The base64 evaluates to an image, which is an image of text. The "text" in the image is not identical in every mail, as it contains personally identifying information about your ID, password, and so on. The bitcoin address will also likely be different (because it is not just one scammer).
In general, it's too much to expect that the base64 string in one scam mail will at all resemble the string in another, even if the images are very similar. > On Apr 10, 2019, at 3:53 PM, Jean-Christophe Helary <[email protected]> > wrote: > > I have the spam filter on and to reduce the chance that I miss important > mails, I've created a delete rules list that removes all the obvious things. > > Now I keep receiving those "I'm sending this mail from your account" crap and > I tried to put that string on the delete list but that didn't work. After > checking the mail source I found that the body was base 64 encoded. > > So I decoded the thing, found the string location, recoded the thing, found > the base64 corresponding string, put that in the delete list and... that did > not work. > > Is there anything I'm thinking wrong ? > > > Jean-Christophe Helary > ----------------------------------------------- > http://mac4translators.blogspot.com @brandelune > > > _______________________________________________ > MacOSX-talk mailing list > [email protected] > http://www.omnigroup.com/mailman/listinfo/macosx-talk _______________________________________________ MacOSX-talk mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-talk
