The new rule "From:name domain mismatches From:addr domain" catches the given spample.
Sent from ProtonMail Mobile On Wed, Oct 25, 2017 at 6:00 PM, Alex <mysqlstud...@gmail.com> wrote: > On Tue, Oct 24, 2017 at 2:49 PM, David Jones wrote: > On 10/24/2017 01:32 PM, > Alex wrote: >> >> Hi all, I'm wondering if someone has some ideas to handle > bank fraud >> phishing emails, and in particular this one: >> >> > https://pastebin.com/wxFtKK16 >> >> It doesn't hit bayes99 because we haven't > seen one before, and txrep >> subtracts points. It also doesn't hit any > blacklists. >> >> Ideas for blocking these, and more general advice for > blocking banking >> fraud/phish attacks would be appreciated. >> > > > Zero-hour phishing emails from Office 365 are going to be tough to block. > > About all you can do is add a blacklist_from *@mybenefitswallet.com entry > > and report it to SpamCop and ph...@office365.microsoft.com. Is the only way > to submit to spamcop to use their custom email address assigned to the > account, or is there some command-line way to do it? We're still seeing tons > of those "payment enclosed" emails with the short body and compromised URLs > that automatically download a docx. I'd like to report the spam, but really > would like to see the URLs blacklisted, and at the time I receive them, they > are not. Ideally I'd like something where I can pass an email as a filename > as an argument to a shell script. If submitting to spamcop by email is the > only way, what is the format? As an attachment? In-line? Does anyone have a > command-line shell script that can be used to send this email? @ena.com>