Unfortunately that is not the case.
The length in characters of the "tags" is variable.
The character base seems to be a..zA..Z0-9 for the most part.
The order of characters is random. Sometimes they look to be random dictionary words.
The location of the insert within words is random. The same spam from the same company on the same day is actually unique on each sending.
One email will have:
another will have:asked me about a ne<jkdwe>w home pur</mFKEWEk>chase
and as in the example given first:aske<DFIkdjfd>d me about a new ho</Dklje>me purchase
The spam generator seems to take a standard message then insert madeup tags at random.asked me about a n<KRRAXH>ew home purcha</SZLNG>se
I am guessing they are using <string> ... </anotherstring> pairs to avoid an existing filter.
In actual fact, anything that will match the sentence given without also including legit html and legit xml will probabaly work. That is anything other than matching the exact phase as given.
In all honesty it hadn't occured to me that someone would think I meant the phrase as given. I'll be more explicit next time.
If you think further and more complete examples would be helpful I can send some along.
This is very elusive spam. Especially since it is coming from hacked computers -- hence the return smtp is legit, the ISPs are not on any blacklist so the email envelope is of no help. At least until the poor schmuck who's computer was owned is blacklisted or blocked.
In reply to Re^2: regex help or pointer to module needed
by Xxaxx
in thread regex help or pointer to module needed
by Xxaxx
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |