I think you're oversimplifying the problem.
The To: or Cc: fields are really just a formality as far as mail delivery is
concerned. Plenty of legitimate mail is delivered via Bcc or listservs
that do not use those fields.
Regardless of the spam features of a mail product, plenty of spam
will still get through. Once you understand the dynamics and reality
of the spammer's modus operandi, you will soon realize all those
features and time you spend diddling with them really don't stop
the spam. At best, they can only partially minimize it.
The real question is what are you doing about it besides ranting
on a product support newsgroup?
>>>I've just started receiving some spam on my office id (which means
>>>someone has been trawling the BODY of newsgroup articles, sadly).
>>>I'm presumably on the BCC. As spams are often addressed like this, is
>>>there any way I can configure Exchange 5.5 to bounce this sort of thing?
>>You can use the "TurfTable" registry to eliminate the delivery of
>>messages *from* e-mail users or domains. Check the Exchange 5.5
>>Release Notes. Messages will simply not be delivered to your local
>>users if they match the addresses in this registry value. They won't
>Thanks. I'll read the notes (if I can - if they're HTML they'll probably
>crash my browser :-(
>>At the client you can delete messages that aren't addressed explicitly
>>to you and that don't match any other rules (like the "From:" address
>>being a mailing list you've subscribed to).
>I'm running Exchange Client (not Outlook) and the rules don't appear
>that powerful. What p***es me off too is that the objected-to sender or
>recipient has to be in my address book!
>What I want to do is like my mail/newsreader at home. I can run a
>regular expression over the header and my main spamtrap simply says
>If sender is recognised then accept.
>If can't find my domain in "To:" or "CC:" then reject.
>That gets rid of all bcc'd spam.
>If I wanted to I could add further rules like:
>sender is 8 digits at aol.com
>sender is all digits at compuserve.com
> etc etc (they're typical illegal addresses faked by spammers)
>and best of all they're configured at server level so my client doesn't
>get cluttered. And at work, as an admin, I could bounce spam addressed
>to other people.
>And while I doubt most spammers bother, it's nice to generate NDR's so
>if you actually have a "reasonable spammer" they can clean their list of
>"known duff addresses" :-). My mail client can generate fake NDRs :-)
>and the satisfaction it gives me (even if it doesn't achieve anything)
>is well worth the effort!
>Anthony W. Youngman - wol at thewolery dot demon dot co dot uk
>Trousers with a single hole in their waistband are topologically equivalent
>to a doughnut. These sugarcoated trousers have yet to catch on at fast-food
>outlets! (SuperStrings by F. David Peat)
>If replying by e-mail please mail wol. Anything else may get missed amongst