The mail below made it through with a whopping score of 0.782. Clearly this is spam.
Have you consider using bayes and training against these?
The static SA ruleset, while effective against a lot of spam, can't keep up with every possible mutation in spam. That's where systems like bayes, razor, pyzor and DCC step in. These systems are highly dynamic and quickly catch up to the latest trends, although they don't have the complex pattern recognition that a static-regex rule has.
Also, what's the best way to post these mails when they make it through? Via a website?
Have you considered reading the FAQ in the wiki?
http://wiki.apache.org/spamassassin/DoYouWantMySpam
