> Lately I've been getting spams with very low (or zero) scores, written in
> plain-text grammatical english, with no technical errors in the headers,
> clean routing chains and valid DNS records (afaik) as the originators.
Short of doing exactly what you are doing, writing highly specific rules,
then the net tests would be your friend. Almost assuredly gonzogaming.com
or whatever it is would be in SURBL at this point, and very probably the
actual sending host would be in some other RBL.
That said, I don't run net tests here, and have been having quite good luck
getting rid of this kind of junk with specific rules. The Sare folk are
quite good at that too, and the results are available for download.
This sort of thing would probably end up in the sare_specific.cf file, since
it would probably evolve fairly quickly into a meta that caught three or six
different formats of the same message.
The nice thing about random-number generated spam mails is that they have a
fairly constrained set of valid formats, and if you get any amount of spam
at all, you will probably see most of them within a week, and can make quite
specific rules that will catch the whole batch.
Loren
