Ejemplos de filtrado de SPAM

# I shouldn't be getting mail addressed to that many non-me "Paul"s.
# This is often caused by alphabetized lists of spam target addresses.
:0:
* ^TO_.*(paul[^d]|pauld[^s]).*(paul[^d]|pauld[^s])
spam/too-many-pauls


# I don't use any "webmaster" mail aliases for any of my domains, so mail
# sent to any such address is 99.99% likely to be spam.
:0:
* (^TO_|^Received:|^Delivered-To:).*webmaster@
spam/webmaster


# These are addresses that exist solely in the whois database as contacts
# for domain names.  If you're sending mail to one of these addresses, you'd
# better have a valid reason.  Mail from the current registrar is
# automatically accepted previous to this point.
:0:
* (^TO_|^Delivered-To:|^Received:).*(dns..200.@horde\.com)
* !^Subject:.*((kagomi\.com)|(quotes-r-us\.org)|(horde\.com)|(domain)|(renew)|(expir)|(pairnic))
spam/dns


# I ain't your "friend", palooka.
#:0:
#* ^TO_.*friend@public\.com
#spam/to


# Sent via known bulk mailers.
#:0:
#* ^X-Mailer:.*((MassE-Mail)|Extractor|Floodgate|(Emailer Platinum)|JumboMail|(Advanced Mass Sender)|GreenRider|(The Bat)|(FoxMail .*cn))
#spam/mailer


# No legit mailer is gonna generate an all-caps subject header.
#:0 D:
#* ^SUBJECT
#spam/upper-case-subject


# This header seems to never appear in legitimate e-mail, but does
# occasionally in spam, presumably as an artifact of poorly forged date
# headers.
#:0:
#* ^Date-warning:
#spam/date-warning


# Ok, thanks for being up-front about being a spammer.  I think I'll nuke
# you now.
#:0:
#* ^Subject:.*\
#spam/subject


# A similar, recent trend.
#:0:
#* ^Subject:.*\
#spam/subject


# I don't want to buy millions of e-mail addresses, thankyouverymuch.
#:0:
#* ^Subject:.*(000|million|verified).*(e-mail|email)?.*address
#spam/subject


# If you're excited about credit cards or mortgage rates, you're probably
# stupid.  (Note the exclamation point at the end.)
#:0:
#* ^Subject:.*((mortgage.*rate)|(credit card)|insurance|market|debt|buy|(financial freedom)|(\$)|wealth).*!
#spam/subject


# If you're excessively excited about pretty much anything, I probably don't
# want to talk to you.
#:0:
#* ^Subject:.*!!!
#spam/subject


# Capitalist pigs.
#:0:
#* ^Subject:.*\$.*\$
#spam/subject


# Yeah, right.
#:0:
#* ^Subject:.*disney.*x.*archiv
#spam/subject


# No I didn't.
#:0:
#* ^Subject: Re:.*info.*requested
#spam/subject


# Stalk much?
#:0:
#* ^Subject:.*find out.*anything.*anyone
#spam/subject


# Enough already.
#:0:
#* ^Subject:.*((got debt)|(tax problems))
#spam/subject


# Thanks, I'm all set.
#:0:
#* ^Subject:.*((stop)|(quit)).*((smok)|(snor))
#spam/subject


# Not generally they're not.
#:0:
#* ^Subject:.*girl.*crazy
#spam/subject


# No thanks, I already know everything.
#:0:
#* ^Subject:.*((computer)|( it )).*((train)|(scholarship))
#spam/subject


# I don't think I will, thanks.
#:0:
#* ^Subject:.*((check.*out)|(see.*this))
#spam/subject


# Be suspicious of HTML-only mail.  Be very suspicious.
#
# Remember that friends/acquaintences/co-workers/etc are being auto-accepted
# prior to parsing this file.  Of course, we can safely assume that none of
# those people would be sending me HTML mail in the first place, since that
# would imply that their intelligence was approximately equal to that of a
# chalupa, and hence I never would have agreed to communicate with them in
# the first place.
:0:
* ^Content-Type: text/html
spam/html


# Ditto with this.
:0
* ^Content-Type: multipart/
{
	:0 B
	* !^Content-Type: text/plain
	* ^Content-Type: text/html
	spam/html
}


