I've already before mentioned my antispam setup, but today I just ran a little check on my "hispam" mailbox (the spams with so high spam points that I never even bother to check them for false positives), 43MB of 7900+ spams (received during ~40 hours), to see which ones of my own handicrafted rules that get triggered the most. I use a set of 40+ custom spamassassin rules to help it trigger more mails as spam, since some of the very short mails seem to be hard to catch otherwise, and some of the mails are in many ways looking like mail I would normally get.
Anyway, my top-10 rules are:
- 1624 6.0 DS_BODY_DRUGBRANDÂ Â Â Â Â BODY: mentions drug brand
- 1428 6.0 DS_SUBJECT_DRUGBRANDÂ Â Subject mentions drug brand
- 828 6.0 DS_FROM_HAXXÂ Â Â Â spoofed haxx.se address
- 769 4.0 DS_BODY_DISCOUNTÂ Â Â BODY: mentions percent discount
- 745 4.0 DS_SUBJECT_DISCOUNTÂ Â subject mentions percent discount
- 415 2.1 DS_TO_OWNERÂ Â To contains -owner
- 200 6.0 DS_BODY_NODOCTORÂ BODY: mentions "no doctor"
- 195 2.0 DS_MAILER_THEBATÂ sent with the bat
- 189 6.0 DS_BODY_DESIGNBRANDSÂ BODY: mentions designer brand(s)
- 158 3.0 DS_BODY_REPLICASÂ BODY: speaks of replicas
The first number is number of hits. The second is the "spam points" I assign a match. Then there's the name of the rule and my description for it. The "spam points" can best be seen relative to the other rules, as what makes a single mail a spam in the end involves multiple factors that aren't shown here.