I was looking at the headers in various spam emails I get and I noticed a majority of it has an X-Spam-source containing Host='noreverse', i.e., the originator is hiding who they really are. Nothing surprising about that. I only recently switched to using FM as my email service. As an excuse to try to start to get myself acquainted with sieve (and have a little fun) I added the following code to the sieve script at the start just before section 1.
Code:
if not header :matches "X-Spam-Known-Sender" "yes*" {
if
allof(
header :contains "X-Spam-source" "Host='noreverse'",
header :value "ge" :comparator "i;ascii-numeric" "X-Spam-score" "5"
)
{
fileinto "INBOX.noreverse";
stop;
}
}
Eventually this could be just a discard rule and I could use the UI to do that but I wanted to be sure the theory was valid so I wrote it explicitly to sort the matches into a new folder named "noreverse". That way I could easily see if the stuff I was sorting into there was all truely spam.
Before I turn this into a discard rule I was wondering if there are any exceptions that I might want to actually see. Are there any valid cases where an email classed as spam and has Host='noreverse' where I wouldn't want to just discard it? So far I haven't seen any exceptions. While I don't get a lot of spam (say 5 to 30 a day) it's still easier to look over the remaining spam that doesn't fit this criteria if they aren't listed in the spam folder first place. Maybe for safety I should set the X-Spam-score threshold higher than the usual 5, say 10, 15, 20?
Given the relatively low quantity of spam I get I am not even sure I even want to do this. I'm not totally "in love" with this idea but it was at least an excuse to read the sieve specs and play around a little bit. But it never hurts to ask for other opinions anyhow. I'm just curious what others think about this idea pro or con.
Thanks in advance.