|
|
|
|
|
|
by khaki54
1235 days ago
|
|
|
It seems like they string together a whole bunch of evasions. 1. insert a bunch of antispam headers like they've been "ok'd" by microsoft 2. Large sections of the decoded message are in french, sometimes even if the message appears to be russian 3. They pass DKIM 4. All the links use URL shorteners, but that contain unencoded special characters that probably break any attempt at following the links 5. I think this is the key one: they seem to base64 encode sections of the emails, but mark them as hex. So perhaps the browser / mail client can render despite the error but the spam detector has a more strict interpretation and it just looks like junk and gives up. 6. Some of these you can't actually even filter against because the searchable text (pre decode) is near minimal and there is nothing to key off of. |
|
|