This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What does Regular Expression see and its capability?

I want to be able to use a regular expression to block spam we get. The problem I have is that the spammer is using  a UTF-8 base 64 encoding method in the Subject area and From area. The emails seem to slip by because the subject and from is utf-8.


1. Does Regular Express see the email headers before or after the translation of UTF-8 Encoding?

2.Can I make a Regular Express to filter subject and From lines in the Header to filter out encoded in UTF-8?

The UTF-8 decoded in Subject is "RE: Your mailbox is running out of data storage kindly update your mailbox to avoid email loss"

and From is "Webmaster Support"

3. has anyone have a defense to this?

Example below. (blocked my address with

Received: from ( by ( with Microsoft SMTP Server (TLS) id
14.3.498.0; Fri, 14 May 2021 05:43:12 -0700
Received: from ([]:53768) by with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from
<>) id 1lhX9p-0001UO-0l for
me@domaincom; Fri, 14 May 2021 05:43:09 -0700
Received: from dtc by with local (Exim
4.94.2) (envelope-from <>) id
1lhX9n-0002cQ-At for; Fri, 14 May 2021 20:43:07
X-CTCH-RefID: str=0001.0A702F1B.609E705D.0005,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
To: <>
Subject: =?UTF-8?B?WW91ciBtYWlsYm94IGlzIHJ1bm5pbmcgb3V0IG9mIGRhdGEgc3RvcmFnZSBraW5kbHkgdXBkYXRlIHlvdXIgbWFpbGJveCB0byBhdm9pZCBlbWFpbCBsb3Nz?=
X-PHP-Script: for
X-PHP-Originating-Script: 1006:alexusMailer_v2.0.php
From: =?UTF-8?B?V2VibWFzdGVyIFN1cHBvcnQ=?= <>
MIME-Version: 1.0;
Content-Type: multipart/mixed; boundary="--w3TfW1QSbT"
Message-ID: <>
Date: Fri, 14 May 2021 20:43:07 +0800
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [1006 993] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-Get-Message-Sender-Via: authenticated_id: dtc/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: dtc
X-Source-Args: php-fpm: pool aimfs_digitstrading_ph
X-MS-Exchange-Organization-AuthSource: SERVER1.domain.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-Antispam-Report: IPOnAllowList
X-MS-Exchange-Organization-SCL: -1
X-Auto-Response-Suppress: DR, OOF, AutoReply

This thread was automatically locked due to age.