I just received this crap from ceneo.pl. Interesting is that in the header (or just below it?) there is a large (2154 lines) base64 encoded block which if you decoded it, is a full html 1261 line html page starting with <!doctype html> and ending with </html> Boldly enough they even include a google tracking link within this html
<img src='https://ssl.google-analytics.com/collect?v=1&tid=UA-51159636-11&cid=039927d7-b027-40f0-b1e9-xxxxxx&t=event&ec=TrustedReview&ea=Shop%20ID:%2024715&el=open' style="display: none"/> I can't view the raw source of this message (using crappy outlook) But I have the impression this base64 html is not exactly the same as the message I am seeing in outlook using converted to plain text viewing. Afaik you use mime mime headers to separate txt and html version of the email. I was wondering if this is a new trick to bypass spam detection, and if spamassassin decodes these blocks. Reply-To: opi...@ceneo.pl Date: 24 Jan 2025 08:09:01 +0100 Subject: =?utf-8?B?8J+SqiBNYXN6IGplc3pjemUgc3phbnPEmSAtIHBhbGVjemth?= =?utf-8?B?bWkucGwgY3pla2Eg8J+VkCBuYSBUd29qxIUgb3BpbmnEmSE=?= Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: base64 Received-SPF: pass (193.203.222.34 is listed to deliver ceneo.pl) X-Verification-Result: dkim=pass; i...@ceneo.pl paleczkami...@ceneo.pl X-Spam-Status: No, score=0.3 required=3.0 tests=HTML_FONT_LOW_CONTRAST, HTML_IMAGE_RATIO_06,HTML_MESSAGE,MIME_HTML_ONLY,MISSING_MID, T_DATE_IN_FUTURE_96_Q,T_REMOTE_IMAGE,T_SCC_BODY_TEXT_LINE autolearn=disabled version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on 89d96068-ddf8-47bc-a33a-3ad5b65bfb7d DQo8IWRvY3R5cGUgaHRtbD4NCjxodG1sIGxhbmc9InBsIiB4bWw6bGFuZz0icGwiIHht bG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIiB4bWxuczp2PSJ1cm46c2No ZW1hcy1taWNyb3NvZnQtY29tOnZtbCIgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9z b2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIj4NCg0KPGhlYWQ+DQogICAgPHRpdGxlPg0KICAg IDwvdGl0bGU+DQogICAgPCEtLVtpZiAhbXNvXT48IS0tIC0tPg0KICAgIDxtZXRhIGh0 dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIgY29udGVudD0iSUU9ZWRnZSI+DQogICAg PCEtLTwhW2VuZGlmXS0tPg0KICAgIDxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlw ZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PVVURi04Ij4NCiAgICA8bWV0YSBu YW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFs LXNjYWxlPTEiPg0KICAgIDxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+DQogICAgICAgICNv . . .
