On 28-Feb-10 17:25, David B Funk wrote:
I'm seeing a spate of PayPal/bank phishes that use an html attachment
(base-64 encoded) as the vehicle for the payload.
SPF!
<runs; ducking, shucking, and weaving>
Is there any way to get SA to treat that attachment as text to feed to
the rule engine?
Your best bet is to check if mail claiming to be from paypal is, in
fact, from paypal. Without checking SPF, you can at least check if the
server sending the mail is a paypal server using just header checks.
If you search the archives for paypal ebay you should find a few
solutions on how to deal with these.
--
Seeing, contrary to popular wisdom, isn't believing. It's where belief
stops, because it isn't needed any more. --Pyramids
