in
the TO: and/or CC: headers. Here are mine (20 is the limit):
describe TO_TOO_MANY To: too many recipients
header TO_TOO_MANY To =~ /(?:,[^,]{1,80}){20}/
score TO_TOO_MANY 1.50
describe CC_TOO_MANY Cc: too many recipients
header CC_TOO_MANY Cc =~ /(?:,[^,]{1,80}){20}/
Thanks for your answer, but the spam I´m trying to identify is not about too many recipients, usually it´s only 5 or 6, and they all contain correct email addresses. The thing is that some spammers make up the name that goes before the email address (e.g. "John Smith"<peter@mydomain.com>)
