Since the first of the year, we've seen a barrage of image spam. Some of it gets nailed by SA, but a lot of it seems to get through. Most of it has a text/plain part with random or non-sensical text. It also has a text/html part, also with random text. Then, the actual spam (usually a stock spam) is contained in a 15k-20k .gif image. I've found that many of these hit very few rules, and due to the random text, Bayes appears to be ineffective. I'm using SA 3.04, most of the SARE rules, and network tests, Razor, SURBL/URIBL. Has anyone come up with a good way to stop these?
Craig
