https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5937
Summary: TVD_PH_SUBJ_ACCOUNTS_POST should include 'update' and
case for 'comfirm'
Product: Spamassassin
Version: 3.2.5
Platform: Other
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Rules
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
To whom it may concern,
There have been some spear phishing attacks with the subject "Update Your
Webmail Account" and the current regex for TVD_PH_SUBJ_ACCOUNTS_POST does not
pick it up.
I've also seen some spear phishing come through with the subject "Comfirm Your
Edu Webmail Account".
Perhaps this rule below.
header TVD_PH_SUBJ_ACCOUNTS_POST Subject =~
/\b(?:(?:re-?)?activat[a-z]*|secure|verify|restore|flagged|limited|unusual|update|report|notif(?:y|ication)|suspen(?:d|ded|sion)|co(?:n|m)firm[a-z]*)
(?:[a-z_,-]+ )*?accounts?\b/i
Thanks,
Arwin
--
Configure bugmail:
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
