Well I never received a definitive answer or even a guess. Does nobody know or do people just not using content filters? I'm getting an increased number of spam emails using HTML. In so far as I can tell these are not being filtered.

I would have thought "anywhere in message" would be able to match strings. Is there any workaround for this or am I stuck receiving blockchain airdrop crypto-currency emails every day?

I realize that it is the weekend an perhaps people are doing other things but as my original question was posted in 2023. I'm also getting HTML only spam emails on a daily basis now (my current email got onto a list it seems) I really need to find a solution. Someone surely knows (the staff I would think) whether content filtering works on or ignores HTML text.

While we are on the subject are the string comparisons case insensitive? Are these questions in the docs or an FAQ?

Sorry, but I don't know how to help you.   If you have found a bug, it needs to be handled through the support process.   What I can offer:

1)  Collect and look at the actual emails:   Is it base-64 encoded, and therefore unreadable in its encoded form?   If it is readable, does it have a line break in the middle of the text you want to use for matching?   Development needs examples of the emails that don't filter correctly before they will even attempt to find the cause.

2) Figure out the actual sender, and block them.  Determining the most responsible sender also requires close examination of the message.   Is the Mail From the address of an email service provider like SendGrid.net or ConstantContact.com, in which case the From header address is the address of the attacker?   If not, the Mail From address is likely the identity of the attacker.   Are any addresses obviously computer-generated gibberish or are they all plausible entity names?    If both addresses are plausible but fail authentication, then the responsible party may be the server organization itself, in which case I would block both the individual IP addresses and the helo or reverse dns domain (whichever is a better representative of the responsible organization.)   If the host names also cannot be verified with forward-confirmed DNS, then maybe all that you can block with confidence is the IP address.   It all depends on evaluating which identity is the one that is at fault.

3) For the long term, create a better filtering environment.  SmarterTools is in the mail processing business, which is hard.   Spam Filtering is a second very different and very difficult problem, and it is not their skill set.   Nor is it reasonable to ask them to be best at both problems.   The tools they provide are simply not adequate for the magnitude of the problem, especially as it relates to content filtering.   I use home grown tools (heavily customized Declude) for sender filtering, and a mediocre commercial product for content filtering.  I don't pretend to have the skills needed for home-grown content filtering.    The tools that I built have been several years in evolution, and they have allowed me to detect all unwanted impersonations.   But my solution still requires daily audits to fix blocked messages that should have been allowed and to a much lesser extent, allowed messages that should have been blocked.  Not everyone is willing to do that. You are in a bind right now because you have been getting by with an inadequate toolkit.   The fastest way to a quick fix is to spend some money on a vendor, but that can be expensive.    

You should definitely pursue a support ticket to see if there is a bug that needs to be fixed. 

Now I'm really confused. Mr. Foster do you work for SmarterTools or something? I'm only asking since you mentioned that you didn't know how to help me and I didn't actually request your help. Please notice that I asked a question. You haven't answered it. You weren't required to but I remain surprised that someone doesn't know "does content filtering check / work with HTML content"?

That is either Yes or No along with (perhaps) "I use it all the time" or maybe "I've noticed it doesn't match as well".

I didn't say it is a bug, I asked a question. Block the sender? Would you like your name placed on the list so you can add each unique sender to the filter? I do appreciate that you took a moment but I'm not a dope and support replies shouldn't have a "you probably don't know how to use tools" feel to them.

Meanwhile anybody else know the answer to the question?