hi all,
i've recently started analyzing my SpamAssassin scoring, looking at weighting for
messages/spam with scores already >= "15" with out-of-the-box SA.
some of our 'spammy compatriots' out there seems absolutely convinced that the way to entice
me to buy "V&*AG#$#$arrrE" in 50-gallon lots is to to wrap their massages in
MIME_BASE64.
for almost ALL of the spam that do so, SA scores them high enuf to very
effectively flag/discard. however, i notice that almost all of them ALSO show
*low* scores for the MIME rules, e.g.:
0.0 MIME_BASE64_NO_NAME RAW: base64 attachment does not have a file name
1.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
Can anyone comment as to whether it makes sense to simply score these rules to
"20-ish" as well? I naively am not aware of anyone ELSE sending me MIME
encoded messages other than a couple of in-house scripts that i whitelist.
Comments/Thoughts/insights?
Thanks!
Richard
