Hello, attached is an spam email that contains a few embedded images via <img> tag in HTML part.
SpamAssassin 3.3.1 on isnotspam.org reports these matches: 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-blockfor more information. [URIs: list-manage2.com] 1.0 DK_SIGNED DK_SIGNED 0.4 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area 0.1 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.5665] 0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 LOTS_OF_MONEY Huge... sums of money X-Spam-Status: Yes, hits=1.5 required=-20.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DK_SIGNED,HTML_IMAGE_RATIO_02,HTML_MESSAGE,LOTS_OF_MONEY, MIME_QP_LONG_LINE,URIBL_BLOCKED autolearn=no version=3.3.1 X-Spam-Score: 1.5 I was wondering if there is some rule that will match mails with many embedded images. There is already T_REMOTE_IMAGE in 72_active.cf, but with no score assigned and it also doesn't take into account the number of images in the messages. Regards Pavel Bazika
