Who’s Who spam

UPDATE August 2016:

Obviously non-US email senders/subjects may use UTF-8 encoding, so there’s a risk here. Personally this doesn’t affect my server or business, so the rule below was doing well for me. However, legitimate mail services (looking at you, Paperless Post) are sending emails with UTF-8 encoding on the subject line.

I scanned my mail logs and since I’ve set up greylisting and a few additional RBLs, I haven’t seen any UTF-8 spam in awhile, so I’m going to turn this rule off and see how things go. It was fun while it lasted, but at this point I think the rule is too draconian even for US-only email systems.


ORIGINAL POST:

Getting lots of Who’s Who spam? They have a new trick; they are sending messages with UTF-8 encoding, which you can’t see unless you go into the server and really look at the mail or if you look at the subject field in the message headers.

In much the same way as we blocked Rick’s “I am a china based imaging” spam, we use a similar rule in Postfix’ header_checks to block messages with a UTF-8 subject line:

/^Subject: .*\?utf-8\?B\?.*/ REJECT Please do not use UTF-8 encoding to send mail here.

This will prevent them from getting through. Nobody else I know with legit mail uses UTF-8 encoded subject lines, so hopefully good riddance until they find the next thing to use.