SpamFryer is a free Amiga program, written in ARexx by former Amiga Inc contractor and Amiga Format columnist SimonGoodwin, which talks directly to a POP3 mail server and deletes spam without you having to read it.
SpamFryer is driven by rules, of which more than 130 are in the October 2006 Aminet upload. A Wiki seems the ideal place to collect new rules for those who want to share ways to catch the latest spams without having to upload a complete replacement for the Aminet package:
http://main.aminet.net/comm/mail/SpamFryer.lha
http://main.aminet.net/comm/mail/SpamFryer.readme
Version 5:3 is the latest released to Aminet. SpamFryer 5 adds significant new techniques to catch spam simple rules cannot identify, and about 30 rules which were not present in earlier versions, each of which has caught at least four batches of spam sent out in 2005 or 2006. Most of those were previously published first on this Wiki. 
See the end of this page for interim patches, or add your own there. The latest documentation has been converted from AmigaGuide to HTML and posted here:
http://simon.mooli.org.uk/AF/article/SpamFryer.html
The following links point to the latest version of the YAM mailer integration script, maintained by Allan Rasmussen:
http://home19.inet.tele.dk/acme/comm/mail/SpamFryerYAM.readme
http://home19.inet.tele.dk/acme/comm/mail/SpamFryerYAM.lha
That elaboration of SpamFryer uses the same rules and configuration files as the full package on Aminet.
Almost all of the patches and new rules for version 4:5 of SpamFryer and earlier have been included in the October 2006 version 5:3 update, so there's not a lot left here for the time being (unless you add more). However some 'optional extras' and related principles do deserve further discussion here.
- Lotteries
Unless you or your friends are desperate or innumerate enough to take an interest in lotteries, we recommend the following rule as a good way to get rid of the many lottery spam mails (we've seen dozens in the last couple of years, not caught by other rules)
Early-Ref: lottery
This rule is included in the latest release of SpamFryer, but disabled in case it causes people to miss genuine lottery notifications by email (multiply-unlikely though those seem to us). Unless you participate in lotteries we recommend that you remove the // prefix from the relevant line of the SpamFryer.loseList, and spare yourself these irritating come-ons.
In general we're trying to avoid Early-Ref: rules in favour of tests on a single header line, which cost less CPU time, to help those with slow 68Ks or big maildrops. But in some cases we still prefer to include terms as Early-Ref: rules (which means they are also scanned for in the Subject: line) as that catches more spam.
- Non-ASCII characters
One more rule made it into the 4:5 and 5:3 version updates now on the main Aminet site:
Subject: =?iso-8859-1?b?
This seems to catch mails which have their subject deliberately obfusticated by encoding it ALL using the escape system for non-ASCII characters (e.g. those with Amiga codes greater than 126). It does not reject mails with subjects mainly in ASCII but with a few codes from the Amiga (ANSI Latin 1) 8-bit set escaped therein.
After tests on a bank of 3000-odd test mails, a mix of genuine mails and unfried spams collected in recent years, we did NOT include:
Subject: =?iso-8859-1
That also catches messages with just a few non-ASCII or accented characters, including some we wanted to receive. Don't use that unless you want to strictly restrict the mail subjects you get to 7-bit ASCII.
SpamFryer 5:3 includes an optional algorithm to strip accents from mails before pattern matching. This enables it to spot spam references that are perfidiously obscured by the use of non-ASCII characters (e.g. adding accents to the vowels in the trade name viagra in an attempt to get it through filters).
If people send you mail requiring Unicode or other non-Amiga character-sets, SpamFryer can be programmed to keep or lose those with similar rules.
- MIME-tainted spam
In 2006 SimonGoodwin got a load of spams which no upstream filter could catch, and had a look at the contents. They were all MIME encoded but with empty sections, which marked them out from other MIME emails received from genuine correspondents. Allan Rasmussen has refined the patch to identify such mails previously posted on this Wiki; a better version of the patch appears in SpamFryer 5:3, uploaded to Aminet on 29th October 2006.
Of course these rules and algorithms may zap something you want, so please carefully consider them first (alternates welcome, just edit them in at the end of this page, that's the beauty of a Wiki) and use them with a personalised keepList for extra security.
If you try anything on this page - please let us know how you get on. We've received around 250 mails from users of SpamFryer since launch, but very few from new users since the release of version 4:5 in 2005. We don't know if this is because they're all happy or all gone. Further updates here and on Aminet depend on feedback from users!
UNSAFE RULE!
I recommend you REMOVE this rule from the loselist, as it is not safe;
Early-Ref: Spam detection software, running on the system "
/Allan
Towards the end of November sales spam started to come in with a curious grid of text interlaced with underscores early in the plain text.
