Whitelisting (only allowing e-mail from known good addresses), can reduce your spam significantly, but it doesn't deal with viruses, and has a rather high rate of false positives (rejecting e-mail that you would have wanted to see ... like maybe that friend from highschool that you've lost track of, or your friend telling you he's been fired from his job and had to switch e-mail addresses)
The only advantage to acting on the e-mail addresses is that it (well, the envelope-sender, not necessarily what shows up in the 'from' header) is sent before the DATA command in SMTP, so you can reduce bandwidth used by rejecting early. (although, that only works for envelope-from and envelope-to ... and I'm guessing unless the system allows <> (the null e-mail address), you're not going to be losing messages about delivery failures.
There are a wide variety of methods for attempting to determine if it's UCE, but most of them tend to only get the obvious stuff, or tend to be over greedy, and block legitimate mail. I agree that some regexes suck, but it takes many, many layers to do it well. (if you're going to go the regex rules, you might start by looking at the procmail rules from panix. I'd also recommend looking at spam-l and spam tools.
I personally find that the best UCE indicator (ie, no false positives, except maybe on spam discussion lists) is when something is obfuscated (octal in IP addresses, HTML w/ hyperlinked urls that don't match the link, javascript to hide the content of the message, etc.)
In reply to Re^2: Spam filtering and regular expressions
by jhourcle
in thread Spam filtering and regular expressions
by Mr. Lee
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |