On 21/3/2019 18:23, John Hardin wrote:
On Thu, 21 Mar 2019, Savvas Karagiannidis wrote:
What should be considered is the message's language. All messages
that were false positives had the following mime encoding (messages
were actually in greek):
Content-Type: text/[plain|html]; charset="windows-1253" or
Content-Type: text/[plain|html]; charset="iso-8859-7"
while all messages that were actual spam and were properly detected had:
Content-Type: text/[plain|html]; charset="utf-8"
It should be fairly easy to add an exclusion based on that
information. However, that information may well be leveraged by
spammers who are using that obfuscation...
I think the same applies to the rule itself altogether and any other
rule. As long as the rule is out there, any spammer can incorporate a
means to avoid it. I guess the selection of "e" as a character is also
pretty random and avoiding that and applying the same technique to other
characters (I've already seen it happening) not detected by this rule
should be no problem for spammers...
--
Savvas Karagiannidis
