Hi, > Getting a bunch of these, and I'm getting very low scores, using the > latest spamassassin rules, and the most common third-party rulesets. > > Also using spamhaus, investment and other DNSBLs, but my users seem to > be getting these before the urls are making their way into those > DNSBLs. > > The subject is about various types of pills, and I do note that the > Subject line header is often in mixed case - not just the subject > itself, but even the word "subject" - it might be "SubjeCT" or > "subjeCT" or "SUBJect", but I don't see a rule for anything like this. > > There's almost always a link and then a bit of random text. > > Here are three examples: > > http://pastebin.com/ycvfX5Np > http://pastebin.com/ApdN9V0W > http://pastebin.com/bcUggrC6
+1 for these. I've seen a ton of these, and the only protection I have is a local URIBL I've built for the many new domains that haven't yet been added to the public URIBLs. Yours don't have any spamassassin/amavisd headers. How are you processing these? They typically also only BAYES_50 for me. Thanks, Alex
