jdow wrote: > > One that made it through here had no URLs in the body, a LOT of HTML > formatting, and hit HTML_IMAGE_RATIO_06, a very low scoring rule. > The HTML formatting is excessive use of this long string for > individually formatting small chunks of text which are then covered > by the enclosed Base64 image: > <p class=3DMsoNormal><font size=3D2 face=3DArial> > <span lang=3DEN-US = style=3D'font-size:10.0pt;font-family:Arial'> > > That can probably lead to some tests. > > I also noticed here that HTML_IMAGE_RATIO_06 hit 0.3 percent spam > and 0.0 percent ham, here. So I bumped its score up a little. I expect > that to be safe here. YMMV. > > That is the only spam that has broken through in a VERY long time. > Yes, if we're talking about the same spam, the one with that string started only recently here. They score between 7 and 15 points due to network-tests, but are since an hour ago being discarded because luckily they contain several unique strings..
Regards Menno van Bennekom -- View this message in context: http://www.nabble.com/Image-spams-getting-thru-tf2014839.html#a5589996 Sent from the SpamAssassin - Users forum at Nabble.com.