Jump to content


Photo

Content filters to catch unfilterable spam


  • This topic is locked This topic is locked
3 replies to this topic

#1 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 353 posts

Posted 03 May 2017 - 03:08 PM

This area will have in it helpful content filters to stop difficult to impossible spam to catch via normal spam filtering methods.

Content filters can be a very powerful tool to stop spam coming into your system.

Below are filters that Barracuda techs and customers have come up with to block this spam

Using these filters is at your own risk and you should ensure that they are not catching any legitimate mail.

Sincerely,


Michael Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300


#2 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 353 posts

Posted 03 May 2017 - 03:13 PM

there is a spammer that has discovered a way to generate spam that continues to grow in size until its size causes it to bypass our spam scoring. Barracuda is looking into new ways to filter this mail but until then here are three content filters you can use.

This is a Headed content filter

   (from.?:.*<contact@|from.?:\s?contact@)

These are Body Content filters

   <CENTER><a href=\"http:\/\/\d+\.\d+\.\d+\.\d

   ((\/\/\/\/\/\/|\(\(\(\(\(\(\()|(\(\(\(\(\(\(\(|\/\/\/\/\/\/))(.*\n){10}


Michael Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300


#3 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 353 posts

Posted 03 May 2017 - 03:19 PM

A new Google Docs phishing spam has been discovered. You can read more about it here
 

https://www.reddit.com/r/google/comments/692cr4/new_google_docs_phishing_scam_almost_undetectable/?st=j29dcwbe&sh=13b51198

one  thing that appears consistent in the spam is the TO address in the header (not actually the recipient)

   hhhhhhhhhhhhhhhh@mailinator.com

 

Here is a Header filter that will catch this address

 

   to.?:.?h{1,+}\@mailinator\.com


Michael Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300


#4 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 353 posts

Posted 03 May 2017 - 03:39 PM

If you only want to receive email with specific characters in the body of the message here are some content filters you can add

If you only want to receive mail using latin based characters you might add this filte

   [^[:ascii:]\p{Latin}\pCc\pCf\pM\pZ\pP\pS]{4}

This will allow up to 4 non-latin characters in a row (to allow thinks like emoji's) but will catch any non-latin string over 4 characters (no spaces)

Here is a list of filters you can add to catch specific character classes which you can set to allow of block

   [\p{Cyrillic}]{4}

 

   [\p{Han}]{4}

 

   [\p{Arabic}]{4}

 

   [\p{Hiragana}]{4}

 

   [\p{Katakana}]{4}

 

   [\p{Latin}]{4}
 


Michael Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300