I use the SpamCop email system both for receiving mail sent to my spamcop.net address and for reading, filtering, and forwarding email in a POP3 mailbox at another domain. Is there any way to find out how much of my held mail (i.e., spam) is being received at the spamcop.net address as differentiated from email POP'ed from my other domain addresses? If the amount of spam received at spamcop.net is the overwhelming majority, I would consider changing my SpamCop address to reduce volume.
I have a catch-all mailbox in my domain. I'd love to be able to analyze the spam that arrives there to get a list of addresses it is being sent to. I'd like to distinguish between legitimate addresses that are being spammed vs. dictionary attacks. Any ideas on how I might do that?
Thanks for any suggestions.
Guy
Full Version: Analyze held mail by address?
QUOTE(Seeker @ Oct 9 2008, 12:46 PM) 
I have a catch-all mailbox in my domain. I'd love to be able to analyze the spam that arrives there to get a list of addresses it is being sent to. I'd like to distinguish between legitimate addresses that are being spammed vs. dictionary attacks. Any ideas on how I might do that?
I would look in the headers of the mail coming from your domain catch-all then use webmail (or oru favorite client) to search on something found there. That would tell you what came through that gateway. All mail will have the spamcop fingerprints, however.
I've used that method from time to time to see how effective the various blocklists have been and more importantly for setting my SpamAssassin settings.
Perhaps you could create one or more filters to apply to your Held mail folder in the webmail interface. You could have it move the messages sent to other domains to other folders, for example.
DT
DT
QUOTE(Seeker @ Oct 9 2008, 04:46 PM)
I use the SpamCop email system both for receiving mail sent to my spamcop.net address and for reading, filtering, and forwarding email in a POP3 mailbox at another domain. Is there any way to find out how much of my held mail (i.e., spam) is being received at the spamcop.net address as differentiated from email POP'ed from my other domain addresses?
As noted elsethread using the SpamCop webmail's filter facility does some of what you want.
The Search facility, searching Trash and/or Held will also work
Thus To: does not contain 'spamcop.net' AND CC: does not contain 'spamcop.net' and To: does not contain 'personal.tv' AND CC: does not contain 'personal.tv'
will find how many emails were sent using bcc: and thus require more work.
and the obvious changes will tell you how many were sent with legitimate rather than dictionary addresses.(you will have to list them all).
To: contains 'sales[at]personal.tv" OR CC: contains 'sales[at]personal.tv" OR To: contains 'postmaster[at]personal.tv" OR CC: contains 'postmaster[at]personal.tv"
Note searches can be saved.
HTH
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.