On 12/14/2015 09:32 PM, John Hardin wrote:
All:Any objection to promoting __CT_ENCRYPTED and ENCRYPTED_MESSAGE out of the sandbox to permanent rules, and giving ENCRYPTED_MESSAGE a negative (nice) score (say, -1)? I think that's fairly safe to do, as I doubt a spammer would impose the overhead of decryption on their victims, and I'm not sure exactly how well sandbox+masscheck works for "nice" rules.
-1 Too easy to forge such mime headers.