Early in December this tripped the count for 'enough to be worth a new rule', so here goes:
Early-Ref: _R__P__O_
N.B. the internal underscores come in pairs (one only on the outsides) and the 'O' is a letter not a digit.
Many of the stock-hyping plain-text spams now abounding can be caught with the simple rule
Early-Ref: Price: $0.
If your local currency is in dollars, or you'd like to receive offers in such currency, this is probably not a good rule to add. But it works well for Europeans like me.
Suggestion for rules (loselist) : Please note that not all the following rules will suit to everyone needs. Many factors like your country or your language may make them unwanted for you. So double check before adding them to your own loselist.
You can avoid most of the spam coming from Russia by filtering out mails with Cyrillic alphabet (koi8-r = Russian, Bulgarian, ...; koi8-u = Ukrainian) :
From: =?koi8-r?B? From: =?windows-1251?B? Subject: =?koi8-r?B? Subject: =?windows-1251?B? Early-Ref: charset=KOI8- Early-Ref: charset="koi8-
An additional trick is to ban mails containing a URL with a .ru domain :
Early-Ref: ".ru " Early-Ref: .ru/ Early-Ref: .ru>
To avoid mails in Japanese :
From: =?iso-2022-jp?B? Subject: =?iso-2022-jp?B?
To avoid mails in Arabic :
Subject: =?windows-1256?B?
To avoid mails in Chinese :
Subject: =?GB2312?B?
General spam trigger (header that can be added by the spam detection software from your ISP):
Subject: [SPAM Early-Ref: X-SpamTest-Status: SPAM Early-Ref: X-Junkmail-Status: score=50 Early-Ref: -Spam: SPAM
And a variant of the above (when not 100% sure the message is a spam, so be careful if using this one):
Early-Ref: -Spam: Probable Spam
This one can also help (but still does not identify a mail as 100% spam):
Early-Ref: X-SpamTest-Method: Headers: Suspicious
If you want to avoid some porn mails:
Early-Ref: X-SpamTest-Categories: Obscene
Another possible spam trigger (be very careful, as this rule can also delete wanted mails, like the ones coming from mailing lists you are subscribed to):
Early-Ref: -Metrics: rago
This rule catch mails from a mis-used spam mailer:
Early-Ref: option 1 - You can put ANY text you want here
100% of the mails I received with this header are spam. Yet, I still advice to use it with caution (as maybe this mailer can also be use for something more regular then bulk mailing spam):
Early-Ref: X-Mailer: The Bat!
Other spam mailers you may want to avoid:
Early-Ref: X-Mailer: VizslaMail Early-Ref: X-Mailer: Email Marketer Early-Ref: X-Mailer: Mirapoint Webmail Direct Early-Ref: X-Mailer: VolleyMail Early-Ref: X-Mailer: ListMail Early-Ref: X-Mailer: Webstars System Early-Ref: X-Mailer: Voxmail Early-Ref: X-Mailer: Sohu Web Mail Early-Ref: X-Mailer: OpenWare WebEngine Early-Ref: X-Mailer: Rapid-Emailer Early-Ref: X-Mailer: MP6 Early-Ref: User-Agent: Poczta Gery.pl Early-Ref: User-Agent: FuseMail
As I'm receiving many spam from people abusing Yahoo services, I've added this rule to my list. I advice you check first, if you have subscribe to a Yahoo mailing list, that this rule will not prevent you to receive wanted mails.
