User level filtering regex advice requested

[fjpoblam]

I have a user level filter which includes this item I found online. Items (in the filter) whose qualifications match, result in direction of an email to my Trash folder. This particular filter isn't perfect but it catches lots of abusive TLDs. It is "From matches regex"

 

.\.(click|download|faith|link|racing|webcam)\b

 

I have a few instances of this sort, containing lists of such abusive TLDs. Instead of applying frequent updates to such lists, it occurred to me I might be be better off with a regex matching certain *acceptable* TLDs, which is to say, "From matches regex" and "not these" (as it were). Is that possible, in a somewhat terse manner?

[AMC4x4]

Sorry to not be directly answering the question, but I started down this road and it ended up being pretty ineffective since I was always adjusting the TLD list. I got pretty exasperated and decided to investigate doing this another way. I looked up example user_prefs files to use for spamassassin and they are working fantastic. I would say 99.5% of my spam is being routed correctly to the SPAM folder and I'm getting no false positives. There is a very good writeup here in the forum, but it's a little more complicated/wordy than I think it probably needs to be. If you enable SpamAssassin, you can have it make a spam folder (automatically) and once you configure your user_prefs file in the cpanel file manager (start by cutting and pasting from suggestions online), you can check the score and reason of things that are delivered there. Adjust the value of the line that's triggering (or not triggering) and keep testing. Eventually you'll get it.

For me, I found out that most spammers don't use a server that provides reverse DNS, so setting RDNS_NONE to a high value worked for me, along with some other tweaks. You can also bump up the scores of things like RCVD_IN_SBL and the other spam houses. Others were DATE_IN_FUTURE_06_12 and DATE_IN_FUTURE_24_48. I bumped the scores for those up as well. Like I said, after you see what gets sorted into SPAM and what doesn't, you can make more tweaks.

Hope it helps, and again, sorry for not answering your original question.

[fjpoblam]

Thanks, AMC4x4. I, too, had seen the online writeup here and found it...er...beyond my skillset. I did, however, find a list in an article of the "most abused" TLDs and have stuck with an approach similar to the list in my original question. My list actually consists of a bunch of TLDs, a few items, ORed in a user-level filter.

 

It seems to be working amazingly well. Before that filter I have a separate user-level filter of "safe" "From contains..." --> Deliver to Inbox --> Stop processing rules.

 

Then after that filter I have yet another [which unfortunately I keep updating time to time] for "the ones that got away".

 

Tedious, but at least I'm down now to just a few spams per day. I would warn everyone of THIS, by the way. The US government is not your friend insofar as competence is concerned. Why? Within three days after signing up for Social Security (and its website) I began to be inundated with untold amounts of spam relating to cures, aids, financial advice, vacation offers, memory improvement, free cremation, hearing aids, dating sites, insurance, education, and all manner of other crap for people of Social Security age. FWIW I do NOT use Google or Bing or Yahoo or Facebook or Twitter. All of which I purged myself long ago from lack of interest or pursuit of privacy.