Hi all, I recall some rules that were written years ago to address these, but it appears they're back. We've been hit with a few, including users actually following the link. I was hoping someone had some recommendations on how to stop them.
http://pastebin.com/zKWUUQ0Q Obviously they're coming in advance of being on an RBL or DNSBL. I was thinking to correlate the body text somehow with something that checks to see if it actually passed through Google (SPF, etc?), but that won't work for messages that were forwarded to another user... Thanks, Alex