On 11/19/2018 10:35 AM, users-digest-h...@spamassassin.apache.org wrote:
I ran it as-is, and it scored poorly.
After I manually de-borked the headers, and retested, it hit SA's
"OBFU_BITCOIN" and my own anti-bitcoin/sextortion & hi-Ascii-count tests.
OBFU_BITCOIN was hit because the =9D character was not inserted in the
bitcoin string itself, and rules like __BTC_OBFU_2 were hite, because
they are designed to look for obfuscated forms of BTC.
So, any rules that taken into account obfuscated words, solves the
problem of inserted 9D characters.
This tactic seem to be limited right now, to a few (one?) spammer, who
is presently using it in their porn blackmail spam.
- Mark