# I don't speak Korean.
# I also don't like to grep the bodies of every incoming message, so I've
# got these two attempts at narrowing the field of investigation a bit.
#:0
#* ^(Received:|From:).*\.kr
#{
#	:0 B:
#	* charset="ks_c_5601-1987"
#	spam/charset
#}
#
#:0
#* ^Content-Type: multipart/alternative
#{
#	:0 B:
#	* charset="ks_c_5601-1987"
#	spam/charset
#}


# Reject any mail with a Chinese address in its headers.  This may not seem
# reasonable or fair, but considering that China is just one big spam
# factory these days, and since it's been literally years since I've
# received any _legitimate_ mail from a .cn address, I feel quite justified
# in sinking the lot.
#:0:
#* ^(Received:|From:|Reply-To:).*\.cn\>
#spam/china


# Likewise for Russia.  What *is* it with these ex-communist nouveau
# capitalist marketers anyway?  Sheesh, get some class, you guys...
#:0:
#* ^(Received:|From:|Reply-To:).*\.ru\>
#spam/russia


# Nuke anything that contains more than two high-ascii characters in the
# subject.  This threshold allows some leeway for things such as "I really
# like the façade of your café", but filters out a lot of crap from Russia,
# etc that slips through the other filters.
#
# Note that the characters in the brackets below are ASCII 0x80 and 0xFF.
# You may not get the right characters if you do a copy+paste from this web
# page.  A good hex editor is your friend here. :)
#:0:
#* ^Subject:.*[€-ÿ].*[€-ÿ].*[€-ÿ]
#spam/ascii-garbage


# Same deal with the sender's name.
#:0:
#* ^(From:|Sender:|Reply-To:).*[€-ÿ].*[€-ÿ].*[€-ÿ]
#spam/ascii-garbage


# Nuke anything that specifies a different character set for the subject
# line.  This catches things not caught by the previous rule due to being
# encoded in ASCII chars 0x00-0x7F.
#:0:
#* ^Subject:.*=\?.*\?=
#spam/ascii-garbage


# Filter any mail claiming to be from a hotmail.com address that does not
# contain the characteristic "X-Originating-IP" header.
#:0:
#* ^(Received:|From:).*hotmail\.com
#* !^From: postmaster@.*hotmail\.com
#* !^X-Originating-IP
#spam/fake-hotmail


# Filter any mail claiming to be from a yahoo.com address whose Message-ID
# header indicates otherwise, unless it appears to be a bounce (which should
# come from a mail daemon).
#:0:
#* ^(Received:|From:).*yahoo\.com
#* !^FROM_MAILER
#* !^Message-ID:.*yahoo(mail)?\.com
#spam/fake-yahoo


# Filter any mail claiming to be from a Juno address that does not contain
# the characteristic "X-Mailer: Juno" header.
#:0:
#* ^(Received:|From:).*juno\.com
#* !^X-Mailer: Juno
#spam/fake-juno


# Filter any mail claiming to be from a Lycos address that does not contain
# the characteristic "X-Sender-Ip" header.
#:0:
#* ^(Received:|From:).*(lycos|mailcity)\.com
#* !^X-Sender-Ip:
#spam/fake-lycos


# This makes me highly suspicious.  Exceptions are granted for mail daemons
# and myself (the latter for the benefit of the Autostatus program).
:0:
* ^TO_.*undisclosed.*recipient
* !^FROM_MAILER
* !^From: status(-k)?@horde\.com
spam/undisclosed


# Too many spaces in your subject line makes me suspicious. The exceptions
# are for some of majordomo's stupid bounce message formats, and for some
# messages from cron.
:0:
* ^Subject:.*    .*
* !^Subject:.*Non-member submission
* !^Subject:.*Admin request of type
* !^Subject: Cron.*root
spam/spaces


# Yeah, I bet.  But I don't think that's my name.
#:0:
#* ^To:.*(urgent|important|customer)
#spam/to


# Some spammers forge usernames that contain multiple consecutive dashes.
#:0:
#* ^From:.*--
#spam/from


# I doubt I want to hear anything from any marketroid.
#:0:
#* ^From:.*marketing
#spam/from


# My username isn't actually my real name, and if you were a real
# correspondent you'd know that.
:0:
* ^Subject:.*(hey|hi).*paulds
spam/subject


# Likewise.
:0:
* ^Subject: paulds
spam/subject


# Similarly, very few legitimate correspondants will prefix the subject with
# my name in this way.
:0:
* ^Subject: Paul( Stauffer)?[,:] .*
spam/subject


