2509 – Suggested Rule: Userid in "Subject"

Bug 2509 - Suggested Rule: Userid in "Subject"

Summary: Suggested Rule: Userid in "Subject"

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 enhancement
Target Milestone:	2.70
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-09-26 06:22 UTC by Michael W. Burden
Modified:	2003-09-28 01:57 UTC (History)
CC List:	0 users

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael W. Burden 2003-09-26 06:22:20 UTC

A fair amount of the spam I get uses the "userid" part of my email address in
the Subject field as a noun.

Some examples, for the email account  "joeuser@mydomain.com":
Subject:  Hi Joeuser, Rock Hard In 60 Seconds?
Subject:  Fw: Joeuser, learn to kiII spa/\/\
          (Offtopic:  Gotta love spam that advertises spam blocking)
Subject:  Joeuser Gr0w t0 Your Fu11 Potentia1 GmFppRd
Subject:  Joeuser@mydomain.com no dr visit - v-alium, x-ana-x, a-mbien, no dr
visit woolworth mbyerqbh

Anyway, you get the idea.

I get a fair amount of spam that has my mail userid in the Subject, and I can't
recall ever getting a non-spam email message that had it (although obviously if
your mail userid is a dictionary word, YMMV!)

Comment 1 Theo Van Dinter 2003-09-28 09:04:27 UTC

we already have a rule which does this: USERNAME_IN_SUBJECT

Comment 2 Michael W. Burden 2003-09-28 09:45:54 UTC

SpamAssassin (2.50 1.173-2003-02-20-exp);	Sun, 28 Sep 2003 12:16:00 -0400
From: Thaddeus Park <162kzem@fantasticgeorges.net>
To: mwburden@onyxprism.com
Subject: Mwburden  Online aPharmacyi, No Exam * We have Xanaxx & Valiumm.moose
Date: Sun, 28 Sep 03 16:54:49 GMT


Any idea why this didn't trigger USERNAME_IN_SUBJECT ?

Comment 3 Theo Van Dinter 2003-09-28 09:52:01 UTC

Subject: Re: [SAdev]  Suggested Rule:  Userid in "Subject"

On Sun, Sep 28, 2003 at 09:54:21AM -0700, bugzilla-daemon@bugzilla.spamassassin.org wrote:
> SpamAssassin (2.50 1.173-2003-02-20-exp);	Sun, 28 Sep 2003 12:16:00 -0400
> From: Thaddeus Park <162kzem@fantasticgeorges.net>
> To: mwburden@onyxprism.com
> Subject: Mwburden  Online aPharmacyi, No Exam * We have Xanaxx & Valiumm.moose
> Date: Sun, 28 Sep 03 16:54:49 GMT
> 
> Any idea why this didn't trigger USERNAME_IN_SUBJECT ?

Yes.  The rule looks for "userid,\S", where '\S' is non-whitespace, and
"userid" is the user part of the From address, case-sensitive.  The one
you list above has a different cased username, no comma, and whitespace.

Every other combination we tested had too high a false positive rate.
I suppose we should check for case-insensitive full From address though,
I don't think that's likely to fp. :|

Comment 4 Michael W. Burden 2003-09-28 09:57:47 UTC

Gotcha.    Thanks for the explanation and the fast response!