Why is Betting Site Spam - Immune to filtering?

Forum for MailWasher Pro 7 and/or older 2011/2012 versions.
Didz
Mystified Moa
Posts: 6
Joined: Sun Feb 05, 2012 2:13 am

Why is Betting Site Spam - Immune to filtering?

Fri Sep 09, 2022 7:29 pm

The title says it all.

No matter how often I mark emails from betting sites as unwanted garbage in my Mailwasher I find that the next morning I have another rash of emails from 888casino.dot,handusyourwages.com These sites just seem immune to the Mailwasher filtering system and i wonder why? and how? they were doing it. It kind of makes a mockery of the whole purpose of mailwasher and is of course very dangerous for those who may have a gambling additction and serious need to be able to filter out the drug dealers from their inbox.
User avatar
rusticdog
Firetrust Monkey
Posts: 15864
Joined: Mon Jun 13, 2005 6:27 pm

Re: Why is Betting Site Spam - Immune to filtering?

Fri Sep 09, 2022 9:44 pm

Tricky one without seeing the emails. Are these emails getting tagged as Good in MailWasher ?


In MailWasher make sure under Settings >> General >> Checking Mail >> the spam throttle is set to 500 lines.
User avatar
AlphaCentauri
Guardian Gecko
Contact:
Posts: 362
Joined: Thu Jul 24, 2008 3:39 pm

Re: Why is Betting Site Spam - Immune to filtering?

Wed Oct 19, 2022 2:49 pm

I would start with opening "Show email info" and the "source" tab.

Often things that are missed by filters are either: 1. Full of meaningless html tags going on for dozens of lines at the top, so that the portion of email downloaded for filtering doesn't include the meat of the email or 2. being sent in something other than plain text, typically base64 code.

You can't do much if the domain name you're filtering for isn't actually in the portion of email Mailwasher downloads, But as far as base64 emails, if you really want to filter for them, you can figure out the base64 code for the string you want:

base64encode[dot]org

However, base64 encoding runs all your text together (including the numeric codes for spaces and line breaks) and breaks them up in a different length, so one character in plain text won't match a single Base64 code. It depends on the letters before and after.

TL;DR, you need to encode each string three ways, then leave off the front and end characters so you will pick up the string no matter what words come before or after it in the email.
For instance
888casino.dot
encodes as
ODg4Y2FzaW5vLmRvdA==

Put one space in front and
888casino.dot
encodes as
IDg4OGNhc2luby5kb3Q=

Put two spaces in front and
888casino.dot
encodes as
ICA4ODhjYXNpbm8uZG90

(notice that the last one has an even number of characters for the code, so there are no placeholder = signs at the end)

So you want to encode all three, but cut off the front and back letters, since you won't have the = signs unless it's the last word in the text, and the front letters won't be the same unless there are blank spaces in front.

Your Regex filter would look for
4Y2FzaW5vLmRvd|4OGNhc2luby5kb|4ODhjYXNpbm8uZ

in order to find that domain name no matter what words come before or after

Return to “MailWasher Pro 7”