# Or with just my last name...
:0:
* ^Subject: Stauffer
spam/subject


# Look, I know better than to believe that I can copy a DVD onto a CD-ROM,
# alright?  Leave me the hell alone.
#:0:
#* ^Subject:.*(burn|copy|make).*dvd
#spam/subject


# I like my fat.  I'm not interested in loosing it.
#:0:
#* ^Subject:.*loo?se (up to )?[0-9]+ pounds
#spam/subject


# Eliminate a lot of incest-related porn spam.
#:0:
#* ^Subject:.*((father)|(\)|(mother)|(\)|(parent)|(\)|(brother)|(daughter)|(sister)|(child)).*((father)|(\)|(mother)|(\)|(parent)|(\)|(brother)|(daughter)|(sister)|(child))
#spam/subject


# Highly suspect topics.  Again, bear in mind that I preemptively accept all
# mail from several hundred preapproved sources, which constitute the bulk
# of the real people I communicate with.  Doing that makes this rule much
# less risky.
#:0:
#* ^Subject:.*((free (password|porn))|adult|credit|income|(mortgage.*(rate|quote))|homeowner|insurance|invest|market|profit|debt|money|(financial(ly)? (freedom|independen))|(web counter)|(great deal)|guarantee|bills|casino|millionaire|(hair loss)|viagra|sex|\|(great news)|(pay(ing)? too much)|( cams? )|pissing|( win )|(microsoft.*(cert|train))|( b2b )|business|(loo?se weight)|(weight loss)|((best|great|awesome|excellent) value)|savings|((printer|toner) cartridges)|( sec?ks )|whore|bestial|\|(instant approval)|\|\|\|(\)|qualif(y|i)|\|\|(complimentary)|((no|low)[ -](cost|fee|charge)))
#spam/subject


# Catch some overzealous religious spam.
#:0:
#* ^Subject:.*((jesus christ)|(sinner)|(\)|(\)|(\.*!))
#spam/subject


# I don't believe in a free lunch.
#:0:
#* ^Subject:.*((\)|(claim)|(receive)|(won)).*(free|reward)
#spam/subject


# Keep your "FREE" to yourself...
#:0 D:
#* ^Subject:.*FREE
#spam/subject


# Malfunctioning spam software.
#:0:
#* ^Subject:.*RND_UC_CHAR
#spam/subject


# Two or more words in all uppercase letters in the subject is a red flag.
#:0 D:
##* ^Subject: .*[A-Z][A-Z]+[^A-Z]+[A-Z][A-Z]+
##* ^Subject: .*\<[A-Z]\>.*\<[A-Z]\>
#* ^Subject: (Fwd:|Re:)?[^a-z]*[A-Z][A-Z]+[^a-z]*$
#spam/shouting


# Mail claiming to be malware removal tools almost certainly contains a
# virus, worm, or trojan.  Not necessarily spam per se, but I don't want to
# see it anyway.
#:0:
#* ^Subject:.*removal tool
#spam/virus


# Similarly, I'm not interested in receiving notification that some virus or
# worm decided to use my e-mail address in its "from" line.  Again, not
# really spam, but close enough.
:0:
* ^Subject: InterScan.*Alert
spam/metavirus


# Feeling defensive?  Huh.  Wonder why...
#:0 B:
#* (this is not (an? )?(((commercial|unsolicited).*mail)|(spam)|(uce)))|(current laws on commercial.*mail)|(1618 TITLE (III|3|111))|(H\.?R\.? 3113)|(105th Congress)|(passed by the 105th)|(do(es)? not (send|use|(make use of)|support) .* unsolicited .*mail)|(to opt[ -]out)|(opt(ed)?[ -]in)|(if you did not request this)|(one[ -]time ((e-?)?mail|message))|(address was obtained from a purchased list)|(Commercial Electronic Mail Act)|(saf-e mail)|((further|additional) promotional mail)|(not( be)? considered spam)|(centralremovalservice\.com)|(autoemailremoval\.com)
#spam/this-is-not-spam


# No more Nigerian Scam mail for me.
#:0 B:
#* Nigeria|Angola|(Sierra[ -]Leone)|Congo
#* account|bank|million
#spam/nigeria


