John & Kevin - Thanks for the rules! This tactic was used in a porn
blackmail spam. Considering that we are currently are receiving a
large amount of those types of spams, it might be possible that this
tactic might catch on. Or not! We'll see. - Mark
On 11/17/2018 8:23 AM, users-digest-h...@spamassassin.apache.org wrote:
To:
John Hardin <jhar...@impsec.org>
CC:
SA Mailing list <users@spamassassin.apache.org>
Yeah, there is a SCC SHORT WORDS rule and a KAM_ZWNJ in KAM.cf.
Please let me know if those help.
--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171
On Fri, Nov 16, 2018 at 7:37 PM John Hardin <jhar...@impsec.org
<mailto:jhar...@impsec.org>> wrote:
On Fri, 16 Nov 2018, Mark London wrote:
> I just received a spam email with the 9D character placed inside
of words,
> that prevented my custom BODY rules from being hit. I.e.:
>
> Obvi=9Do=9Dusly yo=9Du=9D ca=9Dn can cha=9Dnge=9D i=9Dt, o=9Dr
a=9Dlready
> change=9Dd it.
>
> Is there a way to define BODY rules, so that they will be
triggered?
> Thanks.
No, that would be way too much work; take a look at
__UNICODE_OBFU_ZW in
my sandbox. It isn't performing well in masschecks so I expect
this tactic
isn't widespread (yet?)
I suppose I should expose it as scored in case it becomes popular...
