[...] I've yet to meet any legit mail that's scored more than ~20 (before Bayes/RBLs/AWL), so you might want to keep the whitelist score in the -15 to -20 range, maybe a bit larger. Most FPs have been in the 5-8 range.
Just by coincidence, I got caught by 2 events:
1. Spam was sent to a normally spam-free list hosted on securityfocus.com (listed in 60_whitelist.cf) resulting in the spammer's address getting a -100/1 in AWL.
2. Non-spam was sent from a domain listed in William Stearns' blacklist.cf, resulting in THAT address getting a +100/1 in AWL.
Neither was particularly catastrophic, except for the persistence of AWL entries even after cleanup of the .cf entries. (AWL is NOT white/blacklist, except for this side effect. Confusing to say the least!)
I like AWL, but can see it's an issue with white/blacklists. Perhaps best just not to use them together? I'm not coming up with any solutions for having AWL not used if white/blacklisted either.
The blacklist score should probably be equal magnitude in case one user really REALLY *REALLY* doesn't want to receive nominally legit mail that has been globally whitelisted. I've got a few of those here. :/
Thanks for the insight into the provider-scale issues. Do you enable AWL for users?
- Bob
