We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How can I block messages with encoded subjects

  • 4 replies
  • 2 have this problem
  • 19 views
  • Last reply by RealMaguff

more options

A lot of the SPAM I get bypasses my normal rules by encoding the subject in UTF-8 - for example, the Subject "Military Grade Pen" is listed this way in the message source: Subject: =?utf-8?B?TWls0ZZ0YXJ5IEdyYWRlIFBlbiBOb3cgQXZh0ZZsYWJsZSB0byBQdWJs0ZZjIA==?=

And because of this, trying to block "Military Grade" or "?utf-8" in the Subject fails.

Is there any way to block all messages with an encoded Subject header?

A lot of the SPAM I get bypasses my normal rules by encoding the subject in UTF-8 - for example, the Subject "Military Grade Pen" is listed this way in the message source: Subject: =?utf-8?B?TWls0ZZ0YXJ5IEdyYWRlIFBlbiBOb3cgQXZh0ZZsYWJsZSB0byBQdWJs0ZZjIA==?= And because of this, trying to block "Military Grade" or "?utf-8" in the Subject fails. Is there any way to block all messages with an encoded Subject header?

Chosen solution

I get legitimate email using utf-8 in the subject line, so for some of us your simplistic "utf-8 == bad" association just doesn't work.

There are two add-ons, FiltaQuilla or Expression Search that I think will add regular expression tools to your filters, and these can be used to parse the subject line to detect non-ansii characters. I don't have a worked example here, but I have set up a filter just to tag incoming messages in order to assess how common the use of utf-8 in subjects is. My conclusion is that utf-8 is here to stay and I fully expect its use to become more widespread. I've also tried to reassure users that images appearing in the subject line are not carefully crafted malware, but just selected utf-8/unicode characters.

I'd also add in support of the previous comment that IMHO you are wasting your time trying to create filters for this.

Read this answer in context 👍 0

All Replies (4)

more options

Fighting spam with static filters is a battle you can't win. It is therefore recommended to use the Thunderbird built-in junk mail controls. Alternatively make use of your email providers spam filter. http://kb.mozillazine.org/Junk_Mail_Controls

more options

Thunderbird's built-in junk controls are useless in this scenario, and I have SPAM filtering with my provider that catches most of it. The messages I'm trying to block are coming from a different domain/IP address every time (botnet I assume). This junk all has encoded Subjects to get past keyword filters, but all of the other mail I receive regularly has a plain-text Subject header - so my question still stands.

more options

Chosen Solution

I get legitimate email using utf-8 in the subject line, so for some of us your simplistic "utf-8 == bad" association just doesn't work.

There are two add-ons, FiltaQuilla or Expression Search that I think will add regular expression tools to your filters, and these can be used to parse the subject line to detect non-ansii characters. I don't have a worked example here, but I have set up a filter just to tag incoming messages in order to assess how common the use of utf-8 in subjects is. My conclusion is that utf-8 is here to stay and I fully expect its use to become more widespread. I've also tried to reassure users that images appearing in the subject line are not carefully crafted malware, but just selected utf-8/unicode characters.

I'd also add in support of the previous comment that IMHO you are wasting your time trying to create filters for this.

more options

Zenos thanks - a Regular Expression filter should work for what I need. I know that trying to filter keywords seems futile, but this is a very specific scenario I'm working on where I get the same 5 or 6 subjects practically daily. Being able to filter with RegEx will help.