4011 – new rule to test if email was sent to multiple recipients on the receiving mail server

Bug 4011 - new rule to test if email was sent to multiple recipients on the receiving mail server

Summary: new rule to test if email was sent to multiple recipients on the receiving ma...

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (Eval Tests) (show other bugs)
Version:	unspecified
Hardware:	Other other

Importance:	P5 enhancement
Target Milestone:	Undefined
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-12-01 23:27 UTC by tristan savatier
Modified:	2005-04-09 04:26 UTC (History)
CC List:	0 users

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description tristan savatier 2004-12-01 23:27:08 UTC

I think this would be a useful addition to the default rule set.

about 20% of the spam I receive triggers this rule.

#####################################################################
#
# Spamassassin rules: multiple_recipients.cf
# author: tristan savatier (tristan@bok.net)
# license: Artistic/GPL combined
#
# rule T_MULTIPLE_RECIPIENTS is triggered is the mail header does not contain
# "for <recipient>".  this indicates that the mail was sent to multiple
# receipients on the receiving mail server. this is an indication that it may
# be spam.
#
#
# default score is 0.5 but you can change it in your
# ~/.spamassassin/user_prefs, e.g.:
#
# score T_MULTIPLE_RECIPIENTS   1.0


header T_MULTIPLE_RECIPIENTS    ALL !~ /for <.*>/
describe T_MULTIPLE_RECIPIENTS  Header: no "for <recipient>" (multiple 
receipients)
score T_MULTIPLE_RECIPIENTS     0.5

###################################################################

Comment 1 Daniel Quinlan 2004-12-02 00:10:00 UTC

Subject: Re:  New: new rule to test if email was sent to multiple recipients on the receiving mail server

Two issues:

1. The license is not Apache License 2.0 (filing a CLA with the ASF
   would fix this)
2. I don't think this will work for large sites where such optimization
   is likely to be seen for legitimate reasons (mailing lists, etc.).

Comment 2 Daryl C. W. O'Shea 2004-12-02 00:16:13 UTC

Subject: Re:  new rule to test if email was sent to multiple recipients
 on the receiving mail server

Agreed with Daniel, this would hit at least half the mail to my 
corporate email address.  Good indicator of unwanted mail, bad indicator 
of spam! ;)

Comment 3 tristan savatier 2004-12-02 01:58:47 UTC

> 1. The license is not Apache License 2.0 (filing a CLA with the ASF
   would fix this)

not a problem, the license could be changed!

> 2. I don't think this will work for large sites where such optimization
   is likely to be seen for legitimate reasons (mailing lists, etc.).
> Agreed with Daniel, this would hit at least half the mail to my 
corporate email address.  Good indicator of unwanted mail, bad indicator 
of spam! ;)

True, but for smaller sites it works very well.

In general, mailing lists or mail from trusted source, like corporate, can be 
whitelisted, so that's not really an issue.  In any case, I am submitting this 
because I find it very useful.  The default score could be set to 0, so only 
people who think it's useful would change it to a higher value.

Currently I don't think there is an equivalent rule in the default rule set, so 
I think adding this rule could be a good idea.

Comment 4 Bob Menschel 2005-04-09 12:26:32 UTC

Section 3 -- Frequencies Log
(First numeric frequencies, followed by percentage frequencies)

OVERALL%   SPAM%     HAM%     S/O    RANK  SCORE  NAME
 290136   118980   171156    0.410   0.00   0.00  (all messages)
 203217    90947   112270    0.538   0.00   0.50  T_MULTIPLE_RECIPIENTS

OVERALL%   SPAM%     HAM%     S/O    RANK   SCORE  NAME
 290136   118980   171156    0.410   0.00    0.00  (all messages)
100.000  41.0084  58.9916    0.410   0.00    0.00  (all messages as %)
 70.042  76.4389  65.5951    0.538   0.00    0.50  T_MULTIPLE_RECIPIENTS

My mass-check, using one month's corpus, hits more ham than spam. 

Yes, this rule hits 41% of all spam, but also 59% of all ham. That's well over
100k ham hits in a single month.

It may be a rule that select systems might want to add on their own initiative,
but it doesn't even meet the hit criteria for SARE, much less for the SA
distribution rule set.