sure you are running the SARE html and adult rulesets. Then add to your
local CF:
>
> score SARE_HTML_URI_NODOT2 2.0
> score SARE_HTML_A_HIDEtst2 4.0
>
> This spammer's emails ALWAYS hit these 2 rules, so I bumped up the scores
quite a bit.
My current hits on one of these:
Content analysis details: (12.3 points, 4.6 required)
pts rule name description
---- ---------------------- ------------------------------------------------
--
2.0 FROM_MIDDLE_INIT Sender name has middle initial
0.1 HTML_MESSAGE BODY: HTML included in message
5.0 SARE_URI_EQUALS URI: Trying to hide the real URL with IE parsing
bug
0.3 SARE_HTML_URI_NODOT2 URI: URI found with no Dots
0.2 DBL_12_LETTER_FLDR DBL_12_LETTER_FLDR
1.7 SARE_HTML_A_HIDEtst2 contains HTML anchor href with = hidden
0.9 FM_NO_STYLE FM_NO_STYLE
0.3 FM_MULTI_ODD4 FM_MULTI_ODD4
1.1 FM_MULTI_ODD2 FM_MULTI_ODD2
0.3 FM_MULTI_ODD3 FM_MULTI_ODD3
0.4 FM_MULTI_ODD5 FM_MULTI_ODD5
(which is a real low-scoring spam, I'm going to have to work on some
specific rules for them.)
Loren
