Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

How can I block messages with encoded subjects

  • 4 antwurd
  • 2 hawwe dit probleem
  • 19 werjeftes
  • Lêste antwurd fan RealMaguff

more options

A lot of the SPAM I get bypasses my normal rules by encoding the subject in UTF-8 - for example, the Subject "Military Grade Pen" is listed this way in the message source: Subject: =?utf-8?B?TWls0ZZ0YXJ5IEdyYWRlIFBlbiBOb3cgQXZh0ZZsYWJsZSB0byBQdWJs0ZZjIA==?=

And because of this, trying to block "Military Grade" or "?utf-8" in the Subject fails.

Is there any way to block all messages with an encoded Subject header?

A lot of the SPAM I get bypasses my normal rules by encoding the subject in UTF-8 - for example, the Subject "Military Grade Pen" is listed this way in the message source: Subject: =?utf-8?B?TWls0ZZ0YXJ5IEdyYWRlIFBlbiBOb3cgQXZh0ZZsYWJsZSB0byBQdWJs0ZZjIA==?= And because of this, trying to block "Military Grade" or "?utf-8" in the Subject fails. Is there any way to block all messages with an encoded Subject header?

Keazen oplossing

I get legitimate email using utf-8 in the subject line, so for some of us your simplistic "utf-8 == bad" association just doesn't work.

There are two add-ons, FiltaQuilla or Expression Search that I think will add regular expression tools to your filters, and these can be used to parse the subject line to detect non-ansii characters. I don't have a worked example here, but I have set up a filter just to tag incoming messages in order to assess how common the use of utf-8 in subjects is. My conclusion is that utf-8 is here to stay and I fully expect its use to become more widespread. I've also tried to reassure users that images appearing in the subject line are not carefully crafted malware, but just selected utf-8/unicode characters.

I'd also add in support of the previous comment that IMHO you are wasting your time trying to create filters for this.

Dit antwurd yn kontekst lêze 👍 0

Alle antwurden (4)

more options

Fighting spam with static filters is a battle you can't win. It is therefore recommended to use the Thunderbird built-in junk mail controls. Alternatively make use of your email providers spam filter. http://kb.mozillazine.org/Junk_Mail_Controls

more options

Thunderbird's built-in junk controls are useless in this scenario, and I have SPAM filtering with my provider that catches most of it. The messages I'm trying to block are coming from a different domain/IP address every time (botnet I assume). This junk all has encoded Subjects to get past keyword filters, but all of the other mail I receive regularly has a plain-text Subject header - so my question still stands.

more options

Keazen oplossing

I get legitimate email using utf-8 in the subject line, so for some of us your simplistic "utf-8 == bad" association just doesn't work.

There are two add-ons, FiltaQuilla or Expression Search that I think will add regular expression tools to your filters, and these can be used to parse the subject line to detect non-ansii characters. I don't have a worked example here, but I have set up a filter just to tag incoming messages in order to assess how common the use of utf-8 in subjects is. My conclusion is that utf-8 is here to stay and I fully expect its use to become more widespread. I've also tried to reassure users that images appearing in the subject line are not carefully crafted malware, but just selected utf-8/unicode characters.

I'd also add in support of the previous comment that IMHO you are wasting your time trying to create filters for this.

more options

Zenos thanks - a Regular Expression filter should work for what I need. I know that trying to filter keywords seems futile, but this is a very specific scenario I'm working on where I get the same 5 or 6 subjects practically daily. Being able to filter with RegEx will help.