procmailrules to filter out identifyable spam

I use a number of different rules to identify spam and store it safely in a mail folder for later inspection.

If you want to use procmail (on a Unix system) have a long and deep look at the manpages. It's not to easy to master, but once you get the hang of it, it's very powerfull.

Simple header rules :

A number of header things really identify spam very easily. These are sure signs of mail generated by spamming tools :
:0
* ^X-Advertisement:
spam

:0
* ^X-Advertisment:
spam

:0
* ^Message-ID: <>
spam

:0
* ^Received: from --- unknown host ---
spam

:0
* ^X-Mailer: RM-Super
* REMOVELIST:
spam
The next ones are a bit trickyer. They work by the idea that I don't have an account on sites used in the To: line of a lot of spam. But I did have to revise this as I sometimes recieve mail also aimed at an account there.
:0
* ^To:.*@(mail-response|msn|aol|public|hotmail|webavenues|netcom|ix.netcom)\.com
* !^(To|Cc):.*(koos|kh)@
spam

:0
* ^To:.*@(mts|usa)\.net
* !^(To|Cc):.*(koos|kh)@
spam
Including ofcourse the by now famous 'friend@public.com'. I pity whoever registered public.com. The check for mail not to 'koos@' is to make sure it's not by accident mail for a number of people including an account on one of those sites *and* me. That's valid mail.

The next set is 'famous spam relays'. The choice of addresses is purely from my own experience.

:0
* ^Received: from .*(mail.mymail.net|tsf-industries|spamrelay|flash.net|freemanchester.com|ultramax.net)
spam
I could filter on keywords in the body, but I chose not to because of performance issues on our mailserver.