On Sat, 26 Jan 2019, Mark London wrote:
Does anyone have any rules that can catch this type of obfuscated spam?
https://pastebin.com/qi8dsREW
There's some "invisible font" subrules in my sandbox that this hits
(__STY_INVIS_MANY, __FONT_INVIS_MANY) but scored versions aren't currently
exposed. I think when I was testing them I was amazed by the poor S/O -
why would legitimate emails include invisible text?
It may be that there is something they can be combined with to catch this.
I'll take a look at the masscheck results soon and see if anything
suggests itself.
If they do well against your Bayes but that's not sufficient to block
them, you could define local booster metas like:
meta LCL_SPAM_BOOST_123 BAYES_99 && __STY_INVIS_MANY
meta LCL_SPAM_BOOST_124 BAYES_99 && __FONT_INVIS_MANY
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Tomorrow: the 52nd anniversary of the loss of Apollo 1
