The first thing to do is protect your good bounce messages, ones from your ISP in response to mail you have sent that has failed to be delivered. Send a message from your account to a non-deliverable address, something like "ifgifgrifghaepgrihfeqrghgrhe@cox.net" and look at the message you get back from your ISP. Mine had this as the from address which so far has proved adequate to filter on:
Code: Select all
Mail Administrator <Postmaster@cox.net>
Put that in a filter rule and set the filter to Good and "Never mark for delete" if you have more ISPs add a similar line for each and set the filter to "Any" mode.
Now you can go looking for messages from other places that aren't legitimate. Create a filter and set it to Spam and the Any mode. You can start with these rules and add more if you find messages that the filter is not catching:
Bounce detection:
Code: Select all
Header Contains: Delivery status notification
Header Contains: Return-Path: <>
Header Contains: Return-Path: <mailer.daemon@
Header Contains: Delivery reports about your email
Header Contains: failure delivery
Header Contains: failure notice
Header Contains: Mail delivery failed
Header Contains: Undelivered Mail Returned to Sender
Header Contains: Returned mail
Header Contains: address rejected
Header Contains: Delivery Notification
Header Contains: Delivery Failure
Code: Select all
Body Contains: Unverified email to
Body Contains: complete this verification
Body Contains: is being held because the address
Body Contains: Active Spam Killer
Body Contains: Reflexion Total Control
Body Contains: Message you sent blocked
Code: Select all
Subject Contains: out of office
Body Contains: out of the office
Subject Contains: out of the office
Header Contains: autoresponder