This is an old thread but the question is still relevant (and has not been answered). I have been receiving a spate of this type of spam email message, and looking at the full message+header content I have noticed a couple of things which might help.
First, the messages are superficially similar but any links they contain are to unique and disposable domains. This type of message is borderline spam, because in most of them is a note to the effect that "you are receiving this message because you have agreed to ...." blah blah blah. Usually this is the result of being conned into filling out some online survey somewhere (watch out for anything with the name "surveymonkey" on it) or otherwise providing a contact email address to some website. It can be quite instructive, I am told, to set up a number of disposable email accounts if you do this, and then watch to see which account the spam messages are coming back through.
Second, the subject headers are often taken from a fairly restricted list. "LoveFilms" occurs in quite a few of these messages, and "iPad" is (or was) another favourite. It is possible to block messages in McAfee's Anti-Spam that contain specific words or phrases, and that's worth a try.
And third, these messages - when you examine them - nearly always contain a long list of words which look very much like passwords. I don't know what purpose those lists serve, but they look highly suspicious.
If there is one single way to block those messages I too would like to know how to do it.
One of those image-only messages came in today and McAfee correctly rated it as spam.
If you would like me to forward it to be examined, let me know.
It has the usual hallmarks : a disposable recently-registered domain, a list - shorter than usual - of ?possible passwords, and URLs with very long names.
An excerpt from the word list :-
And here is part of one of those URLs
The domain was registered recently. There is information about it the mail server at these sources -
and WhoIs information at http://whois.domaintools.com/giftdeliver.info
The operation is Delaware-based.
Message was edited by: Hayton on 27/04/12 17:30:22 IST