On 18 Dec 2019, at 8:35, AJ Weber wrote:
The 'B' characters have been overlaid with a clearly visible slash,
which isn't very clever in a phishing email.
Interesting, Thunderbird does not show any visible slash. Just
"BB&T" - though the font looks different.
The "=CC=B7" sequence in the
The following header is the FROM in the message envelope.
From: =?utf-8?Q?B=CC=B7B=CC=B7&T?=
I'm not sure what you mean by disguise, and what you expect should have
been done.
I suppose you're right. I wonder if there's a rule I could develop that
goes like, [if the descriptive From is
On Tue, 17 Dec 2019 16:15:37 -0500
AJ Weber wrote:
> Just looking at a phishing email I received and at first glance I
> wasn't sure how SA (or more-specifically my SA install/configuration)
> didn't score this as spam.
>
> Looks like I have a whitelist setup for alerts from comcast (probably
> a
Just looking at a phishing email I received and at first glance I wasn't
sure how SA (or more-specifically my SA install/configuration) didn't
score this as spam.
Looks like I have a whitelist setup for alerts from comcast (probably a
bad idea, but let's address that separately).
The followi
