I received this phishing spam yesterday. That was not the first of this kind. (attached, w/o the image)
I thought about this and wrote this uri-bad-unicode.cf Insert it in your local.cf or in /etc/spammassin, adjust the scores and restart spamd. Comments welcome. I am pretty sure there are more nasty Unicode characters. Also we should make sure that Unicode is properly normalized. See RFC 8264 and Unicode::Precis::Preparation on CPAN.
badURIspam.eml.gz
Description: application/gzip
uri-bad-unicode.cf
Description: Binary data
