Martin Gregorie wrote: > I just received medspam with a new approach I've not seen before. > Both the subject and the plaintext body contain gibberish with the > payload (an advertising phrase and web URL) travelling as the > personal name part of the sender's address. I have no idea whether > the sender's address was forged. Fortunately this stuff is trivial > to spot and flag as spam by a simple extension of existing private > rules. > > Has anybody else seen this format yet?
Yes. I reported it to SpamCop, Razor, et al. and wrote two rules for it that for my sandbox last night. http://ruleqa.spamassassin.org/20100126/?rule=/FROM_W&srcpath=khop Either it's too new or it's just not worthwhile to check for. We'll see.
