Geoff Soper wrote to [EMAIL PROTECTED]:
I think the thread has gone in the wrong direction slightly. I'm not
worried about embedded images as such, I'm concerned with embedded
images where the image isn't part of the message, i.e. the image is
sourced from the web. I think only spam and solicited commercial
e-mail would do this.
Corpus test?
Any solicited commercial e-mail comes to an address other than my
personal address, I make up a unique and identifiable address whenever
a organisation or company asks for my address. Hence I think I can
safely class anything containing '<img="http://' and addressed to my
personal address as spam.
Well, if it's just your personal email, then who cares? :-)
I used the following (not optimal) rule:
rawbody IMG_HTTP /\<\s*img\s*src\s*=\s*['\"]?http/i
describe IMG_HTTP BODY: Contains external image link
score IMG_HTTP 0.237
%OVERALL %SPAM %HAM S/O SCORE RULE
3308 1319 1989 0 0 (Raw message count)
8.31318 14.70811 4.07240 0.705 0.237 IMG_HTTP
I think if my personal contacts send me attached pictures or use
'stationary' then the image might be embedded in HTML but won't use
'http://' as the image is local. I was asking if anyone can see why
this assumption might be unwise.
Yes, your assumption might be unwise. :-)
Test it on your own mail, but I wouldn't give this more than about 0.2
points.
- Ryan
--
Ryan Thompson <[EMAIL PROTECTED]>
SaskNow Technologies - http://www.sasknow.com
901-1st Avenue North - Saskatoon, SK - S7K 1Y4
Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon
Toll-Free: 877-727-5669 (877-SASKNOW) North America
