Hostname Patterns

These ksh patterns are used to identify domain names that the host owners probably do not have control over. There were developed iteratively by observing the names of hosts that sent spam and which were not already matched by any patterns.

Domain name begins with a sequence of 3 segments, where each segment consists of a decimal number optionally preceded by an alpha piece and optionally separated from that piece by “-” or “_”, and the segments are separated from each other by “-”, “_”, or “.”:

Leftmost component contains 4 or more decimal digits:

Leftmost component contains 3 decimal numbers separated from each other by non-decimal-digit segments:

Domain name contains a component exactly matching one of these names, which is neither the leftmost nor either of the two rightmost components:

Domain name begins with any of these strings:

Leftmost component of domain name contains any of these strings:

Leftmost component consists of “pc” or “ip” followed by decimal digits, optionally separated by a “-”:

Leftmost component contains 3 or more dashes:

Leftmost component consists entirely of decimal digits:

Domain name contains “dhcp” anywhere in it:

Other tests include:

Back to Spamware Impatience