On 12/06/2017 08:02 AM, Benny Pedersen wrote:
David Jones skrev den 2017-12-06 14:54:
Interesting new From: header tactic:
https://pastebin.com/9BhD8m9C
I have reported this to SpamcCop and Google's abuse.
if thay ever listing
untested:
header __FROM_ILLEGAL_CHARS From:name =~ /[\@?|:?]?/i
could test it imho
I see plenty of legit email with an email address in the From:name so
that would need to be a very low score or combined with other rules in a
meta.
I was pointing out the "cc:" in the From:name to try to hide the
sender's email address at first glance.
--
David Jones
