I probably switched from Scott's methodologies very early on, requiring a message to fail BADHEADERS, SPAMHEADERS (combined score of 8) plus at least one other test before it gets rejected with a score of 10. This actually still works pretty reliably and allows a lot of the poorly configured automated stuff get through. If I failed on just those two tests, I would false reject more than double the rate that I am now (like Scott said, this is based on the types of customers I have and where they get their E-mail from).
The reason why I changed the methodology was because I noticed early on that almost all E-mail that failed BADHEADERS also fails SPAMHEADERS, so I'm essentially treating those two tests as one with the lower scoring on each.
Matt
Marc Catuogno wrote:
It's a shame because I was catching a great deal more spam, but I may have to back off on the weight of this test. This looks like a log file that one guy has e-mailed from a D-link router. Why don't companies have this stuff compliant..... sigh....
Received: from DI-604 [65.41.30.4] by mail.prudentialrand.com (SMTPD32-7.15) id A52966300A0; Wed, 27 Aug 2003 11:58:33 -0400 From: [EMAIL PROTECTED] Subject: [SPAM]DI-604 Log Sender: DI-604 To: [EMAIL PROTECTED] Message-Id: <[EMAIL PROTECTED]> X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [c020020c]. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [c020020c]. X-RBL-Warning: WEIGHT10: Weight of 22 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [65.41.30.4] X-Declude-Spoolname: Dd529066300a0a1b4.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS, IPNOTINMX, SPAMHEADERS, NOLEGITCONTENT
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
