On 26 Jan 2019, at 23:43, Mark London wrote:
Does anyone have any rules that can catch this type of obfuscated
spam?
https://pastebin.com/qi8dsREW
Thanks. - Mark
I've been playing with a suite of rules around a concept that hits this
example for a while, but haven't gotten around to doing
On 27 Jan 2019, at 0:46, John Hardin wrote:
why would legitimate emails include invisible text?
Probably the same reason legitimate emails for an almost exclusively US
audience (from "America's Text Kitchen") contain "Zero Width
Non-Joiners" both in plain text parts as UTF-8 characters and
On Sat, 26 Jan 2019, John Hardin wrote:
On Sat, 26 Jan 2019, Mark London wrote:
Does anyone have any rules that can catch this type of obfuscated spam?
https://pastebin.com/qi8dsREW
There's some "invisible font" subrules in my sandbox that this hits
(__STY_INVIS_MANY, __FONT_INVIS_MANY)
PLEASE UNSUBSCRIBE ME TO THESE EMAILS! I NEVER SIGNED UP FOR THIS AND I DONT
UNDERSTAND ANY OF THIS! PLEASE!
> On Jan 26, 2019, at 9:55 PM, Rupert Gallagher wrote:
>
> I would focus on the headers: they have plenty for a spam flag. On the body,
> SA should already mark the text/code ratio,
I would focus on the headers: they have plenty for a spam flag. On the body, SA
should already mark the text/code ratio, and the number of links.
On Sun, Jan 27, 2019 at 05:43, Mark London wrote:
> Does anyone have any rules that can catch this type of obfuscated spam?
>
>
On Sat, 26 Jan 2019, Mark London wrote:
Does anyone have any rules that can catch this type of obfuscated spam?
https://pastebin.com/qi8dsREW
There's some "invisible font" subrules in my sandbox that this hits
(__STY_INVIS_MANY, __FONT_INVIS_MANY) but scored versions aren't currently
Does anyone have any rules that can catch this type of obfuscated spam?
https://pastebin.com/qi8dsREW
Thanks. - Mark
Sorry, I cut off the full URL. It should have been:
https://pastebin.com/5ASMFahi
On 12/12/2018 12:16 PM, Mark London wrote:
On 12/12/2018 8:01 AM, users-digest-h...@spamassassin.apache.org wrote:
On 10 Dec 2018, at 14:13, RW wrote:
On Mon, 10 Dec 2018 12:45:53 -0500
Mark London wrote:
On Wed, 12 Dec 2018, Mark London wrote:
Sorry, try this one, which was sent a day later, which is readable.
https://pastebin.com/edit/5ASMFah
I just put it through the latest spamasssassin rules. I see that it's
hitting some of the new rules:
On 12/12/2018 8:01 AM, users-digest-h...@spamassassin.apache.org wrote:
On 10 Dec 2018, at 14:13, RW wrote:
On Mon, 10 Dec 2018 12:45:53 -0500
Mark London wrote:
Hi - Here's another form of obfuscation spam. This time, not a porn
blackmail one. Almost the whole text is obfuscated.
On 11 Dec 2018, at 7:52, RW wrote:
On Mon, 10 Dec 2018 16:02:33 -0500
Bill Cole wrote:
On 10 Dec 2018, at 14:13, RW wrote:
On Mon, 10 Dec 2018 12:45:53 -0500
Mark London wrote:
Hi - Here's another form of obfuscation spam. This time, not a
porn blackmail one. Almost the whole text is
On Mon, 10 Dec 2018 16:02:33 -0500
Bill Cole wrote:
> On 10 Dec 2018, at 14:13, RW wrote:
>
> > On Mon, 10 Dec 2018 12:45:53 -0500
> > Mark London wrote:
> >
> >> Hi - Here's another form of obfuscation spam. This time, not a
> >> porn blackmail one. Almost the whole text is obfuscated.
>
On 10 Dec 2018, at 14:13, RW wrote:
On Mon, 10 Dec 2018 12:45:53 -0500
Mark London wrote:
Hi - Here's another form of obfuscation spam. This time, not a porn
blackmail one. Almost the whole text is obfuscated.
https://pastebin.com/VURwmrrF
You say obfuscated, but it looked completely
On Mon, 10 Dec 2018, Mark London wrote:
Hi - Here's another form of obfuscation spam. This time, not a porn
blackmail one. Almost the whole text is obfuscated.
https://pastebin.com/VURwmrrF
__UNICODE_OBFU_ASC hits that pretty well, but the FP avoidance for the
scored version was a bit
On Mon, 10 Dec 2018 12:45:53 -0500
Mark London wrote:
> Hi - Here's another form of obfuscation spam. This time, not a porn
> blackmail one. Almost the whole text is obfuscated.
>
> https://pastebin.com/VURwmrrF
>
You say obfuscated, but it looked completely unreadable to me.
Hi - Here's another form of obfuscation spam. This time, not a porn
blackmail one. Almost the whole text is obfuscated.
https://pastebin.com/VURwmrrF
I had a high score assigned to the rule HTML_OBFUSCATE_90_100, which is
why the message got a high spam rating. By default though, that
16 matches
Mail list logo