Early-Ref: X-Yahoo-Newman-Property: ymail-
These ones are for the very invasive 'Viagra' spams (penis, erection, viagra, cialis, pills, and so on):
From: " Pills" From: Pilule From: Pillule From: Viarga From: Vigara From: "comprimes " From: "sante " From: " maintenant" From: "penis " From: pas de recette From: Bon Poid From: Sans Docteur Subject: % OFF Subject: % 0FF Subject: 0 pill Subject: " V - 0." Subject: " Vi - 0." Subject: c1al Subject: V1agr Subject: EuroPha Subject: Online Pha Subject: Online Faar Subject: Phaa Subject: pharmaa Subject: d0(ct Subject: eis im Web Subject: Pre Im Web Subject: !agra Subject: vlagr Subject: Vgaira Subject: Vi generi Subject: " Vi online" Subject: " Ci online" Subject: " Vi en l" Subject: " Ci en l" Subject: " Ci - " Subject: " Hoodia" Subject: " rx purch" Subject: impotence drug Subject: generic drug Subject: Best pill Subject: Sleeping pill Subject: blue diamond tablet Subject: Vorteile von V Subject: apthek Subject: internetapo Subject: OnlineDrugstore Subject: online medication Subject: Health formul Subject: method to bed women Subject: failures in bed Subject: Prices on enlarg Subject: proved to be effective! Subject: Muscles relax equipment! Subject: Gain amazing length Subject: deeper into her Subject: Pillules pour Amoureux Subject: Male tool Subject: m_edz Subject: Warum VA? Subject: VA rezept Early-Ref: Pilules Early-Ref: Cialis, Early-Ref: expressherbals Early-Ref: V|AGR Early-Ref: VlAGR Early-Ref: Vagria Early-Ref: Vigara Early-Ref: Viaaa Early-Ref: Viiaa Early-Ref: Viiia Early-Ref: Ciiaa Early-Ref: cialsi Early-Ref: c1al Early-Ref: Ciali1s Early-Ref: cial!s Early-Ref: "ci@lis " Early-Ref: Leivtr Early-Ref: pha** Early-Ref: p*h*a Early-Ref: b*u*y Early-Ref: Vi 10 compr - Early-Ref: Vi 10 tbb - Early-Ref: Via 10 tab - Early-Ref: " m*ed" Early-Ref: " me*d" Early-Ref: " he*a" Early-Ref: " hea*" Early-Ref: " pharm " Early-Ref: "Pharma " Early-Ref: ph**a Early-Ref: pha^rm Early-Ref: onlineph Early-Ref: " health store" Early-Ref: "0 tb - " Early-Ref: "0 wz - " Early-Ref: "0 wf - " Early-Ref: " ql - " Early-Ref: Vi 10 cm - Early-Ref: Vi 10 pal - Early-Ref: Vi 10 pl - Early-Ref: Via 10 p - Early-Ref: EuroPha Early-Ref: ftTabs Early-Ref: Hoodia Gordoni Early-Ref: Human Growth Hormon Early-Ref: ERECTifix Early-Ref: best prices for pill Early-Ref: besten preisen Early-Ref: lot of pills Early-Ref: genericrx Early-Ref: purchaserx Early-Ref: impotenceMed Early-Ref: medshop Early-Ref: MedicationD Early-Ref: MedicationM Early-Ref: PharmacyOrder Early-Ref: drug$ Early-Ref: drugs online store Early-Ref: Pharmacy online drugstore Early-Ref: online health shop Early-Ref: male enlarg Early-Ref: gagnant au lit Early-Ref: Elongate your trouser snake Early-Ref: increase your length Early-Ref: 100% discreet packaging Early-Ref: Hey boy, it's time to grow up!
For the "Casino" ""offers"":
From: Casino From: Cazino From: Kasino Subject: Cazino Subject: Sie ins Casino einladen Subject: Sie_ins_Casino_einladen Early-Ref: WWO Casino
Some of the variants received in the "From:" field: "Euro Casino", "VIP..Casino", "VIP Casino", "Club Casino", "Dice Casino", "Online Casino".
"Replica":
Subject: SwissRepl Subject: rep|ic Subject: rep1ic Subject: //atch Subject: Roadster Watches Subject: Quality Watches Subject: replica watch Subject: Luxury Watches Subject: Designer Watches Subject: Shop for Your Watch Subject: ex watch# Early-Ref: Replica fake Early-Ref: Replica classic Early-Ref: replica watch Early-Ref: ReplicaSite Early-Ref: ReplicaStore Early-Ref: genuine replica Early-Ref: Rolex rep Early-Ref: Rep1ic Early-Ref: rep1!c Early-Ref: timepiece Early-Ref: lgari watches Early-Ref: time to show a luxury look
Phishing, swindling and other frauds:
From: Poste.it From: Poste Italiane From: " italpol " From: " lotto" From: United Parcel Service From: US Custom Service From: Bank of Nigeria From: NatWest Online Banking Subject: Westminster Bank Subject: SmallCaps Stox Subject: CASH AIDS Subject: PAYMENT AGENT WANTED Subject: RE: YOUR OVERDUE FUND Subject: RE: PAYMENT OF FUND Subject: Fund Released Subject: Funding opportunity Subject: earn many money Subject: LOAN OFFER Subject: VISA LOTTERY Subject: YOUR E-MAIL HAS WON Subject: PRIZE NOTIFICATION Subject: DEAR WINNER Subject: from dr. Reply-To: New Service for Google Early-Ref: African Bank Early-Ref: Bank of Africa Early-Ref: Bank of West Africa Early-Ref: Bank Nigeria Early-Ref: Bank Ghana Early-Ref: Bank of Ghana Early-Ref: Zenith Bank Early-Ref: CENTRAL BANK OF NIGERIA Early-Ref: Central Bank Offshore Dept Early-Ref: Standard Chartered Bank Early-Ref: co-operative Bank Early-Ref: www.muslimcharities.com Early-Ref: Standard Trust Loans Early-Ref: Organization: Fatturazione Early-Ref: Organization: Martins Hoskins Loan Agency Early-Ref: Greetings from Russia to Early-Ref: PROVEN ON OPRAH! Early-Ref: BLACKPOOL INTERNATIONAL PROMOTION Early-Ref: " italpol " Early-Ref: " lotery " Early-Ref: Svenska Spel Lottri Early-Ref: CANADA 6/49 Early-Ref: INVEST IN YOUR COUNTRY Early-Ref: British High Commission Early-Ref: Wakabayashi Fund Early-Ref: Fondazion De Vittorio Early-Ref: audiycom
If you are living in Italy (or want to receive mails from Italy), be careful when adding the "poste.it" rule (above) and the "retail.telecomitalia.it" (below). Poste.it is a real domain, but often abused (phishing); and telecomitalia.it is probably a honest provider, but many dirty mails are sent by users from this domain.