# Removed; SA now has its own rc file.
# I generally trust SpamAssassin to do the right thing.
#:0:
#* ^X-Spam-Flag: YES
#spam/spamassassin


# Experience has taught me not to trust people who use this MTA.
# Disabled 13 Oct 2003.  Got a few false positives, and it was only catching
# a few actual spams anyway.
#:0:
#* ^Received:.*InterMail
#spam/intermail


# These guys *totally* piss me off!
:0:
* ^Subject:.*\
spam/blacklist


# Misc random spammers.  This is where I explicitly deal with places that
# consistently send garbage to me, if it hasn't already been caught by one
# of the more general rules.
:0:
* ^(Received:|From:|To:).*(techvenue\.com|perfdata\.com|conservativefun\.com|clickaction\.net|echampions2000\.com|rnc(mail)?\.org|nmailer\.com|traditionalvalues\.org|churches\.net|snd\.edu\.gr|ioannou@vip\.gr|worldses\.org|wseas|discounts-direct\.com|elki@aol\.com|industryemail\.com|rchproducts\.com|webuniverse\.net|hostex\.com|insertweb\.net|hellasnet\.gr|pathfinder\.gr|optingnow\.com|investorsinsight\.com|yakim5150@yahoo\.com|b2blists\.com|bostonlimoservices\.com|afsmail\.com|artmarket\.com|kongmail\.com|topsites\.com|topsites-us\.com|topsitez\.us|dealsfromtheweb\.com|deerclk\.com|peppypuppy)
spam/blacklist
}}}

------


{{{
# (c) 1996 Fred Morris, m3047@halcyon.com. All rights reserved.

# Very important to set the shell to csh at Halcyon...

SHELL=/bin/csh

# Catch all mail sent to the "cookie"

:0
* ^TOfredm3047
* !^Subject:.*I-ACK
{
    # Return a copy to the sender..

    :0 h c w
    * !^FROM_DAEMON
    * !^X-Loop: m3047@halcyon.com
    | ( formail -r -A"X-Loop: m3047@halcyon.com"    \
                   -I"From: fredm3047@halcyon.com" ;\
        cat cookie-note.txt ) | $SENDMAIL -oi -t

    # Strip it to just the headers and two lines of the body

    :0 f b w
    | head -2
}

# Add a header line to known mailing lists

:0 f
* ^To:.*MEME
| formail -A"X-Mail-List: MEME"

:0 f
* ^TOwednet|^FROMwednet
| formail -A"X-Mail-List: WEDNET"

:0 f
* ^To.*slime
| formail -A"X-Mail-List: SLIME"

# If something's not addressed to me and not a list, headers only,
# save a copy on Halcyon.

:0
* !^TO.*m3047
* !^X-Mail-List:
{
    :0 c:
    ./mail/junk-mail

    :0 f h w
    | formail -A"X-Junk-Mail: Yes"

    :0 f b w
    | echo "junk"
}
}}}

-----

{{{
# I shouldn't be getting mail addressed to that many non-me "Paul"s.
# This is often caused by alphabetized lists of spam target addresses.
:0:
* ^TO_.*(paul[^d]|pauld[^s]).*(paul[^d]|pauld[^s])
spam/too-many-pauls


# I don't use any "webmaster" mail aliases for any of my domains, so mail
# sent to any such address is 99.99% likely to be spam.
:0:
* (^TO_|^Received:|^Delivered-To:).*webmaster@
spam/webmaster


# These are addresses that exist solely in the whois database as contacts
# for domain names.  If you're sending mail to one of these addresses, you'd
# better have a valid reason.  Mail from the current registrar is
# automatically accepted previous to this point.
:0:
* (^TO_|^Delivered-To:|^Received:).*(dns..200.@horde\.com)
* !^Subject:.*((kagomi\.com)|(quotes-r-us\.org)|(horde\.com)|(domain)|(renew)|(expir)|(pairnic))
spam/dns


# I ain't your "friend", palooka.
#:0:
#* ^TO_.*friend@public\.com
#spam/to


# Sent via known bulk mailers.
#:0:
#* ^X-Mailer:.*((MassE-Mail)|Extractor|Floodgate|(Emailer Platinum)|JumboMail|(Advanced Mass Sender)|GreenRider|(The Bat)|(FoxMail .*cn))
#spam/mailer


