In a message of Fri, 03 Feb 2017 10:57:05 +0000, Ralph Corderoy writes:
Hi,
I've noticed an increase in spam I get over the last couple of months.
I normally get quite a bit, but it shot up for a good few weeks and has
only recently come back down as, presumably, the bullet found its home.
But what struck me as odd is the vast bulk of the spam received has a
MIME boundary that starts "_av-".
Content-Type: multipart/alternative; boundary="_av-Pq8nHjSyZNgotR7Q4uzLwA"
I've looked for this in my ham, but don't find any, e.g.
pick --content-type _av-
Presumably, some PHP email library beloved by spammers slaps on such a
boundary for if it were the spam-producing software itself it would make
detection rather trivial in most cases.
So, my off-topic question is does anyone here have an idea what produces
_av-, perhaps by having ham with a Mailer, etc. I've tried the various
code-search engines, but they're all useless; electing to ignore and
not index characters in "=-+_...". Russ Cox's Google Code Search is
much missed.
--
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy
I have piles and piles of legitimate mail from Patreon that use this boundary
marker. Want me to send you some?
Laura
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers