After studying these spam messages, I think postfix blocking via tld is the only solution. The problem is the message is embedded in graphics with brief text regarding "if you can't view this click here". There isn't enough to trip the spam bot.
What is the simplest way to block a TLD?
