I've been getting occasional spam recently that follows a common
pattern in the From: header. Below is the full header section of
one of these emails, as an example:
----------------------------------------------------------------------
>From MAILER-DAEMON Tue Feb 1 10:20:50 2022
Return-Path: <>
X-Original-To: c...@aaaaa.org
Delivered-To: c...@aaaaa.org
Received: from jybaudot.fr (unknown [109.237.96.99])
by miplet.aaaaa.org (Postfix) with ESMTP id 22D803FDB9
for <c...@aaaaa.org>; Tue, 1 Feb 2022 10:20:50 -0500 (EST)
MIME-Version: 1.0
From: "WeTeachSex" <support_id:8234...@fmkssuvrxj.com>
Subject: =>> The #1 secret to squirting <<==
To: c...@aaaaa.org
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset=UTF-8
Date: Tue, 01 Feb 2022 16:06:21 +0100
----------------------------------------------------------------------
One feature they all share is that "support_id:" prefix in the fake
email address. I thought it should be easy to find them all with
~fsupport_id ... but that consistently finds nothing, even when that
message is right there in my inbox.
I tried both l~f'support_id' and /~f'support_id' and in both cases
it found nothing. Limit gave me a blank mailbox, and / search said
"not found".
(I also tried /~fMAILER in case it would match on the envelope sender
line, but that did not find this message either)
Anyone know what might be happening here?
-- cos
