Upon Kevin's recommendation, I upgraded. Big difference. 'Though there's a bit of a retuning penalty.
I get quite a few authorize.net notifications on behalf of various ecommerce clients, and this morning I started seeing scam/spam similar to the attached. All share a common marker of embedding a text url within an HTML <a> tag containing a different URL. This seems like an obvious marker for spam, I wonder why there isn't a rule for it. Maybe this question is beyond the scope of a mail administrator. But I'm interested in the SpamAssassin internals as well. Thanks! -Jim
spamtoday.msg.gz
Description: GNU Zip compressed data
