On Thu, 21 Mar 2019, Savvas Karagiannidis wrote:
What should be considered is the message's language. All messages that were
false positives had the following mime encoding (messages were actually in
greek):
Content-Type: text/[plain|html]; charset="windows-1253" or
Content-Type: text/[plain|html]; charset="iso-8859-7"
while all messages that were actual spam and were properly detected had:
Content-Type: text/[plain|html]; charset="utf-8"
It should be fairly easy to add an exclusion based on that information.
However, that information may well be leveraged by spammers who are using
that obfuscation...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
USMC Rules of Gunfighting #2: Anything worth shooting
is worth shooting twice. Ammo is cheap. Your life is expensive.
-----------------------------------------------------------------------
721 days since the first commercial re-flight of an orbital booster (SpaceX)