How can I block messages with encoded subjects
A lot of the SPAM I get bypasses my normal rules by encoding the subject in UTF-8 - for example, the Subject "Military Grade Pen" is listed this way in the message source: Subject: =?utf-8?B?TWls0ZZ0YXJ5IEdyYWRlIFBlbiBOb3cgQXZh0ZZsYWJsZSB0byBQdWJs0ZZjIA==?=
And because of this, trying to block "Military Grade" or "?utf-8" in the Subject fails.
Is there any way to block all messages with an encoded Subject header?
Saafara biñ tànn
I get legitimate email using utf-8 in the subject line, so for some of us your simplistic "utf-8 == bad" association just doesn't work.
There are two add-ons, FiltaQuilla or Expression Search that I think will add regular expression tools to your filters, and these can be used to parse the subject line to detect non-ansii characters. I don't have a worked example here, but I have set up a filter just to tag incoming messages in order to assess how common the use of utf-8 in subjects is. My conclusion is that utf-8 is here to stay and I fully expect its use to become more widespread. I've also tried to reassure users that images appearing in the subject line are not carefully crafted malware, but just selected utf-8/unicode characters.
I'd also add in support of the previous comment that IMHO you are wasting your time trying to create filters for this.
Jàng tontu lii ci fi mu bokk 👍 0All Replies (4)
Fighting spam with static filters is a battle you can't win. It is therefore recommended to use the Thunderbird built-in junk mail controls. Alternatively make use of your email providers spam filter. http://kb.mozillazine.org/Junk_Mail_Controls
Thunderbird's built-in junk controls are useless in this scenario, and I have SPAM filtering with my provider that catches most of it. The messages I'm trying to block are coming from a different domain/IP address every time (botnet I assume). This junk all has encoded Subjects to get past keyword filters, but all of the other mail I receive regularly has a plain-text Subject header - so my question still stands.
Saafara yiñ Tànn
I get legitimate email using utf-8 in the subject line, so for some of us your simplistic "utf-8 == bad" association just doesn't work.
There are two add-ons, FiltaQuilla or Expression Search that I think will add regular expression tools to your filters, and these can be used to parse the subject line to detect non-ansii characters. I don't have a worked example here, but I have set up a filter just to tag incoming messages in order to assess how common the use of utf-8 in subjects is. My conclusion is that utf-8 is here to stay and I fully expect its use to become more widespread. I've also tried to reassure users that images appearing in the subject line are not carefully crafted malware, but just selected utf-8/unicode characters.
I'd also add in support of the previous comment that IMHO you are wasting your time trying to create filters for this.
Zenos thanks - a Regular Expression filter should work for what I need. I know that trying to filter keywords seems futile, but this is a very specific scenario I'm working on where I get the same 5 or 6 subjects practically daily. Being able to filter with RegEx will help.