Contrarian POP3 Filtering

Contrarian POP3 Filtering

Post by Sjur D5pM » Mon, 22 Sep 2003 20:18:44



As a Pegasus newcomer, I was intrigued with adapting its POP3
filtering abilities to spam zapping and, after experimenting with CC
filtering, a few simple rules emerged that may be less than obvious
and suggestive to others of contrarian bent.

Two schemes are possible for POP3 filtering to avoid downloading
unwanted messages. The usual method is to identify them on the
server, tag for deletion, and download the rest. An alternative is to
identify desired messages, tag for downloading, and zap the balance.

The former approach has become rather complex with numerous rules and
weightings and often requires special software trained to one's
specifications. It's nearly impossible to decide aforehand how
filtering will process a particular message.

The contrarian approach is a lot simpler. I can separate my email
into three categories:

1. White-listed email from regular correspondents.
2. Solicited email consisting of replies to messages sent, postings,
or HTML tags that automatically fill the 'To:' field. This field
contains both a name and an address. I've yet to see spam showing
user-defined names and include an ID string that can be readily
changed should it ever begin appearing in unsolicited messages.
3. Other email. Mostly spam, but occasionally legitimate mail for
which my rules of netiquette require plain text and no third-party
addresses. (My spam corpus shows 97% not plain text, 37% multiple
recipients, and 28% BCC.)

The POP3 Filter file, RULE*.PNP, boils down to six conditions:
If ListScan "@white.pml" Download ""
If header "T" contains "D5pM6" Download ""
If not expression headers matches "Content-type:*text/plain*" DeleteOnServer ""
If expression headers matches "To:*@*@*" DeleteOnServer ""
If not header "T" contains "notsure@" DeleteOnServer ""
If header "C" contains "@" DeleteOnServer ""

The acid-test comes when you stop worrying about false positives.
Some are inevitable, but messages do also disappear in transit. In
any case, there is always the selective download window. Header views
show what filtering will do and any message can be downloaded,
bypassing the POP3 filter, with the 'Make it so' button. CC filtering
is not bypassed.

These generic rules have blocked all but 4 of 620 spams to the address
in this post's header over the past 14 days. No falsies, but the
address is primarily a spam trap. If you're a subscriber to many
newsletters, a separate PML file might be desirable. If you're
running an email-dependent business, carefully study your corpus of
legitimate mail to see if contrarian filtering is feasible.

Notes:
1. Creating a separate Temp folder (edit Pmail.ini) for Pmail helps in
cleaning up temporary files 4.12a forgets to delete.

2. Logging POP3 kills is awkward - simplest way is to keep a close eye
on a rapidly changing status bar and jot down the count of headers
filtered and the number subsequently appearing in your inbox(es).

3. To activate a newly created POP3 rule set remember:
Tools/Internet Options/Receiving/Edit/Download Controls/Select...

Sjur

--
Note: All replies to the above address are deleted server-side unless
in plain text to a single recipient or containing a valid ID.
 
 
 

1. download from pop3 server when pop3 server does own filtering

2. SN#13572 "Contrarian Mind: Hal Stern"

SYSTEM NEWS FOR SUN USERS
Vol 78 Issue 3 2004-08-16 Article 13572 from section "Features"

Sun's CTO of Services Discusses His Less-is-better Approach

Sun's CTO of its services business, Hal Stearns, thinks that running
away from the pack has its advantages. In the latest "Contrarian
Minds," he explains how Sun is approaching the services market with a
less-is-better approach. By leveraging talents of fewer people and
utilizing their strengths in networking, Sun hopes to beat out the
competition.

Details at http://www.yqcomputer.com/

Have a custom version of 'System News for Sun Users' delivered to you
via email each week in PDF, text or HTML. Only the sections that you
select will be included in your copy of the news magazine. Subscribe at
http://www.yqcomputer.com/
(c) 2004 System News, Inc. http://www.yqcomputer.com/

3. Invest now: The Bailo Contrarian Fund.

4. The Contrarians Development Language

5. A contrarian view

6. Contrarians

7. OT posters (or Contrarians)

8. a contrarian view of Open Source

9. An argument from a contrarian point of view (was: Pimping DNSSEC)

10. SN#13553 Jonathan Schwartz Explains Sun's Contrarian Approach

11. Relfex In Trouble: Oil Contrarian Sees Bubble Ready to Burst

12. POP3 Spam filtering

13. how to filter emails from POP3 connector manger???

14. remote pop3 filter

15. POP3 filter for ISA server 2000