I am running exchange 2003 sp2 and have IMF v2 enabled. IMF seems to be working well, however we are getting an influx of spoofed email. In particular it's the email going around with varying (legitimate looking) subject lines, but the following in the body (see sample bmp).
"We ship worldwide! To all countries! To all destinations"
I attempted to setup the custom weight XML file with body filtering enabled for the phrase above, however since the email is in html form, i think it is bypassing it. This rule is working as i sent a text email from a personal address with the phrase and it was caught, sending it to the UCEarchive folder. Any thoughts on a new xml file entry that might catch this HTML email at the gateway before hitting my user's mailboxes?
Thanks in advance!