> It seems unlikely that spammers would forge X-Spam-Status headers that
> mark the message as being spam. Of course there are no guarantees, but
> at this stage I have little reason to disbelieve such headers.
So you would believe a 'X-Spam-Status: No, hits=0 [...]" line forged by a
spammer? Think about a script scanning for 'X-Spam-Status: No' and have a
hit on the first occurence. Might very well be the forged one. I believe
there have been reports about spammers trying that trick.
> The MUA just looks for any X-Spam-Score header which indicates that the
> message is spam.
Might, or might not. You can't tell for sure. What you can tell is that
having multiple X-Spam-Status line is different from major implementations
like qmail-scanner or amavisd-new. I guess we have to go with that.
-kju
--
It's an insane world, but i'm proud to be a part of it. -- Bill Hicks
