The only thing stable in the many received from addresses used by this spammer is the word “download”.
I have been unable to create a rule that can effectively catch these spam messages. I would like a rule that simply looks for the word “download” in the received from address, or in the headers. Otherwise I am only able to copy the many full addresses being used as in @@bikein.download, @vykin.download, etc. This is a never ending arms race as the spammer just changes the words before the download domain.
The eM Client header rule requires a value and another value, “yes”, “true”, “false” etc. How would I use the header rule template to properly catch the “download” domain being used?
It would be handy to have a wild card (*) capability, such as " *.download" accepted by a rule so I could stop this spammer’s daily onslought.