On Mon, Jul 31, 2006 at 04:57:49PM -0700, Derek Harding wrote: > At my (small) site we receive very few legitimate emails that have > attached images that are referenced in the HTML of the message. It's > basically only a few droolers who decided to use an image as their sig. > Thus testing for /src\s*=\s*["']cid:/i in the rawbody of the message is > working very nicely against image spams. > > False positives on those people with image sigs are prevented by AWL, > Bayes and not scoring the test too highly. > > Is that positive enough?
Thanks for the tip. That sounds pretty effective, actually. Care to share your rule? You just gave me an idea though. I think I am going to set up a maybe-spam folder and put your rules in it. That'll keep most of these away from my INBOX and also me from deleting my spam folder without looking. Thanks, Tim
