Bret Miller wrote:
Hello, I was wondering if there is a way to write a rule for
HTML source code contained in an email. I am getting many of
these "Buy This Stock" emails and I am finding that the
pictures contained in them all have a portion of a line of
source that says...
src="cid:
Thanks in advance for any help anyone may be able to provide.
So does every message sent from Outlook that includes an image. I'd
suspect that you'd end up rejecting a lot of legitimate e-mail, unless
no one that sends you e-mail uses Outlook or Outlook Express...
Bret
I have a few legit messages that are scoring over 5.0 due to SARE_STOCKS
and the TVD rules to catch stocks, and this is after ALL_TRUSTED has
done its work to reduce the score. These messages of course have inline
images and are being sent via Outlook Express. Some of the scores on
those rules are over 2.0. I have started to reduce the scores, as the
stock messages I get usually have header problems and hit on Razor as
well. I've seen legit messages fire the MY_CID set of rules enough to
rack up a score of over 7.0 from those rules alone.
