[Mimedefang] Subject block - good success - Anyone else tryin g it?

[Cormack, Ken]

From: Jason Gurtz [mailto:jason at jasongurtz.com] 

> > I was curious to know if anyone else has been playing around with
> > subject-line blocking, as discussed in the thread a week or so ago.

> I haven't, but am interested.  I'm just curious about what kind of false
> positive rate might be experienced.

It all depends upon what words/phrases/subjects you put in your database of
subjects.  In my case, with keywords such as the names of various
"pharmaceuticals" or adult-themed references, I'm confident no false
positives result.  But if I were to have a keyword such as "vacation" in the
database, it would certainly block "win your dream vacation"... But it would
also block "staff vacation schedule".  In a case like that, I wouldn't put
"vacation" in the database, but I would put "dream vacation" in there.

My users report any spam that slips through, to an Exchange public folder
called "spam".  I then run a series of VB scripts against any such reported
spam, to extract relay Ips, subject lines, and other such things that I can
add to my various rules or databases.  The scripts output all the subjects
into a textfile, which I then eye-ball and groom as needed, before adding
them into the database.

With an awareness of the potenttial for FP's such as the "vacation" example
given, I've done pretty well, so far, to stay away from false positives.
The nice thing about the subject-line block rule as it's currently written,
is that the log entries, and the rejection notice sent to a sender, both
clearly state what it was about the subject line, that caused the rejection,
whether it was a single word, a phrase, or the complete subject.  And, it
quotes exactly what the offending word, phrase, or subject was.

Ken