[Mimedefang] Detecting bogus AOL addresses

[Kevin A. McGrail]

Kelson,

Your idea to check for valid AOL sender addresses is really simply yet
amazingly elegant.  I took the liberty of porting it into a spamassassin
rule rather than using MIMEDefang.  I'm always worried about false
positives.

See http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf and
I've posted below though word wrapping will probably mess things up:

# Rule based on Kelson Vibber's MD code for bogus AOL Addresses
# Check for bogus AOL addresses as described at
# http://postmaster.aol.com/faq/mailerfaq.html#syntax
# - all alphanumeric, starting with a letter, from 3 to 16 characters long.
header          __KAM_AOL               From =~ /\@aol.com$/i
describe        __KAM_AOL               Partial Rule: Marks AOL Addresses
header          __KAM_GOODAOL           From =~
/^[a-z][a-z0-9]{2,15}\@aol.com$/i
describe        __KAM_GOODAOL           Partial Rule: Marks Bad AOL
Addresses
meta            KAM_COMBO_BADAOL        __KAM_AOL && !(__KAM_GOODAOL)
describe        KAM_COMBO_BADAOL        From: Invalid AOL Email Address.
High probability of spam.
score           KAM_COMBO_BADAOL        0.1

Feedback appreciated.

Regards,
KAM
----- Original Message ----- 
From: "Kelson Vibber" <kelson at speed.net>


> I recently came across the specification for valid AOL addresses.  It's
> simple, and easy to put into a regexp.  It's only blocked 8 messages in
the
> last few hours since I went from logging to rejecting, but that's 8
messages
> that didn't need to be scanned for viruses or spam.

> # Check for bogus AOL addresses as described at
> # http://postmaster.aol.com/faq/mailerfaq.html#syntax
> # - all alphanumeric, starting with a letter, from 3 to 16 characters
long.
> if ($sender =~ /\@aol.com$/i && $sender ne 'mailer-daemon at aol.com'
> && $sender !~ /^[a-z][a-z0-9]{2,15}\@aol.com$/i) {
> return ('REJECT', 'Forged AOL address detected.');
> #md_syslog 'info', "$QueueID: Forged AOL address detected.";