The title says it all.
No matter how often I mark emails from betting sites as unwanted garbage in my Mailwasher I find that the next morning I have another rash of emails from 888casino.dot,handusyourwages.com These sites just seem immune to the Mailwasher filtering system and i wonder why? and how? they were doing it. It kind of makes a mockery of the whole purpose of mailwasher and is of course very dangerous for those who may have a gambling additction and serious need to be able to filter out the drug dealers from their inbox.
Why is Betting Site Spam - Immune to filtering?
- rusticdog
- Firetrust Monkey
Post
Re: Why is Betting Site Spam - Immune to filtering?
Tricky one without seeing the emails. Are these emails getting tagged as Good in MailWasher ?
In MailWasher make sure under Settings >> General >> Checking Mail >> the spam throttle is set to 500 lines.
In MailWasher make sure under Settings >> General >> Checking Mail >> the spam throttle is set to 500 lines.
- AlphaCentauri
- Guardian Gecko
- Contact:
Post
Re: Why is Betting Site Spam - Immune to filtering?
I would start with opening "Show email info" and the "source" tab.
Often things that are missed by filters are either: 1. Full of meaningless html tags going on for dozens of lines at the top, so that the portion of email downloaded for filtering doesn't include the meat of the email or 2. being sent in something other than plain text, typically base64 code.
You can't do much if the domain name you're filtering for isn't actually in the portion of email Mailwasher downloads, But as far as base64 emails, if you really want to filter for them, you can figure out the base64 code for the string you want:
base64encode[dot]org
However, base64 encoding runs all your text together (including the numeric codes for spaces and line breaks) and breaks them up in a different length, so one character in plain text won't match a single Base64 code. It depends on the letters before and after.
TL;DR, you need to encode each string three ways, then leave off the front and end characters so you will pick up the string no matter what words come before or after it in the email.
For instance
888casino.dot
encodes as
ODg4Y2FzaW5vLmRvdA==
Put one space in front and
888casino.dot
encodes as
IDg4OGNhc2luby5kb3Q=
Put two spaces in front and
888casino.dot
encodes as
ICA4ODhjYXNpbm8uZG90
(notice that the last one has an even number of characters for the code, so there are no placeholder = signs at the end)
So you want to encode all three, but cut off the front and back letters, since you won't have the = signs unless it's the last word in the text, and the front letters won't be the same unless there are blank spaces in front.
Your Regex filter would look for
4Y2FzaW5vLmRvd|4OGNhc2luby5kb|4ODhjYXNpbm8uZ
in order to find that domain name no matter what words come before or after
Often things that are missed by filters are either: 1. Full of meaningless html tags going on for dozens of lines at the top, so that the portion of email downloaded for filtering doesn't include the meat of the email or 2. being sent in something other than plain text, typically base64 code.
You can't do much if the domain name you're filtering for isn't actually in the portion of email Mailwasher downloads, But as far as base64 emails, if you really want to filter for them, you can figure out the base64 code for the string you want:
base64encode[dot]org
However, base64 encoding runs all your text together (including the numeric codes for spaces and line breaks) and breaks them up in a different length, so one character in plain text won't match a single Base64 code. It depends on the letters before and after.
TL;DR, you need to encode each string three ways, then leave off the front and end characters so you will pick up the string no matter what words come before or after it in the email.
For instance
888casino.dot
encodes as
ODg4Y2FzaW5vLmRvdA==
Put one space in front and
888casino.dot
encodes as
IDg4OGNhc2luby5kb3Q=
Put two spaces in front and
888casino.dot
encodes as
ICA4ODhjYXNpbm8uZG90
(notice that the last one has an even number of characters for the code, so there are no placeholder = signs at the end)
So you want to encode all three, but cut off the front and back letters, since you won't have the = signs unless it's the last word in the text, and the front letters won't be the same unless there are blank spaces in front.
Your Regex filter would look for
4Y2FzaW5vLmRvd|4OGNhc2luby5kb|4ODhjYXNpbm8uZ
in order to find that domain name no matter what words come before or after