Today, MUCH sneaky spams are being sent with an attached zipped
malicious URL/shortcut file.
Most or all of these are easily caught by Thread-Index, as follows:
Thread-Index: AdBx5/5UsdSTxflQTPi+FyODmVaqhA==
Perhaps someone can make a rule for this and post it here?
I already set this in another non-SA part of my anti-spam system, but
the rule might help others here. There are also other attributes that
could become an SA rule that would cause a hit even if the Thread-Index
changed, but that will require a little bit more effort.
--
Rob McEwen
https://www.invaluement.com