Hi, Are others seeing instances whereby a spammer puts the real payload in an HTML (foo.html), plain-text part (foo.txt), Word doc (foo.doc or foo.docx) or an image (foo.png, foo.jpeg, etc) but with a MIME type of application/octet-stream ?
Would it make sense to have rules that look for commonly-known filename extensions in a MIME part of application/octet-stream and score those? I know of no legitimate MUAs that will attach a PNG images as anything other than image/png and similarly for the other filename extensions. (Apologies if there are already rules for this... I haven't checked.) Regards, David.
