FractalBob wrote:
> Sure, they do spoof, but one could write a script that pokes around the
> message content, looking for a URL or signature and use that instead.
> I found some rulesets, 70_sare_evilnum*.cf, that seem to do what I want, but
> I don't know how to use them; documentation is scarce for SpamAssassin. Does
> anyone know what these files are and how to use them?

these are SARE rules

and chose which rules you want to use.

Then use sa-update to download them (periodically):

for more docs, check