# No legit mailer is gonna generate an all-caps subject header.
#:0 D:
#* ^SUBJECT
#spam/upper-case-subject


# This header seems to never appear in legitimate e-mail, but does
# occasionally in spam, presumably as an artifact of poorly forged date
# headers.
#:0:
#* ^Date-warning:
#spam/date-warning


# Ok, thanks for being up-front about being a spammer.  I think I'll nuke
# you now.
#:0:
#* ^Subject:.*\
#spam/subject


# A similar, recent trend.
#:0:
#* ^Subject:.*\
#spam/subject


# I don't want to buy millions of e-mail addresses, thankyouverymuch.
#:0:
#* ^Subject:.*(000|million|verified).*(e-mail|email)?.*address
#spam/subject


# If you're excited about credit cards or mortgage rates, you're probably
# stupid.  (Note the exclamation point at the end.)
#:0:
#* ^Subject:.*((mortgage.*rate)|(credit card)|insurance|market|debt|buy|(financial freedom)|(\$)|wealth).*!
#spam/subject


# If you're excessively excited about pretty much anything, I probably don't
# want to talk to you.
#:0:
#* ^Subject:.*!!!
#spam/subject


# Capitalist pigs.
#:0:
#* ^Subject:.*\$.*\$
#spam/subject


# Yeah, right.
#:0:
#* ^Subject:.*disney.*x.*archiv
#spam/subject


# No I didn't.
#:0:
#* ^Subject: Re:.*info.*requested
#spam/subject


# Stalk much?
#:0:
#* ^Subject:.*find out.*anything.*anyone
#spam/subject


# Enough already.
#:0:
#* ^Subject:.*((got debt)|(tax problems))
#spam/subject


# Thanks, I'm all set.
#:0:
#* ^Subject:.*((stop)|(quit)).*((smok)|(snor))
#spam/subject


# Not generally they're not.
#:0:
#* ^Subject:.*girl.*crazy
#spam/subject


# No thanks, I already know everything.
#:0:
#* ^Subject:.*((computer)|( it )).*((train)|(scholarship))
#spam/subject


# I don't think I will, thanks.
#:0:
#* ^Subject:.*((check.*out)|(see.*this))
#spam/subject


# Be suspicious of HTML-only mail.  Be very suspicious.
#
# Remember that friends/acquaintences/co-workers/etc are being auto-accepted
# prior to parsing this file.  Of course, we can safely assume that none of
# those people would be sending me HTML mail in the first place, since that
# would imply that their intelligence was approximately equal to that of a
# chalupa, and hence I never would have agreed to communicate with them in
# the first place.
:0:
* ^Content-Type: text/html
spam/html


# Ditto with this.
:0
* ^Content-Type: multipart/
{
	:0 B
	* !^Content-Type: text/plain
	* ^Content-Type: text/html
	spam/html
}


# I don't speak Korean.
# I also don't like to grep the bodies of every incoming message, so I've
# got these two attempts at narrowing the field of investigation a bit.
#:0
#* ^(Received:|From:).*\.kr
#{
#	:0 B:
#	* charset="ks_c_5601-1987"
#	spam/charset
#}
#
#:0
#* ^Content-Type: multipart/alternative
#{
#	:0 B:
#	* charset="ks_c_5601-1987"
#	spam/charset
#}


# Reject any mail with a Chinese address in its headers.  This may not seem
# reasonable or fair, but considering that China is just one big spam
# factory these days, and since it's been literally years since I've
# received any _legitimate_ mail from a .cn address, I feel quite justified
# in sinking the lot.
#:0:
#* ^(Received:|From:|Reply-To:).*\.cn\>
#spam/china


# Likewise for Russia.  What *is* it with these ex-communist nouveau
# capitalist marketers anyway?  Sheesh, get some class, you guys...
#:0:
#* ^(Received:|From:|Reply-To:).*\.ru\>
#spam/russia


# Nuke anything that contains more than two high-ascii characters in the
# subject.  This threshold allows some leeway for things such as "I really
# like the façade of your café", but filters out a lot of crap from Russia,
# etc that slips through the other filters.
#
# Note that the characters in the brackets below are ASCII 0x80 and 0xFF.
# You may not get the right characters if you do a copy+paste from this web
# page.  A good hex editor is your friend here. :)
#:0:
#* ^Subject:.*[€-ÿ].*[€-ÿ].*[€-ÿ]
#spam/ascii-garbage


