On Mon, 19 Nov 2018, Joseph Brennan wrote:
Example: Obvi=9Do=9Dusly yo=9Du=9D ca=9Dn can cha=9Dnge=9D i=9Dt
In windows-1256, the presence of =9D between characters under decimal-128
is suspicious, regardless of Bitcoin. It seems like a simple rule but even
rawbody does not check quoted-printable patterns. Plugin maybe? Has this
already been done and I've missed it?
It's there, but performing poorly:
https://ruleqa.spamassassin.org/20181119-r1846888-n/__UNICODE_OBFU_ZW/detail
This tactic seem to be limited right now, to a few (one?) spammer, who
is presently using it in their porn blackmail spam.
...probably for this reason.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Forces of tyranny expand inexorably to fill the space
made available for their existence. -- Jordan B. Peterson
-----------------------------------------------------------------------
599 days since the first commercial re-flight of an orbital booster (SpaceX)
