“X-Mailer: RLSP Mailer” appears to be a highly reliable indicator for spam, at least judging by the 250 or so messages i’ve gotten with that header in the last several months, which appear to all be variants of lottery and 419 spam. one place it comes up in a google search is the source for myphpnuke. i wonder if there’s a connection.
that reminds me: i should start using the spamassassin backport, to join the world of spamassassin 3.0. something to add to the list of things to play with over the long holiday weekend.
I once did some similar research and noticed that spammers tend to use really strange X-Mailer identifications from time to time:
embeddable crestfallen, ekstrom beijing justiciable, ejpmdg opixsf pysode, drunken headwater, divergent scrimmage mansfield, bridegroom greenwood
Just to name a few ...