Home RecentChanges

SpamFryer

Amiga Software Communication

SpamFryer is a free Amiga program, written in ARexx by former Amiga Inc contractor and Amiga Format columnist SimonGoodwin, which talks directly to a POP3 mail server and deletes spam without you having to read it.

SpamFryer is driven by rules, of which more than 130 are in the October 2006 Aminet upload. A Wiki seems the ideal place to collect new rules for those who want to share ways to catch the latest spams without having to upload a complete replacement for the Aminet package:

http://main.aminet.net/comm/mail/SpamFryer.lha

http://main.aminet.net/comm/mail/SpamFryer.readme

Version 6:18 is the latest released to Aminet. Version 6 introduced a stand-alone 'SpamBrowser' ARexx script which gives you the option to run SpamFryer in an interactive mode. You can preview the contents of your mailbox and interactively select the mails you want to keep or delete. Passwords may now be encrypted to the APOP standard. A new custom version benefits users of the Thor mailer. Localisation support is improved, as is the handling of control characters and long lines (to Internet standard RFC 2822).

SpamFryer 5 added significant new techniques to catch spam simple rules cannot identify, and about 30 rules which were not present in earlier versions; most of those were previously published first on this Wiki. :-)

See the end of this page for interim patches, or add your own there. The latest documentation has been converted from AmigaGuide to HTML and posted here:

http://simon.mooli.org.uk/AF/article/SpamFryer.html

The following links point to the latest version of the YAM mailer integration script, maintained by Allan Rasmussen:

http://jay-jay.dk/acme/comm/mail/SpamFryerYAM.readme

http://jay-jay.dk/acme/comm/mail/SpamFryerYAM.lha

That elaboration of SpamFryer uses the same rules and configuration files as the full package on Aminet.

Almost all of the patches and new rules for version 4:5 of SpamFryer and earlier have been included in the October 2006 and 2008 updates, so there's not a lot left here for the time being (unless you add more). However some 'optional extras' and related principles do deserve further discussion here.

Unless you or your friends are desperate or innumerate enough to take an interest in lotteries, we recommend the following rule as a good way to get rid of the many lottery spam mails (we've seen dozens in the last couple of years, not caught by other rules) 

 Early-Ref: lottery

This rule is included in the latest release of SpamFryer, but disabled in case it causes people to miss genuine lottery notifications by email (multiply-unlikely though those seem to us). Unless you participate in lotteries we recommend that you remove the // prefix from the relevant line of the SpamFryer.loseList, and spare yourself these irritating come-ons.

In general we're trying to avoid Early-Ref: rules in favour of tests on a single header line, which cost less CPU time, to help those with slow 68Ks or big maildrops. But in some cases we still prefer to include terms as Early-Ref: rules (which means they are also scanned for in the Subject: line) as that catches more spam.

One more rule made it into the 4:5 and 5:3 version updates now on the main Aminet site: 

 Subject: =?iso-8859-1?b?

This seems to catch mails which have their subject deliberately obfusticated by encoding it ALL using the escape system for non-ASCII characters (e.g. those with Amiga codes greater than 126). It does not reject mails with subjects mainly in ASCII but with a few codes from the Amiga (ANSI Latin 1) 8-bit set escaped therein.

After tests on a bank of 3000-odd test mails, a mix of genuine mails and unfried spams collected in recent years, we did NOT include: 

 Subject: =?iso-8859-1

That also catches messages with just a few non-ASCII or accented characters, including some we wanted to receive. Don't use that unless you want to strictly restrict the mail subjects you get to 7-bit ASCII.

SpamFryer 5:3 includes an optional algorithm to strip accents from mails before pattern matching. This enables it to spot spam references that are perfidiously obscured by the use of non-ASCII characters (e.g. adding accents to the vowels in the trade name viagra in an attempt to get it through filters).

If people send you mail requiring Unicode or other non-Amiga character-sets, SpamFryer can be programmed to keep or lose those with similar rules.

In 2006 SimonGoodwin got a load of spams which no upstream filter could catch, and had a look at the contents. They were all MIME encoded but with empty sections, which marked them out from other MIME emails received from genuine correspondents. Allan Rasmussen has refined the patch to identify such mails previously posted on this Wiki; a better version of the patch appears in SpamFryer 5:3, uploaded to Aminet on 29th October 2006, and in the following update two years later.

Of course these rules and algorithms may zap something you want, so please carefully consider them first (alternates welcome, just edit them in at the end of this page, that's the beauty of a Wiki) and use them with a personalised keepList for extra security.

If you try anything on this page - please let us know how you get on. We've received around 250 mails from users of SpamFryer since launch, but very few from new users since the release of version 4:5 in 2005. We don't know if this is because they're all happy or all gone. Further updates here and on Aminet depend on feedback from users!

SimonGoodwin

UNSAFE RULE!

I recommend you REMOVE this rule from the loselist, as it is not safe; 

Early-Ref: Spam detection software, running on the system "

/Allan

Towards the end of November 2007 sales spam started to come in with a curious grid of text interlaced with underscores early in the plain text.

Early in December this tripped the count for 'enough to be worth a new rule', so here goes: 

Early-Ref: _R__P__O_

N.B. the internal underscores come in pairs (one only on the outsides) and the 'O' is a letter not a digit.

SimonGoodwin

Many of the stock-hyping plain-text spams now abounding can be caught with the simple rule 

Early-Ref: Price: $0.

If your local currency is in dollars, or you'd like to receive offers in such currency, this is probably not a good rule to add. But it works well for Europeans like me.

SimonGoodwin

These rules have each been found to eliminate at least four spams in late June/early July 2009:

From: MustHaveTool

Subject: "Windshield Wonder"

From: FreeCommunication

Subject: "Throw that expensive phone bill away..."

Those two are pairs alternatives from the same common recent spam, so either will work and both may catch more.

You might like to add these, too, though it's only come in three times in the last few days:

From: GetWallStreetJournal

Subject: "Wall Street Journal subsciption"

New SpamFryer rules from mid July and early August 2009:

8 hits (all from "RWD"):

Subject: "Why Wait? Meet Russian Women Today..."

6 hits (each):

From: KillYourBillsTeam

From: BackPainSolution

5 hits:

From: FreeCommunication

From: GetWallStreetJournal

From: IndoorDogPotty

From: Printer.Ink

4 hits:

From: RossiCutlery

From: MustHaveTool

Subject: "Turn your car radio into a speaker phone..."

---

New rules for December 2009:

6 hits:

Subject: Snuggie

5 hits:

From: BillyMaysProduct

---

New rules for May 2010 (all 4+ hits this month):

From: Premium Biz Cards

From: Join-AARP

From: Doggie Fun

From: DirectBuy Insider Deals

Home RecentChanges
1 Comment on SpamFryer This page is read-only View other revisions Administration | AmigaLink
Last edited 2010-05-23 21:32 UTC by SimonGoodwin (diff)

Search:

All text is available under the terms of the GNU Free Documentation License.
Site design by BIGcat studios.

http://www.amigacentre.co.uk/img/wikiheaderpink.png

Important: Pages are read-only. For most content, you may be better off searching on Wikipedia. For further details and if you want an edit password, see WikiStatus.

Main Topics

Help and information

Hosted in partnership with Amiga.org

http://www.amigawiki.com/img/AOrg-banner.jpg