On Wed, Dec 04, 2019 at 08:59:42AM +0100, Benny Pedersen wrote:
> On 2019-12-03 20:15, RW wrote:
> > On Tue, 3 Dec 2019 14:05:10 -0500
> > Mark London wrote:
> >
> >> It seems to me that the rule for detecting a BITCOIN in an email, is
> >> incorrect. See below:
> >>
> >> body __BITCOIN_ID /\b(?<!=)[13](?:\s?[a-km-zA-HJ-NP-Z1-9]){25,34}\b/
> >>
> >> Why is there a \s in this rule? I didn't think that a BITCOIN id
> >> has a space.
> >
> > It doesn't, but spammers have started splitting them up to evade
> > detections.
>
> if clients begin to pay to splitted btc it works :=)
>
> i noted every btc spam have uniq btc address, so maybe its not mean for
> payment but only hidded tracking
unfortunately it is meant for payment, here a spample:
https://pastebin.com/uBzPeXcXGiovanni
signature.asc
Description: PGP signature
