How is this spam hiding from mutt search?

Ofer Inbar cos at aaaaa.org
Tue Feb 1 15:36:29 UTC 2022


I've been getting occasional spam recently that follows a common
pattern in the From: header.  Below is the full header section of
one of these emails, as an example:
----------------------------------------------------------------------
>From MAILER-DAEMON  Tue Feb  1 10:20:50 2022
Return-Path: <>
X-Original-To: cos at aaaaa.org
Delivered-To: cos at aaaaa.org
Received: from jybaudot.fr (unknown [109.237.96.99])
        by miplet.aaaaa.org (Postfix) with ESMTP id 22D803FDB9
        for <cos at aaaaa.org>; Tue,  1 Feb 2022 10:20:50 -0500 (EST)
MIME-Version: 1.0
From: "WeTeachSex"   <support_id:8234748 at fMkSSuVRXj.com>
Subject: =>> The #1 secret to squirting  <<==
To: cos at aaaaa.org
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset=UTF-8
Date: Tue, 01 Feb 2022 16:06:21 +0100
----------------------------------------------------------------------

One feature they all share is that "support_id:" prefix in the fake
email address.  I thought it should be easy to find them all with
~fsupport_id ... but that consistently finds nothing, even when that
message is right there in my inbox.

I tried both l~f'support_id' and /~f'support_id' and in both cases
it found nothing.  Limit gave me a blank mailbox, and / search said
"not found".

(I also tried /~fMAILER in case it would match on the envelope sender
line, but that did not find this message either)

Anyone know what might be happening here?
  -- cos


More information about the Mutt-users mailing list