multipart spam

[Chris Fortune]

Somebody has probably mentioned this already, but there seems to be a growing trend in "hard to classify" spam lately: MIME emails
with two multipart sections: text and html.  The payload of the mail is in the HTML section (consisting of images and urls), but the
text section is filled with either conversational text taken from books, etc, or -even worse- authentic "ham" e-mails, obviously
sampled from somebody's sent folder.  The result is a very low bogosity score.  Other than registering each and every one of these
mails, then retraining the wordlist, any suggestions?

I guess this could also be the beginning of a thread about de-obsfucation.  Any open source MIME de-obsfucators out there?  POPFile
looks good, but it will be a chore to extract that code from the class libraries.



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.786 / Virus Database: 532 - Release Date: 10/29/2004