I’ve already before mentioned my antispam setup, but today I just ran a little check on my “hispam” mailbox (the spams with so high spam points that I never even bother to check them for false positives), 43MB of 7900+ spams (received during ~40 hours), to see which ones of my own handicrafted rules that get triggered the most. I use a set of 40+ custom spamassassin rules to help it trigger more mails as spam, since some of the very short mails seem to be hard to catch otherwise, and some of the mails are in many ways looking like mail I would normally get.
Anyway, my top-10 rules are:
- 1624 6.0 DS_BODY_DRUGBRAND BODY: mentions drug brand
- 1428 6.0 DS_SUBJECT_DRUGBRAND Subject mentions drug brand
- 828 6.0 DS_FROM_HAXX spoofed haxx.se address
- 769 4.0 DS_BODY_DISCOUNT BODY: mentions percent discount
- 745 4.0 DS_SUBJECT_DISCOUNT subject mentions percent discount
- 415 2.1 DS_TO_OWNER To contains -owner
- 200 6.0 DS_BODY_NODOCTOR BODY: mentions “no doctor”
- 195 2.0 DS_MAILER_THEBAT sent with the bat
- 189 6.0 DS_BODY_DESIGNBRANDS BODY: mentions designer brand(s)
- 158 3.0 DS_BODY_REPLICAS BODY: speaks of replicas
The first number is number of hits. The second is the “spam points” I assign a match. Then there’s the name of the rule and my description for it. The “spam points” can best be seen relative to the other rules, as what makes a single mail a spam in the end involves multiple factors that aren’t shown here.