Spamassassin produces a numeric rating for for an email based on
multiple rules. Legitimate email can easily get a rating of 3 or 4
based on the way you have it configured. I've seen double digit ratings
as well. If you check for a single digit, you may be filtering
legitimate emails that
One thing *I* have discovered is that "bogus" messages (eg phishing, etc.
spam), often have various envlope headers that give them away. One is a
"Reveived: " from a mail server with no reverse DNS ('Reveived: from ...
(unknown [ddd.ddd.ddd.ddd])', so a spam filter rule like this:
"Received: