Spammers have found a very simple way to trick GMail spam filters - they use Google News Alerts.

It is quite easy send spam mail using the Google Alerts service:

Goto google.com/alerts and type your (spam) message text inside the alert box. The message can be upto 256 characters long and you may also include URLs.

Enter the email address of the person you wish to spam and hit "create alert" -  GMail will never mark this message as spam even if contains words like viagra pills because it originated from a valid and known email address - googlealerts-noreply@google.com

And there's little use marking this message as Spam since the "from" address in the Google Alerts Confirmation email is owned by Google itself and therefore your "Report Spam" action is unlikely to have any effect.

If someone is new to Google Alerts, he may easily fall in the trap and click the URL which could lead him to malicious websites.

Either Google should disallow URLs in the alert text (like they do in YouTube comments) or format it in such a manner that it stays as plain text (non clickable).