As a Pegasus newcomer, I was intrigued with adapting its POP3
filtering abilities to spam zapping and, after experimenting with CC
filtering, a few simple rules emerged that may be less than obvious
and suggestive to others of contrarian bent.
Two schemes are possible for POP3 filtering to avoid downloading
unwanted messages. The usual method is to identify them on the
server, tag for deletion, and download the rest. An alternative is to
identify desired messages, tag for downloading, and zap the balance.
The former approach has become rather complex with numerous rules and
weightings and often requires special software trained to one's
specifications. It's nearly impossible to decide aforehand how
filtering will process a particular message.
The contrarian approach is a lot simpler. I can separate my email
into three categories:
1. White-listed email from regular correspondents.
2. Solicited email consisting of replies to messages sent, postings,
or HTML tags that automatically fill the 'To:' field. This field
contains both a name and an address. I've yet to see spam showing
user-defined names and include an ID string that can be readily
changed should it ever begin appearing in unsolicited messages.
3. Other email. Mostly spam, but occasionally legitimate mail for
which my rules of netiquette require plain text and no third-party
addresses. (My spam corpus shows 97% not plain text, 37% multiple
recipients, and 28% BCC.)
The POP3 Filter file, RULE*.PNP, boils down to six conditions:
If ListScan "@white.pml" Download ""
If header "T" contains "D5pM6" Download ""
If not expression headers matches "Content-type:*text/plain*" DeleteOnServer ""
If expression headers matches "To:*@*@*" DeleteOnServer ""
If not header "T" contains "notsure@" DeleteOnServer ""
If header "C" contains "@" DeleteOnServer ""
The acid-test comes when you stop worrying about false positives.
Some are inevitable, but messages do also disappear in transit. In
any case, there is always the selective download window. Header views
show what filtering will do and any message can be downloaded,
bypassing the POP3 filter, with the 'Make it so' button. CC filtering
is not bypassed.
These generic rules have blocked all but 4 of 620 spams to the address
in this post's header over the past 14 days. No falsies, but the
address is primarily a spam trap. If you're a subscriber to many
newsletters, a separate PML file might be desirable. If you're
running an email-dependent business, carefully study your corpus of
legitimate mail to see if contrarian filtering is feasible.
1. Creating a separate Temp folder (edit Pmail.ini) for Pmail helps in
cleaning up temporary files 4.12a forgets to delete.
2. Logging POP3 kills is awkward - simplest way is to keep a close eye
on a rapidly changing status bar and jot down the count of headers
filtered and the number subsequently appearing in your inbox(es).
3. To activate a newly created POP3 rule set remember:
Tools/Internet Options/Receiving/Edit/Download Controls/Select...
Note: All replies to the above address are deleted server-side unless
in plain text to a single recipient or containing a valid ID.