> I am trying to write a rule that helps catch phishing emails. These emails > do NOT have any url spoofing in them. They are pure and simple social > engineering.
Thanks for all the replies. I needed to use rawbody as was pointed out. The beta rule to try and catch phishing emails is up now in http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf Feedback appreciated and it has a low score of 1.0 until I confirm more about FPs. Regards, KAM
