Thanks DoN very informative. I'll try it.
"DoN. Nichols" wrote in message
...
On 2007-11-30, Stuart & Kathryn Fields wrote:
What is it about this news group that attracts the nuts and spammers?

I think that the spamers are targeting many of the rec.crafts.*
newsgroups, not just this one. But this is the only one which I follow,
so I can't be sure.


I've
been accumulating blocked senders to eliminate the penis and tennis shoe
ads
as well as the become a millionaire ads and my blocked sender list has
about
150 entries. For some reason, rec.crafts.metalworking seems to attract
more crap than other NGs that I monitor.

You can make the list much smaller and more efficient by
blocking on the "NNTP-Posting-Host: " header entry, instead of the
"From: " header. Note that the shoe ads all come from China, and mostly
from a single Class-B range. Many others come from India, and the
make-money-fast type spams are coming from Mexico at present.

So, instead of doing something like:

59.94.105.210

(an actual example from previous spam from India), you first do a
whois on the IP address, and get back a range of addresses:

59.88.0.0 - 59.99.255.255

Then you block using wildcards.

59.94.*.*

will get all of that Class-B range. You would have to do eleven of them
to get rid of all from that block in India -- unless your newsreader is
capable of handling one of the other formats for specifying a range of
IPs, such as:

it breaks down to two entries in "netmask" format:

59.88.0.0/255.248.0.0
59.96.0.0/255.252.0.0

or -- two entries in CIDR format:

59.88.0.0/13
59.96.0.0/14

Oh yes -- the pro-Islam spam all seems to come from Saudi Arabia.

So -- observe where things are coming from, and if they are from
somewhere where you don't expect any valid participants in this
newsgroup, block by the range.

Also -- if your newsreader's killfile feature can block on
content, look for URLs frequently used -- such as anything ending in
".cn" after the "//" and before the first single "/". Anything blocking
on content instead of headers is likely to be much more expensive, since
every article has to be downloaded several times -- once each to test
against all of the content entries, and a final time for actually
reading it (assuming that you don't block it.)

Even blocking on the "Subject: " header can be made more
efficient by blocking on one or two things unlikely to be showing up in
valid subject headers, but common in the spam, such as "nike" or
"prada". Use wildcards as necessary.

Good Luck,
DoN.

--
Email: | Voice (all times): (703) 938-4564
(too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
--- Black Holes are where God is dividing by zero ---