Some web sites from or for which spams are coming:
Early-Ref: retail.telecomitalia.it Early-Ref: hitheq. Early-Ref: www.cji2.net Early-Ref: www.pantalonthai.com Early-Ref: treehuggersofamerica.org Early-Ref: xinghaimould.com Early-Ref: moneybookers.com Early-Ref: www.sagapo.fr Early-Ref: musst-du-sehen.com Early-Ref: beautifulgirlsworld. Early-Ref: supermoto. Early-Ref: successwrote.
Miscellaneous:
From: seniorshousing. From: gazeta.pl From: desjardins.com From: remaxfoz.eu From: learnhq.com From: moneybookers. From: xinghaimould. From: treehuggersofamerica. From: sagapo.fr From: pantalonthai@ From: @dccollective.com From: @dcretro.com From: @partyslave.com From: Tastings Journal From: Fininfocom From: voyage-vacances-loisirs. Subject: Tudo Gratis Subject: a_du_lt Subject: be$t Subject: pr*ice Subject: AddtoCart Subject: TakeALook Subject: Youtube electronico Subject: Cheapest software prices! Subject: cheap price degree Subject: ProductsShipping Subject: ultra oferta Subject: SALES MANAGER Subject: SOLD OUT -- Subject: dating sex Subject: dating site Subject: dating with Subject: free dating Subject: International Dating Subject: from page number Subject: from:page number Subject: P|O|R|N Subject: P_()_R_N Subject: Schoolgirl snail feed Subject: illustrator CS3 Subject: Cue CS3 Early-Ref: Windows XP Pro Early-Ref: Windows Vista Ultimate Early-Ref: As a Windows Live member Early-Ref: Adobe Photoshop CS Early-Ref: Master Collection for Win Early-Ref: Ph0t0 Early-Ref: V1DE0 Early-Ref: " rape pic" Early-Ref: t_e_e_n Early-Ref: dip1oma Early-Ref: d0wn Early-Ref: l0ad Early-Ref: 0nline Early-Ref: X-To: cnn-dailytop10 Early-Ref: Internet Dating Agency Early-Ref: LowRateOfPrice Early-Ref: Citywide Early-Ref: mobiyeah Early-Ref: cohesion-international Early-Ref: Organization: Klastor Early-Ref: Thread-Topic: Urgently need your help Early-Ref: ScriptPath: somasangyo.com Early-Ref: allofmp3 Early-Ref: Cheboksary
More for those nasty Windows attachments:
Early-Ref: .vbs" Early-Ref: .cpl" Early-Ref: .hta" Early-Ref: .bat" Early-Ref: .cmd" Early-Ref: .hqx"
Rules I think might be unsafe (or too generic), from SpamFryer 5:3 package:
Early-Ref: Anti_Virus Early-Ref: all new softwares. Subject: Cost! Subject: Prescription Subject: inexpensive Subject: dear customer Subject: ordering info
AmigaPhil
Note for users of SpamFryer.rexx 6 (and up): Some of the previously embedded rules have been moved away from the main script since 5:3. You may want to add them to your keeplist and loselist.
For the keeplist:
Subject: SpamFryer Subject: SpamFrier Subject: Spam Frier Subject: Spam Fryer
For the loselist:
Subject: *SPAM* To: www. To: undisclosed-recipients Early-Ref: </ Early-Ref: <HTML> Early-Ref: text/html
As for the last rule, wouldn't it be better to replace it with this ?
Early-Ref: Content-Type: text/html
AmigaPhil
Please add more rules here!