# Same deal with the sender's name.
#:0:
#* ^(From:|Sender:|Reply-To:).*[€-ÿ].*[€-ÿ].*[€-ÿ]
#spam/ascii-garbage


# Nuke anything that specifies a different character set for the subject
# line.  This catches things not caught by the previous rule due to being
# encoded in ASCII chars 0x00-0x7F.
#:0:
#* ^Subject:.*=\?.*\?=
#spam/ascii-garbage


# Filter any mail claiming to be from a hotmail.com address that does not
# contain the characteristic "X-Originating-IP" header.
#:0:
#* ^(Received:|From:).*hotmail\.com
#* !^From: postmaster@.*hotmail\.com
#* !^X-Originating-IP
#spam/fake-hotmail


# Filter any mail claiming to be from a yahoo.com address whose Message-ID
# header indicates otherwise, unless it appears to be a bounce (which should
# come from a mail daemon).
#:0:
#* ^(Received:|From:).*yahoo\.com
#* !^FROM_MAILER
#* !^Message-ID:.*yahoo(mail)?\.com
#spam/fake-yahoo


# Filter any mail claiming to be from a Juno address that does not contain
# the characteristic "X-Mailer: Juno" header.
#:0:
#* ^(Received:|From:).*juno\.com
#* !^X-Mailer: Juno
#spam/fake-juno


# Filter any mail claiming to be from a Lycos address that does not contain
# the characteristic "X-Sender-Ip" header.
#:0:
#* ^(Received:|From:).*(lycos|mailcity)\.com
#* !^X-Sender-Ip:
#spam/fake-lycos


# This makes me highly suspicious.  Exceptions are granted for mail daemons
# and myself (the latter for the benefit of the Autostatus program).
:0:
* ^TO_.*undisclosed.*recipient
* !^FROM_MAILER
* !^From: status(-k)?@horde\.com
spam/undisclosed


# Too many spaces in your subject line makes me suspicious. The exceptions
# are for some of majordomo's stupid bounce message formats, and for some
# messages from cron.
:0:
* ^Subject:.*    .*
* !^Subject:.*Non-member submission
* !^Subject:.*Admin request of type
* !^Subject: Cron.*root
spam/spaces


# Yeah, I bet.  But I don't think that's my name.
#:0:
#* ^To:.*(urgent|important|customer)
#spam/to


# Some spammers forge usernames that contain multiple consecutive dashes.
#:0:
#* ^From:.*--
#spam/from


# I doubt I want to hear anything from any marketroid.
#:0:
#* ^From:.*marketing
#spam/from


# My username isn't actually my real name, and if you were a real
# correspondent you'd know that.
:0:
* ^Subject:.*(hey|hi).*paulds
spam/subject


# Likewise.
:0:
* ^Subject: paulds
spam/subject


# Similarly, very few legitimate correspondants will prefix the subject with
# my name in this way.
:0:
* ^Subject: Paul( Stauffer)?[,:] .*
spam/subject


# Or with just my last name...
:0:
* ^Subject: Stauffer
spam/subject


# Look, I know better than to believe that I can copy a DVD onto a CD-ROM,
# alright?  Leave me the hell alone.
#:0:
#* ^Subject:.*(burn|copy|make).*dvd
#spam/subject


# I like my fat.  I'm not interested in loosing it.
#:0:
#* ^Subject:.*loo?se (up to )?[0-9]+ pounds
#spam/subject


# Eliminate a lot of incest-related porn spam.
#:0:
#* ^Subject:.*((father)|(\)|(mother)|(\)|(parent)|(\)|(brother)|(daughter)|(sister)|(child)).*((father)|(\)|(mother)|(\)|(parent)|(\)|(brother)|(daughter)|(sister)|(child))
#spam/subject


# Highly suspect topics.  Again, bear in mind that I preemptively accept all
# mail from several hundred preapproved sources, which constitute the bulk
# of the real people I communicate with.  Doing that makes this rule much
# less risky.
#:0:
#* ^Subject:.*((free (password|porn))|adult|credit|income|(mortgage.*(rate|quote))|homeowner|insurance|invest|market|profit|debt|money|(financial(ly)? (freedom|independen))|(web counter)|(great deal)|guarantee|bills|casino|millionaire|(hair loss)|viagra|sex|\|(great news)|(pay(ing)? too much)|( cams? )|pissing|( win )|(microsoft.*(cert|train))|( b2b )|business|(loo?se weight)|(weight loss)|((best|great|awesome|excellent) value)|savings|((printer|toner) cartridges)|( sec?ks )|whore|bestial|\|(instant approval)|\|\|\|(\)|qualif(y|i)|\|\|(complimentary)|((no|low)[ -](cost|fee|charge)))
#spam/subject


