Hello list, For your consideration:
header __MULTIPART_RELATED Content-Type =~ /multipart\/related/ meta OE_MULTIPART_RELATED (__OE_MUA && __MULTIPART_RELATED) describe OE_MULTIPART_RELATED Possible image spam forged as from MS Outlook The false Positive rate on my corpus is 0.1%. I can't tell you about the false negative rate since I don't keep my spam (only my ham). This rule works very well on the pump-and-dump image spam that has been escaping my spamassassin installation for the last few months. Although Outlook Express is capable of generating messages with multipart/related MIME type, it only does that if the user creates an HTML message with inline images. This happens occasionally but rarely (hence the 0.1%). I expect the perceptron might give this rule a score of perhaps +0.5, which is not enough to catch the pump-and-dump image spam by itself, but works well in conjunction with Mail::SpamAssassin::Plugin::ImageInfo. Thoughts on this rule? --Ian Turner
