It's properly formed. Compare the plaintext part to the HTML part, note that the base64 block is QP'd base64, and note that there's some more QP spam pitch text after the base64 block.
Ah. I completely missed the division boundary a third of the way thru, or for that matter the pdf attachment at the end.
I fairly commonly see plaintext versions that include some of the hidden or small-font obfuscation from the HTML part. My assumption is there is some tool that generates the plaintext from the spam-built HTML and does a suboptimal rendering job. I'm guessing this isn't generally a problem since I think most mail programs suppress the plaintext part when there is an HTML part present.
