Hi, I've asked variations of this question in the past, but I'm still not sure what to do about it. Should an email with just an image attachment, with no subject and no body be treated as spam? This is the circumstance where users are using email as a file transfer device.
There seems to be one irregularity with this email that causes it to be marked as spam: * 1.8 MIME_IMAGE_JPG contains wrong MIME type image\\/jpg but should that be enough? Here are the other spam indicators for this message where only a 9MB attachment was included: * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * 0.2 KAM_BLANKSUBJECT Message has a blank Subject * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in * 0.8 MPART_ALT_DIFF BODY: HTML and text parts are different * 1.8 MIME_IMAGE_JPG contains wrong MIME type image\\/jpg * 1.2 HTML_IMAGE_ONLY_04 BODY: HTML: images with 0-400 bytes of words * 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no * Subject: text It otherwise hit no local rules, passed SPF and DKIM as it went through gmail, and even had TXREP deduct a point. Perhaps we create a meta rule that deducts points for instances where all of these rules are hit, indicating it was just an image attachment? What are others doing here? This is with the latest SA v4 from svn.