Getting "scanned document", "pills" and stuff with a url of "blah.blah.ru"
Some of these contain something like the snippet below, apparently put in by the sender or perhaps the mail provider. ******************************* MIME-Version: 1.0 X-OriginalArrivalTime: Tue, 17 Apr 2012 05:12:23 -0300 X-SenderScore: 3 X-Envelope-From: [email protected] X-SpamScore: 3 X-VirusScore: 0 X-SpamRefID: str=0001.0A010202.4F8D34EA.0094,ss=3,sh,fgs=0 X-ForwardedBy: SJL01WMAIL08B ******************************* Would it be sane, relatively speaking, to add a rule that looks at the X-SpamScore: and/or X-SenderScore: and flag those?
