Jump to content

Analyze held mail by address?


Recommended Posts

I use the SpamCop email system both for receiving mail sent to my spamcop.net address and for reading, filtering, and forwarding email in a POP3 mailbox at another domain. Is there any way to find out how much of my held mail (i.e., spam) is being received at the spamcop.net address as differentiated from email POP'ed from my other domain addresses? If the amount of spam received at spamcop.net is the overwhelming majority, I would consider changing my SpamCop address to reduce volume.

I have a catch-all mailbox in my domain. I'd love to be able to analyze the spam that arrives there to get a list of addresses it is being sent to. I'd like to distinguish between legitimate addresses that are being spammed vs. dictionary attacks. Any ideas on how I might do that?

Thanks for any suggestions.

Guy

Edited by Seeker
Link to comment
Share on other sites

I have a catch-all mailbox in my domain. I'd love to be able to analyze the spam that arrives there to get a list of addresses it is being sent to. I'd like to distinguish between legitimate addresses that are being spammed vs. dictionary attacks. Any ideas on how I might do that?

I would look in the headers of the mail coming from your domain catch-all then use webmail (or oru favorite client) to search on something found there. That would tell you what came through that gateway. All mail will have the spamcop fingerprints, however.

I've used that method from time to time to see how effective the various blocklists have been and more importantly for setting my SpamAssassin settings.

Link to comment
Share on other sites

I use the SpamCop email system both for receiving mail sent to my spamcop.net address and for reading, filtering, and forwarding email in a POP3 mailbox at another domain. Is there any way to find out how much of my held mail (i.e., spam) is being received at the spamcop.net address as differentiated from email POP'ed from my other domain addresses?

As noted elsethread using the SpamCop webmail's filter facility does some of what you want.

The Search facility, searching Trash and/or Held will also work

Thus To: does not contain 'spamcop.net' AND CC: does not contain 'spamcop.net' and To: does not contain 'personal.tv' AND CC: does not contain 'personal.tv'

will find how many emails were sent using bcc: and thus require more work.

and the obvious changes will tell you how many were sent with legitimate rather than dictionary addresses.(you will have to list them all).

To: contains 'sales[at]personal.tv" OR CC: contains 'sales[at]personal.tv" OR To: contains 'postmaster[at]personal.tv" OR CC: contains 'postmaster[at]personal.tv"

Note searches can be saved.

HTH

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...