I’m seriously thinking about doing the same (block all emails that contain a
bitcoin address). I’ve had good luck with my custom rule that also tests for
Unicode obfuscation:
body __BTC1 /\b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b/
body __BTC2 /\b\W*b\W*i\W*t\W*c\W*o\W*i\W*n\W*\b/i
body __BTC3 /\b\W*b\W*t\W*c\W*\b/i
body __BTC4 /bt[c\x{0441}]/i
body __BTC5 /b[i\x{0456}]t[c\x{0441}][o\x{043E}][i\x{0456}]n/i
meta LOCAL_BITCOIN ( __BTC1 && ( __BTC2 || __BTC3 || __BTC4 || __BTC5 ) )
score LOCAL_BITCOIN 10.0
From: Mark London <[email protected]>
Date: Tuesday, December 18, 2018 at 1:51 PM
To: "[email protected]" <[email protected]>
Subject: Re: BITCOIN_PAY_ME and new type of blackmail, non porn.
However, I think the BITCOIN_PAY_ME rule need a bit of fine tuning, to catch
other emails. Like the one below, which escaped triggering the rule. A
constant battle between spam rules, and bad English grammar.
Maybe I should say the hell with it, and simply block any email sent to me,
with a bitcoin address in it. :) - Mark
