Near-miss (entities, ninjas, and the Brandon Wheat Kings...)

[Bob Apthorpe]

Hi,

I'm not usually one to report near-misses but I'm curious. I have a spam
that scores as:

----
Content analysis details:   (8.7 points, 6.3 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 BAYES_56               BODY: Bayesian spam probability is 56 to 60%
                            [score: 0.5724]
 0.1 HTML_FONTCOLOR_RED     BODY: HTML font color is red
 0.1 HTML_MESSAGE           BODY: HTML included in message
 0.3 HTML_FONT_BIG          BODY: HTML has a big font
 1.0 J_WEEDS_A              BODY: Decimal or Hex character encoding [Aa]
 1.0 J_WEEDS_E              BODY: Decimal or Hex character encoding [Ee]
 1.0 J_WEEDS_H              BODY: Decimal or Hex character encoding [Hh]
 1.0 J_WEEDS_R              BODY: Decimal or Hex character encoding [Rr]
 1.0 J_WEEDS_S              BODY: Decimal or Hex character encoding [Ss]
 1.0 J_WEEDS_T              BODY: Decimal or Hex character encoding [Tt]
 1.0 J_WEEDS_W              BODY: Decimal or Hex character encoding [Ww]
 1.2 PRIORITY_NO_NAME       Message has priority setting, but no X-Mailer
----

meaning it would've snuck by without the use of the Weeds ruleset (is
weeds or equivalent available via rules_du_jour anymore?) Bayes didn't
tag it, nor did the SURBL.

There's a lot of junk text, complete, normal, and irrelevant sentences
in the text/plain part; the text/html part contains tons of
numerically-encoded entities, including the following:

<A 
href="&#104;&#116;&#116;&#112;&#58;&#47;&#47;Gabriel&#46;&#111;&#101;&#109;&#45;&#108;&#105;&#99;&#101;&#110;&#115;&#101;&#100;&#45;&#115;&#111;&#102;&#116;&#46;&#98;&#105;&#122;&#47;&#63;Bob"><STRONG>&#80;&#108;&#101;&#97;y&#115;&#101;&#32;&#102;&#111;&#108;&#108;&#111;&#119;f&#32;&#104;&#101;&#114;&#101;&#32;&#110;&#111;&#119;w&#33;</STRONG></A>

which translates to:

<A href="http://Gabriel.oem-licensed-soft.biz/?Bob";><STRONG>Pleayse followf 
here noww!</STRONG></A>

Question #0: Does _anything_ render that? Why?

Question #1: Isn't there a ruleset in 2.63 (stock or SARE) that flags
such exhuberant use of entities?

Question #2: How long until *.oem-licensed-soft.biz is blackholed to
hell and back?

Question #2a: Is this a candidate for BigEvil? And if the answer to #1
is "no." then does anyone want the original for Ninja practice? (Paging
the Hockey Freak Ninja "SIEVE! SIEVE!"[1])

-- Bob

[1] My money's on the Brandon Wheat Kings even though everyone we met in
Vancouver was so nice to us - even the cops!