> Just to verify: do email headers *properly* define that this part of email is
> "text/html" MIME type, and that it uses quoted-printable encoding?
Yes:
_NmP-f79e46939889b5eb-Part_1
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
(I attached the gzipped
This piece of HTML triggers my rules, it shouldn't:
Mobile: 01250 873989 https://www.jbcorrie.co.uk";>https://jbcorrie.co.uk/wp-content/uploads/2022/11/JB-Corrie-and-Co-Ltd-=
Signal-Box-Road-Blaigowrie-Perthshire-PH10-6ER-01250-873989.jpg" width=3D"7=
Mar 7 02:37:14.474 [162580] dbg: uri: r
I guess I'll have to blacklist some URI domains, but if anybody
finds a btter idea, I'll take it.
Note the GDPR pseudo legal text. This is utter BS of course, as
this was not sent to a professional address.
Ce message vous a été envoyé par DATAVENTURE GROUP dans le cadre de nos
activités de prosp
On Wed, 5 Mar 2025 15:18:43 +0100
Tom Hendrikx wrote:
> Interesting to see all the variants and diacritics used. Maybe we can
> improve some rules based on the variants. I never received anything
> like this, so sharing for the people interested.
I received some spams like this, a couple of yea
On Sat, 22 Feb 2025 12:31:37 -0500
"Kevin A. McGrail" wrote:
> You might want to look at the KAM ruleset
Interesting. KAM_REPLACE and KAM_OBFURL I suppose?
> and look at the ZW rules as well. -KAM
Where is it? I found a couple of blog articles on zero width characters
used for obfuscation, b
I received this phishing spam yesterday. That was not the first of
this kind. (attached, w/o the image)
I thought about this and wrote this uri-bad-unicode.cf Insert it
in your local.cf or in /etc/spammassin, adjust the scores and restart
spamd. Comments welcome.
I am pretty sure there are more
