Getting tons of spam emails with same FROM & TO and all just have sequence of numbers in subject and body. Tried a regex as below but I'm stopping regular emails as well. Can't enable the option to reject same from-to in SF in my case. Anyone found a good way to stop it using rejex?

((?i)Subject:.[0-9])

Thanks!

I had the same too, http://isc.incidents.org/ - http://isc.incidents.org/  even reported such yesterday also as they were watching it and had numerous reports of the same.

What I trying to figure out is why SPF (which we use and implement for our domain) didn't stop the messages.  After tracking them in the log, it was found that the were autowhitelisted which is baffling to me to figure out why they were white listed.

Here is what I want to catch:

Subject: 455
Subject: 586876
Subject: 1545453

The common denominator is that the first character is a number but the length varies and i don't want to catch stuff anywhere else but the first number after Subject:^(I use ^ to represent a space)

sgeorge wrote: I see.  Funny you should mention ^.  In RegEx, ^ can be used to force it to identify the beginning of a line.  $ Can be used to represent the end of a line.  Hopefully this will do: ((?i)subject:^\d{3,}$)         - A subject of 3 or more digits ((?i)subject:^ \d{3,}$)         - (Same, with a space in the beginning Stephen

Not catching anything at all. Will try to study the regex stuff some more. Thanks!

I have a couple of those in the QDB too, is it actually spam? is a product pushed? the mails in the DB look harmless.

A bit offtopic but:

You guys know what i think is a real problem: Spammers can read over your shoulders in this open forum! On top of that: they can set up a testbed with spamfilter ISP free version and try out all sorts of combinations to see if SF will pass it through..... Think about it. Suppose i would say: block any email with subjects that only have digits: next that would happen is that random characters are inserted.. we are allways one step behind.

This is because of the way email traffic works: it's scheme is: "allow anything, unless this and that", it would be better if it was "block all, but allow under certain conditions". (like a firewall) Unfortunately, this method cannot be used by ISP's, but it can for companies.

Since companies are an important target for spams maybe this approach should be implemented into SF somehow.

Something like a 'reverse bayesian filter', a filter that learns solely of good emails, and has the power to stop anything, unless it is recognised a beeing a 'good' mail.

The spam is harmless but its also a way to harvest email addresses, no rejection means a valid email address. Its costing me time by customers who don't get usually get spam calling me and asking me what this is. I had 5 phone calls and one from a customer who has 150 users and they were all getting them and bugging the admin who was ended up bugging me.

I agree that SF is successfull and as a result has become a target by the dark side.