# Catch some overzealous religious spam.
#:0:
#* ^Subject:.*((jesus christ)|(sinner)|(\)|(\)|(\.*!))
#spam/subject


# I don't believe in a free lunch.
#:0:
#* ^Subject:.*((\)|(claim)|(receive)|(won)).*(free|reward)
#spam/subject


# Keep your "FREE" to yourself...
#:0 D:
#* ^Subject:.*FREE
#spam/subject


# Malfunctioning spam software.
#:0:
#* ^Subject:.*RND_UC_CHAR
#spam/subject


# Two or more words in all uppercase letters in the subject is a red flag.
#:0 D:
##* ^Subject: .*[A-Z][A-Z]+[^A-Z]+[A-Z][A-Z]+
##* ^Subject: .*\<[A-Z]\>.*\<[A-Z]\>
#* ^Subject: (Fwd:|Re:)?[^a-z]*[A-Z][A-Z]+[^a-z]*$
#spam/shouting


# Mail claiming to be malware removal tools almost certainly contains a
# virus, worm, or trojan.  Not necessarily spam per se, but I don't want to
# see it anyway.
#:0:
#* ^Subject:.*removal tool
#spam/virus


# Similarly, I'm not interested in receiving notification that some virus or
# worm decided to use my e-mail address in its "from" line.  Again, not
# really spam, but close enough.
:0:
* ^Subject: InterScan.*Alert
spam/metavirus


# Feeling defensive?  Huh.  Wonder why...
#:0 B:
#* (this is not (an? )?(((commercial|unsolicited).*mail)|(spam)|(uce)))|(current laws on commercial.*mail)|(1618 TITLE (III|3|111))|(H\.?R\.? 3113)|(105th Congress)|(passed by the 105th)|(do(es)? not (send|use|(make use of)|support) .* unsolicited .*mail)|(to opt[ -]out)|(opt(ed)?[ -]in)|(if you did not request this)|(one[ -]time ((e-?)?mail|message))|(address was obtained from a purchased list)|(Commercial Electronic Mail Act)|(saf-e mail)|((further|additional) promotional mail)|(not( be)? considered spam)|(centralremovalservice\.com)|(autoemailremoval\.com)
#spam/this-is-not-spam


# No more Nigerian Scam mail for me.
#:0 B:
#* Nigeria|Angola|(Sierra[ -]Leone)|Congo
#* account|bank|million
#spam/nigeria


# Removed; SA now has its own rc file.
# I generally trust SpamAssassin to do the right thing.
#:0:
#* ^X-Spam-Flag: YES
#spam/spamassassin


# Experience has taught me not to trust people who use this MTA.
# Disabled 13 Oct 2003.  Got a few false positives, and it was only catching
# a few actual spams anyway.
#:0:
#* ^Received:.*InterMail
#spam/intermail


# These guys *totally* piss me off!
:0:
* ^Subject:.*\
spam/blacklist


# Misc random spammers.  This is where I explicitly deal with places that
# consistently send garbage to me, if it hasn't already been caught by one
# of the more general rules.
:0:
* ^(Received:|From:|To:).*(techvenue\.com|perfdata\.com|conservativefun\.com|clickaction\.net|echampions2000\.com|rnc(mail)?\.org|nmailer\.com|traditionalvalues\.org|churches\.net|snd\.edu\.gr|ioannou@vip\.gr|worldses\.org|wseas|discounts-direct\.com|elki@aol\.com|industryemail\.com|rchproducts\.com|webuniverse\.net|hostex\.com|insertweb\.net|hellasnet\.gr|pathfinder\.gr|optingnow\.com|investorsinsight\.com|yakim5150@yahoo\.com|b2blists\.com|bostonlimoservices\.com|afsmail\.com|artmarket\.com|kongmail\.com|topsites\.com|topsites-us\.com|topsitez\.us|dealsfromtheweb\.com|deerclk\.com|peppypuppy)
spam/blacklist